11#!/usr/bin/python
2- #NoSQLMap Copyright 2016 Russell Butturini
3- #This program is free software: you can redistribute it and/or modify
4- # it under the terms of the GNU General Public License as published by
5- #the Free Software Foundation, either version 3 of the License, or
6- #(at your option) any later version.
7-
8- #This program is distributed in the hope that it will be useful,
9- #but WITHOUT ANY WARRANTY; without even the implied warranty of
10- #MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11- #GNU General Public License for more details.
12-
13- #You should have received a copy of the GNU General Public License
14- #along with this program. If not, see <http://www.gnu.org/licenses/>.
15-
2+ # NoSQLMap Copyright 2012-2017 NoSQLMap Development team
3+ # See the file 'doc/COPYING' for copying permission
164
175import sys
186import nsmcouch
2311import signal
2412import ast
2513
14+
2615def main ():
2716 signal .signal (signal .SIGINT , signal_handler )
2817 global optionSet
29- #Set a list so we can track whether options are set or not to avoid resetting them in subsequent calls to the options menu.
18+ # Set a list so we can track whether options are set or not to avoid resetting them in subsequent calls to the options menu.
3019 optionSet = [False ]* 9
3120 global yes_tag
3221 global no_tag
@@ -43,7 +32,7 @@ def main():
4332 global verb
4433 global scanNeedCreds
4534 global dbPort
46- #Use MongoDB as the default, since it's the least secure ( :-p at you 10Gen )
35+ # Use MongoDB as the default, since it's the least secure ( :-p at you 10Gen )
4736 platform = "MongoDB"
4837 dbPort = 27017
4938 myIP = "Not Set"
@@ -75,7 +64,7 @@ def mainMenu():
7564 print "\_| \_/\___/\____/ \_/\_\_____/\_| |_/\__,_| .__/"
7665 print "===================================================="
7766 print "NoSQLMap-v0.7"
78- print "nosqlmap@gmail .com"
67+ print "codingo@protonmail .com"
7968 print "\n "
8069 print "1-Set options"
8170 print "2-NoSQL DB Access Attacks"
@@ -97,13 +86,13 @@ def mainMenu():
9786 elif platform == "CouchDB" :
9887 nsmcouch .netAttacks (victim , dbPort , myIP )
9988
100- #Check minimum required options
89+ # Check minimum required options
10190 else :
10291 raw_input ("Target not set! Check options. Press enter to continue..." )
10392
10493
10594 elif select == "3" :
106- #Check minimum required options
95+ # Check minimum required options
10796 if (optionSet [0 ] == True ) and (optionSet [2 ] == True ):
10897 if httpMethod == "GET" :
10998 nsmweb .getApps (webPort ,victim ,uri ,https ,verb ,requestHeaders )
@@ -131,6 +120,7 @@ def mainMenu():
131120 else :
132121 raw_input ("Invalid selection. Press enter to continue." )
133122
123+
134124def platSel ():
135125 global platform
136126 global dbPort
@@ -154,6 +144,7 @@ def platSel():
154144 else :
155145 raw_input ("Invalid selection. Press enter to continue." )
156146
147+
157148def options ():
158149 global victim
159150 global webPort
@@ -171,7 +162,7 @@ def options():
171162 requestHeaders = {}
172163 optSelect = True
173164
174- #Set default value if needed
165+ # Set default value if needed
175166 if optionSet [0 ] == False :
176167 global victim
177168 victim = "Not Set"
@@ -219,24 +210,24 @@ def options():
219210 select = raw_input ("Select an option: " )
220211
221212 if select == "1" :
222- #Unset the boolean if it's set since we're setting it again.
213+ # Unset the boolean if it's set since we're setting it again.
