def main():
	global available
	global target,port    # Needed to modify global copy of globvar
	global user,passw
	global mas
	global file_name
	mas=False
	available=['mongo','couch','redis']
	parser = argparse.ArgumentParser(description='Python Nosql Exploitation Framework')
	parser.add_argument('-ip','--ip', help='Host to Scan', required=True)
	parser.add_argument('-port','--port', help='Port', required=False)
	parser.add_argument('-scan', '--scan',help='Scan', required=False, action='store_true')
	parser.add_argument('-enum','--enum', help='Enumerate DBs,Specify mongo,couch,redis', required=False)
	parser.add_argument('-dict','--dict', help='Dictionary Attack ==> mongo', required=False)
	parser.add_argument('-file','--file', help='Dictionary file name', required=False)
	parser.add_argument('-clone','--clone', help="Clone's DB", required=False)
	parser.add_argument('-sniff','--sniff', help="Sniff on Couch DB", required=False)
	parser.add_argument('-shodan','--shodan', help="Shodan Search Specify port number", required=False)
	parser.add_argument('-auth','--auth', help="Authenticate -> username:password", required=False)
	parser.add_argument('-webapp','--webapp', help="Scan Web App", required=False)
	parser.add_argument('-url','--url', help="URL Name", required=False)
	parser.add_argument('-mass','--mass', help="Mass Scanner", required=False)
	parser.add_argument('-filecheck','--filecheck', help="System File Enumerator", required=False)
	args = vars(parser.parse_args())
	logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
	target = args['ip']
	port = args['port']
	url=args['webapp']
	file_name=args['file']
	host_up(target)
	if args['mass'] in available :
		if args['file']:
			mas=True
			mass_scan(args['mass'],args['file'])
		else:
			print colored("[-] Plse specify File name \n",'red')
	if args['webapp']:
		web_app_attack(url)
	if args['filecheck']=='redis':
		redis_file_enum()
	if args['scan']:
		scan_db(target)
	if args['shodan']:
		shodan_frame(args['shodan'])			
	if args['sniff']=='mongo':
		sniffmongo.sniff_mongo()
	if args['sniff']=='redis':
		sniffredis.sniff_redis()
	if args['sniff']=='couch':
		sniffcouch.sniff_couch()
	if args['clone'] == 'couch':
		clone_couch(target)
	if args['clone'] == 'redis':
		clone_redis(target)
	if args['dict'] == "mongo":
		if port:
			pass
		else:
			port = 27017
		file_name = args['file']
		brute_mongo(file_name,target,port)
	elif args['dict'] == "couch":
		if port:
			pass
		else:
			port = 5984
		file_name = args['file']
		brute_couch(file_name,target,port)
	elif args['dict'] == "redis":
		if port:
			pass
		else:
			port = 6379
		file_name = args['file']
		brute_redis(file_name,target,port)
	if args['enum'] == 'mongo':
		if port:
			pass
		else:
			port = 27017
		mongo_web_scan(target)
		try:
			conn = pymongo.MongoClient(target,27017)
			mongo_enum(conn)
		except:
			print colored("[-] MongoDB port closed. \n",'red')
		
	if args['enum'] == 'couch':
		couch=couch_conn(target)
		couch_enum(couch)
	if args['enum'] == 'redis':
		if port:
			pass
		else:
			port = 6379
		r_server=redis_conn(target,port)
		redis_enum(r_server)
	if args['enum'] == 'cassandra':
		if port:
			pass
		else:
			port = 9160
		cassa_enum()
	if args['enum'] == 'hbase':
		if port:
			pass
		else:
			port = 8080
		hbase_enum(port)
def Config(args):

	global available
	global target,port    # Needed to modify global copy of globvar
	global user,passw
	global mas
	global file_name
	global db_select
	global column_select
	global post_status
	global creds
	global dump
	global specify_params
	global paramcheck
	global select
	global db
	global limit
	global conn
	mas=False
	paramcheck=[]
	specify_params=[]
	available=['mongo','couch','redis']

	post_status=False

	target = args['ip']
	port = args['port']
	url=args['webapp']
	seldb=args['enum']
	filename=args['file']

	try:

