forked from torque59/Nosql-Exploitation-Framework
-
Notifications
You must be signed in to change notification settings - Fork 5
/
coreconfigure.py
229 lines (200 loc) · 7.13 KB
/
coreconfigure.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
#!/usr/bin/python
# Core Configuration File For Commands and Options
import sys
import logging
from sniff import sniffredis
from sniff import sniffmongo
from sniff import sniffcouch
from termcolor import colored
from dbattacks import mongoattacks
from dbattacks import couchattacks
from dbattacks import redisattacks
from dbattacks import hbaseattacks
from dbattacks import cassattacks
from dbattacks import utils
import webattacks
logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
logging.getLogger("ctype.runtime").setLevel(logging.ERROR)
def Config(args):
mas = False
paramcheck = []
specify_params = []
available = ['mongo', 'couch', 'redis']
post_status = False
target = args['ip']
port = args['port']
url = args['webapp']
seldb = args['enum']
filename = args['file']
try:
# Checks whether Host is up
if args['ip']:
utils.host_up(target)
# Credentials
screen = args['screen'] if args['screen'] else False
creds = args['auth'] if args['auth'] else False
authall = args['authall'] if args['authall'] else False
mass = args['mass'] if args['mass'] else False
db = args['db'] if args['db'] else 'admin'
column_select = args['c'] if args['c'] else False
dump = True if args['dump'] else False
post_status = True if args['post'] else False
limit = int(args['limit']) if args['limit'] else 0
write = args['write'] if args['write'] else False
# Scan for General DB Targets
if args['scan']:
utils.scan_target(target)
# Web Attacks
# This is argument is not working correctly - Need to fix - th3r3p0
# if args['url']:
# seldb=args['webapp'] if args['webapp'] else False
# if seldb == 'mongo':
# filename=['payload/js_inject.txt','payload/js_time']
# Dictionary Attacks
if args['dict']:
seldb = args['dict']
if args['file']:
if seldb == 'mongo':
if args['port'] or args['db']:
pass
else:
port = 27017
db = 'admin'
# mongoattacks.mongo_web_interface(target,port,creds,screen)
mongoattacks.dict_mongo(filename, target, port, db)
elif seldb == 'couch':
if args['port']:
pass
else:
port = 5984
couchattacks.dict_couch(filename, target, port)
elif seldb == 'redis':
if args['port']:
pass
else:
port = 6379
redisattacks.dict_redis(filename, target, port)
else:
print colored("[-] Specify File Name", 'red')
# Enumeration Check
if args['enum']:
seldb = args['enum']
if seldb == 'mongo':
if port:
pass
else:
port = 27017
# mongo_web_scan(target)
try:
conn = mongoattacks.mongo_conn(target, port, mass)
mongoattacks.mongo_enum(
conn, creds, authall, db, column_select, dump, limit, write)
except Exception as e:
print colored(e, 'red')
elif seldb == 'couch':
if port:
pass
else:
port = 5984
try:
# print post_status
if db == 'admin':
db = ""
couch = couchattacks.couch_conn(target, port)
couchattacks.couch_enum(
couch, target, port, creds, db, column_select, post_status)
except Exception:
print Exception
print colored("[-] Enumeration Failed \n", 'red')
elif seldb == 'redis':
if port:
pass
else:
port = 6379
try:
r_server = redisattacks.redis_conn(target, port)
redisattacks.redis_enum(r_server, creds)
except Exception:
print colored(e, 'red')
elif seldb == 'cassandra':
if port:
pass
else:
port = 9160
creds = False
if db == 'admin':
db = False
cassattacks.cassa_enum(target, port, db, dump)
elif seldb == 'hbase':
if port:
pass
else:
port = 8080
hbaseattacks.hbase_enum(port)
else:
print colored("[-] No Support for the Specified DB", 'red')
# Mass Scan Settings
if args['mass'] in available:
select = args['mass']
if args['file']:
mas = True
mass_scan(args['mass'], args['file'])
else:
print colored("[-] Plse specify File name \n", 'red')
# Database Select (Currently available for Mongo,Couch)
if args['db']:
db_select = args['db']
column_select = args['c']
else:
db_select = ""
if args['post'] == 'enable':
post_status = True
if args['param']:
paramcheck = args['param']
specify_params = paramcheck.split(',')
else:
pass
specify_params = args['param']
# Scans for WebAPP Attacks
if args['webapp']:
webattacks.nosqlweb.attack(url)
# Redis DOS (2.6+)
if args['exhaust']:
if port:
pass
else:
port = 6379
redisattacks.redis_exhaust(target, port)
# Redis RCE Check
if args['remotecheck']:
if port:
pass
else:
port = 6379
redisattacks.redis_rce(target, port)
# Redis File Enumeration Check
if args['filecheck']:
filename = args['filecheck']
if port:
pass
else:
port = 6379
redisattacks.redis_file_enum(target, filename, port, creds)
# Shodan IP Grabber
if args['shodan']:
utils.shodan_frame(args['shodan'])
# Sniffing Module
if args['sniff'] == 'mongo':
sniffmongo.sniff_mongo()
if args['sniff'] == 'redis':
sniffredis.sniff_redis()
if args['sniff'] == 'couch':
sniffcouch.sniff_couch()
# Clone Database Currently Available for Mongo,Couch and Redis
if args['clone'] == 'couch':
couchattacks.clone_couch(target)
if args['clone'] == 'redis':
redisattacks.clone_redis(target)
except KeyboardInterrupt:
print colored("[-] Cntrl+C Shutting Down", 'red')
sys.exit(0)