[Shodan] Update custom query contract

Megafredo · Megafredo · commit 08cc81e4eddd · 2026-02-27T16:06:49.000+01:00
diff --git a/shodan/README.md b/shodan/README.md
@@ -266,12 +266,13 @@ Direct values separated by commas or spaces between IP addresses or hostnames ar
     | Hostname     | Yes         | /                                                                                   |
     | Organization | No          | If empty, the hostname value is used.                                               |
 
-- Custom Query (Endpoint: `your custom endpoint`)
-    -  See the Shodan documentation: https://developer.shodan.io/api
+- Custom Query (Search Shodan Endpoint: `/shodan/host/search` + your custom query)
+    - You can find all available filters here: https://beta.shodan.io/search/filters
+    -  Note that spaces and commas are important. You must use the same formatting as in the Shodan search bar.
+      - `Spaces = AND` / `Commas = OR`
 
     | Field        | Mandatory | Default / Notes                         |
     |--------------|-----------|-----------------------------------------|
-    | HTTP Method  | Yes       | `GET` (choices: GET, POST, PUT, DELETE) |
     | Custom Query | Yes       | /                                       |
 
 - CVE Enumeration (Search Shodan Endpoint: `/shodan/host/search`)
diff --git a/shodan/shodan/contracts/custom_query/contract.py b/shodan/shodan/contracts/custom_query/contract.py
@@ -131,21 +131,6 @@ def contract_with_specific_fields(
         manual_target_selector = [target_selector_field.MANUAL.key]
 
         specific_fields = [
-            ContractSelect(
-                key="http_method",
-                label="HTTP Method",
-                defaultValue=["get"],
-                choices={
-                    "get": "GET",
-                    "post": "POST",
-                    "put": "PUT",
-                    "delete": "DELETE",
-                },
-                **cls._build_conditions(
-                    source_selector=source_selector_key,
-                    target_selector=manual_target_selector,
-                ),
-            ),
             ContractText(
                 key="custom_query",
                 label="Custom Query",
diff --git a/shodan/shodan/models/normalize_input_data.py b/shodan/shodan/models/normalize_input_data.py
@@ -54,7 +54,6 @@ def parse_vulnerability(cls, values):
 
 class CustomQuery(InjectContent):
     contract: Literal["custom_query"]
-    http_method: str
     custom_query: str
 
 
diff --git a/shodan/shodan/services/client_api.py b/shodan/shodan/services/client_api.py
@@ -133,7 +133,6 @@ def _process_request(
         request_api: ShodanRestAPI | None,
         filters_template: dict[str, FilterDefinition] | None = None,
         is_custom_query: bool = False,
-        http_method_custom_query: str | None = None,
     ) -> Union[dict[str, Any], Any]:
         """Sends a request to Shodan for the given targets and filters, handling retries and errors.
         This method constructs the query URL, applies optional filters, encodes it, and calls "_request_data".
@@ -143,26 +142,22 @@ def _process_request(
             request_api (ShodanRestAPI | None): The API endpoint definition to use.
             filters_template (dict[str, FilterDefinition] | None): Optional filters to apply to the query.
             is_custom_query (bool): Whether this is a custom query bypassing standard contract endpoints.
-            http_method_custom_query (str | None): HTTP method to use for a custom query.
 
         Returns:
              Union[dict[str, Any], Any]: Either a structured dictionary with targets and results, or the raw API
                 response for special queries.
         """
 
-        targets = [raw_input] if is_custom_query else raw_input
-        http_method = (
-            http_method_custom_query
-            if is_custom_query
-            else request_api.value.http_method
-        )
-        endpoint_template = raw_input if is_custom_query else request_api.value.endpoint
+        targets = raw_input
+        http_method = request_api.value.http_method
+
+        endpoint_template = request_api.value.endpoint
 
         result = None
         results = []
         for target in targets:
             new_endpoint = endpoint_template
-            query_params = None
+            query_params = target if is_custom_query else None
             encoded_for_shodan = None
 
             if filters_template:
@@ -305,12 +300,12 @@ def _execute_contract(
             resolved_targets = getattr(inject_content, target_field, None)
 
             if inject_content.contract == "custom_query":
+                resolved_targets = [f"query={inject_content.custom_query}"]
+
                 return self._process_request(
-                    raw_input=inject_content.custom_query,
-                    request_api=None,
-                    filters_template=None,
+                    raw_input=resolved_targets,
+                    request_api=ShodanRestAPI.SEARCH_SHODAN,
                     is_custom_query=True,
-                    http_method_custom_query=inject_content.http_method,
                 )
         else:
             target_property_selector = inject_content.target_property_selector