	# Checks whether Host is up
		if args['ip']:
			utils.host_up(target)

		# Credentials
		screen=args['screen'] if args['screen'] else False
		creds=args['auth'] if args['auth'] else False
		authall=args['authall'] if args['authall'] else False
		mass=args['mass'] if args['mass'] else False
		db=args['db'] if args['db'] else 'admin'
		column_select=args['c'] if args['c'] else False
		dump=True if args['dump'] else False
		post_status=True if args['post'] else False
		limit=int(args['limit']) if args['limit'] else 0
		write=args['write'] if args['write'] else False

		#Scan for General DB Targets
		if args['scan']:
			utils.scan_target(target)

		#Web Attacks
		## This is argument is not working correctly - Need to fix - th3r3p0
		#if args['url']:
		#	seldb=args['webapp'] if args['webapp'] else False
		#	if seldb == 'mongo':
		#		filename=['payload/js_inject.txt','payload/js_time']


		#Dictionary Attacks

		if args['dict']:
			seldb=args['dict']
			if args['file']:
				if seldb=='mongo':
					if args['port'] or args['db']:
						pass
					else:
						port=27017
						db='admin'
					#mongoattacks.mongo_web_interface(target,port,creds,screen)
					mongoattacks.dict_mongo(filename,target,port,db)
				elif seldb=='couch':
 					if args['port']:
						pass
					else:
						port=5984
					couchattacks.dict_couch(filename,target,port)
				elif seldb=='redis':
					if args['port']:
						pass
					else:
						port=6379
					redisattacks.dict_redis(filename,target,port)
			else:
				print colored("[-] Specify File Name",'red')

		#Enumeration Check
		if args['enum']:
			seldb=args['enum']
			if seldb=='mongo':
				if port:
					pass
				else:
					port = 27017
				#mongo_web_scan(target)
				try:
					conn = mongoattacks.mongo_conn(target,port,mass)
					mongoattacks.mongo_enum(conn,creds,authall,db,column_select,dump,limit,write)
				except Exception as e:
					print colored(e,'red')
			elif seldb=='couch':
				if port:
					pass
				else:
					port = 5984
				try:
					#print post_status
					if db=='admin':
						db=False
					couch=couchattacks.couch_conn(target,port)
					couchattacks.couch_enum(couch,target,port,creds,db,column_select,post_status)
				except Exception as e:
					print str(e)
					print colored("[-] Enumeration Failed \n",'red')
			elif seldb=='redis':
				if port:
					pass
				else:
					port = 6379
				try:
					r_server=redisattacks.redis_conn(target,port)
					redisattacks.redis_enum(r_server,creds)
				except Exception as e:
					print colored(e,'red')
			elif seldb == 'cassandra':
				if port:
					pass
				else:
					port = 9160
					creds=False
				if db=='admin':
					db=False
				cassattacks.cassa_enum(target,port,db,dump)
			elif seldb == 'hbase':
				if port:
					pass
				else:
					port = 8080
				hbaseattacks.hbase_enum(port)
			else:
				print colored("[-] No Support for the Specified DB",'red')

		# Mass Scan Settings

		if args['mass'] in available :
			select=args['mass']
			if args['file']:
				mas=True
				mass_scan(args['mass'],args['file'])
			else:
				print colored("[-] Plse specify File name \n",'red')




		#Database Select (Currently available for Mongo,Couch)
		if args['db']:
			db_select = args['db']
			column_select = args['c']
		else:
			db_select=""
			if args['post'] == 'enable':
				post_status=True

		if args['param']:
				paramcheck=args['param']
				specify_params=paramcheck.split(',')
		else:
			specify_params=""

		specify_params=args['param']

		# Scans for WebAPP Attacks
		if args['webapp']:
			webattacks.nosqlweb.attack(url)

		#Redis DOS (2.6+)
		if args['exhaust']:
			if port:
				pass
			else:
				port=6379
			redisattacks.redis_exhaust(target,port)

		#Redis RCE Check
		if args['remotecheck']:
			if port:
				pass
			else:
				port=6379
			redisattacks.redis_rce(target,port)

		#Redis File Enumeration Check
		if args['filecheck']:
			filename=args['filecheck']
			if port:
				pass
			else:
				port=6379
			redisattacks.redis_file_enum(filename,target,port,creds)

		#Shodan IP Grabber
		if args['shodan']:
			utils.shodan_frame(args['shodan'])

		#Sniffing Module
		if args['sniff']=='mongo':
			sniffmongo.sniff_mongo()
		if args['sniff']=='redis':
			sniffredis.sniff_redis()
		if args['sniff']=='couch':
			sniffcouch.sniff_couch()