223214 optionSet [0 ] = False
224215 ipLen = False
225216
226217 while optionSet [0 ] == False :
227218 goodDigits = True
228219 notDNS = True
229220 victim = raw_input ("Enter the host IP/DNS name: " )
230- #make sure we got a valid IP
221+ # make sure we got a valid IP
231222 octets = victim .split ("." )
232223
233224 if len (octets ) != 4 :
234- #Treat this as a DNS name
225+ # Treat this as a DNS name
235226 optionSet [0 ] = True
236227 notDNS = False
237228 else :
238- #If len(octets) != 4 is executed the block of code below is also run, but it is not necessary
239- #If the format of the IP is good, check and make sure the octets are all within acceptable ranges.
229+ # If len(octets) != 4 is executed the block of code below is also run, but it is not necessary
230+ # If the format of the IP is good, check and make sure the octets are all within acceptable ranges.
240231 for item in octets :
241232 try :
242233 if int (item ) < 0 or int (item ) > 255 :
@@ -308,39 +299,40 @@ def options():
308299 print "Invalid selection"
309300
310301 elif select == "7" :
311- #Unset the setting boolean since we're setting it again.
302+ # Unset the setting boolean since we're setting it again.
312303 optionSet [4 ] = False
313304
314305 while optionSet [4 ] == False :
315306 goodLen = False
316307 goodDigits = True
317- #Every time when user input Invalid IP, goodLen and goodDigits should be reset. If this is not done, there will be a bug
318- #For example enter 10.0.0.1234 first and the goodLen will be set to True and goodDigits will be set to False
319- #Second step enter 10.0.123, because goodLen has already been set to True, this invalid IP will be put in myIP variables
308+ # Every time when user input Invalid IP, goodLen and goodDigits should be reset. If this is not done, there will be a bug
309+ # For example enter 10.0.0.1234 first and the goodLen will be set to True and goodDigits will be set to False
310+ # Second step enter 10.0.123, because goodLen has already been set to True, this invalid IP will be put in myIP variables
320311 myIP = raw_input ("Enter the host IP for my " + platform + "/Shells: " )
321- #make sure we got a valid IP
312+ # make sure we got a valid IP
322313 octets = myIP .split ("." )
323- #If there aren't 4 octets, toss an error.
314+ # If there aren't 4 octets, toss an error.
324315 if len (octets ) != 4 :
325316 print "Invalid IP length."
326317
327318 else :
328319 goodLen = True
329320
330321 if goodLen == True :
331- #If the format of the IP is good, check and make sure the octets are all within acceptable ranges.
322+ # If the format of the IP is good, check and make sure the octets are all within acceptable ranges.
332323 for item in octets :
333324 if int (item ) < 0 or int (item ) > 255 :
334325 print "Bad octet in IP address."
335326 goodDigits = False
336327
337- # else:
338- # goodDigits = True
339- #Default value of goodDigits should be set to True
340- #for example 12.12345.12.12
328+ # else:
329+ # goodDigits = True
341330
331+ # Default value of goodDigits should be set to True
332+ # for example 12.12345.12.12
342333
343- #If everything checks out set the IP and break the loop
334+
335+ # If everything checks out set the IP and break the loop
344336 if goodLen == True and goodDigits == True :
345337 print "\n Shell/DB listener set to " + myIP + "\n "
346338 optionSet [4 ] = True
@@ -380,7 +372,7 @@ def options():
380372 if httpMethod == "POST" :
381373 postData = ast .literal_eval (csvOpt [1 ])
382374
383- #Set option checking array based on what was loaded
375+ # Set option checking array based on what was loaded
384376 x = 0
385377 for item in optList :
386378 if item != "Not Set" :
@@ -410,7 +402,7 @@ def options():
410402 paramValues = []
411403 httpMethod = "POST"
412404 postData = reqData [len (reqData )- 1 ]
413- #split the POST parameters up into individual items
405+ # split the POST parameters up into individual items
414406 paramsNvalues = postData .split ("&" )
415407
416408 for item in paramsNvalues :
0 commit comments