forked from hegusung/netscan
-
Notifications
You must be signed in to change notification settings - Fork 0
/
postgrescan.py
executable file
·59 lines (47 loc) · 2.72 KB
/
postgrescan.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
#!/usr/bin/python3
import argparse
from utils.process_inputs import process_inputs, str_comma, str_ports
from utils.dispatch import dispatch_targets
from utils.output import Output
from lib.postgrescan.postgrescan import postgrescan_worker
def main():
parser = argparse.ArgumentParser(description='PostGreScan')
parser.add_argument('targets', type=str)
parser.add_argument('-p', metavar='ports', type=str_ports, nargs='?', help='target port', default='5432', dest='port')
parser.add_argument('-u', metavar='username', type=str, nargs='?', help='Username', default=None, dest='username')
parser.add_argument('--pass', metavar='password', type=str, nargs='?', help='Password', default=None, dest='password')
parser.add_argument('--timeout', metavar='timeout', nargs='?', type=int, help='Connect timeout', default=5, dest='timeout')
# Actions
parser.add_argument("--dbs", action='store_true', help='List databases')
parser.add_argument('--cmd', metavar='command', type=str, nargs='?', help='Execute a command via PostgreSQL RCE techniques', default=None, dest='cmd')
# Bruteforce
parser.add_argument("--bruteforce", action='store_true', help='Enable bruteforce')
parser.add_argument('-U', metavar='username file', type=str, nargs='?', help='Username file (format username or username:password)', default=None, dest='username_file')
parser.add_argument('-P', metavar='password file', type=str, nargs='?', help='Password file', default=None, dest='password_file')
parser.add_argument('-W', metavar='number worker', nargs='?', type=int, help='Number of concurent workers for the bruteforce', default=5, dest='bruteforce_workers')
# Dispatcher arguments
parser.add_argument('-w', metavar='number worker', nargs='?', type=int, help='Number of concurent workers', default=10, dest='workers')
args = parser.parse_args()
static_inputs = {}
if args.port:
static_inputs['port'] = args.port
creds = {}
if args.username:
creds['username'] = args.username
if args.password:
creds['password'] = args.password
actions = {}
if args.dbs:
actions['list_dbs'] = {}
if args.cmd:
actions['cmd'] = {'command': args.cmd}
if args.bruteforce:
actions['bruteforce'] ={'username_file': args.username_file, 'password_file': args.password_file, 'workers': args.bruteforce_workers}
Output.setup()
postgrescan(args.targets, static_inputs, args.workers, actions, creds, args.timeout)
Output.stop()
def postgrescan(input_targets, static_inputs, workers, actions, creds, timeout):
args = (actions, creds, timeout)
dispatch_targets(input_targets, static_inputs, postgrescan_worker, args, workers=workers)
if __name__ == '__main__':
main()