		#Clone Database Currently Available for Mongo,Couch and Redis
		if args['clone'] == 'couch':
			couchattacks.clone_couch(target)
		if args['clone'] == 'redis':
			redisattacks.clone_redis(target)
	except KeyboardInterrupt:
		print colored("[-] Cntrl+C Shutting Down",'red')
		sys.exit(0)
Exemple #3
0
def main():
    global available
    global target, port  # Needed to modify global copy of globvar
    global user, passw
    global mas
    global file_name
    mas = False
    available = ['mongo', 'couch', 'redis']
    parser = argparse.ArgumentParser(
        description='Python Nosql Exploitation Framework')
    parser.add_argument('-ip', '--ip', help='Host to Scan', required=True)
    parser.add_argument('-port', '--port', help='Port', required=False)
    parser.add_argument('-scan',
                        '--scan',
                        help='Scan',
                        required=False,
                        action='store_true')
    parser.add_argument('-enum',
                        '--enum',
                        help='Enumerate DBs,Specify mongo,couch,redis',
                        required=False)
    parser.add_argument('-dict',
                        '--dict',
                        help='Dictionary Attack ==> mongo',
                        required=False)
    parser.add_argument('-file',
                        '--file',
                        help='Dictionary file name',
                        required=False)
    parser.add_argument('-clone', '--clone', help="Clone's DB", required=False)
    parser.add_argument('-sniff',
                        '--sniff',
                        help="Sniff on Couch DB",
                        required=False)
    parser.add_argument('-shodan',
                        '--shodan',
                        help="Shodan Search Specify port number",
                        required=False)
    parser.add_argument('-auth',
                        '--auth',
                        help="Authenticate -> username:password",
                        required=False)
    parser.add_argument('-webapp',
                        '--webapp',
                        help="Scan Web App",
                        required=False)
    parser.add_argument('-url', '--url', help="URL Name", required=False)
    parser.add_argument('-mass', '--mass', help="Mass Scanner", required=False)
    parser.add_argument('-filecheck',
                        '--filecheck',
                        help="System File Enumerator",
                        required=False)
    args = vars(parser.parse_args())
    logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
    target = args['ip']
    port = args['port']
    url = args['webapp']
    file_name = args['file']
    host_up(target)
    if args['mass'] in available:
        if args['file']:
            mas = True
            mass_scan(args['mass'], args['file'])
        else:
            print colored("[-] Plse specify File name \n", 'red')
    if args['webapp']:
        web_app_attack(url)
    if args['filecheck'] == 'redis':
        redis_file_enum()
    if args['scan']:
        scan_db(target)
    if args['shodan']:
        shodan_frame(args['shodan'])
    if args['sniff'] == 'mongo':
        sniffmongo.sniff_mongo()
    if args['sniff'] == 'redis':
        sniffredis.sniff_redis()
    if args['sniff'] == 'couch':
        sniffcouch.sniff_couch()
    if args['clone'] == 'couch':
        clone_couch(target)
    if args['clone'] == 'redis':
        clone_redis(target)
    if args['dict'] == "mongo":
        if port:
            pass
        else:
            port = 27017
        file_name = args['file']
        brute_mongo(file_name, target, port)
    elif args['dict'] == "couch":
        if port:
            pass
        else:
            port = 5984
        file_name = args['file']
        brute_couch(file_name, target, port)
    elif args['dict'] == "redis":
        if port:
            pass
        else:
            port = 6379
        file_name = args['file']
        brute_redis(file_name, target, port)
    if args['enum'] == 'mongo':
        if port:
            pass
        else:
            port = 27017
        mongo_web_scan(target)
        try:
            conn = pymongo.MongoClient(target, 27017)
            mongo_enum(conn)
        except:
            print colored("[-] MongoDB port closed. \n", 'red')

    if args['enum'] == 'couch':
        couch = couch_conn(target)
        couch_enum(couch)
    if args['enum'] == 'redis':
        if port:
            pass
        else:
            port = 6379
        r_server = redis_conn(target, port)
        redis_enum(r_server)
    if args['enum'] == 'cassandra':
        if port:
            pass
        else:
            port = 9160
        cassa_enum()
    if args['enum'] == 'hbase':
        if port:
            pass
        else:
            port = 8080
        hbase_enum(port)