nosqlframework.py

#!/usr/bin/python
# NoSQL Exploitation FrameWork Copyright 2015 Francis Alexander
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.

# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.

# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

# Updated Architecture (Moving to PEP8 Standards)

import sys
import argparse
import coreconfigure


def main():

    parser = argparse.ArgumentParser(
        description='Python NoSQL Exploitation Framework V2.0.1', usage='%(prog)s [options]')

    if len(sys.argv) == 1:
        # parser.add_argument('-h','--help', help='Mandatory Options -t,-p ', required=False)
        parser.print_help()
        sys.exit(1)

        # Specify General Options

    general = parser.add_argument_group(title='Scan Options Target')
    general.add_argument('-ip', help='Target to Scan',
                         required=False, metavar='')
    # general.add_argument('-creds', help='Credentials Format "username:password"', required=False,metavar='')
    general.add_argument('-port', help='Specify Port',
                         required=False, type=int, metavar='')
    general.add_argument('-scan', help='Scan',
                         required=False, action='store_true')
    general.add_argument(
        '-enum', help='Enumerate DBs : Specify mongo,couch,redis,hbase,cassandra', required=False, metavar='')
    general.add_argument(
        '-auth', help="Authenticate with Credentials (username:password)", required=False, metavar='')
    general.add_argument('-file', help='Specify File name',
                         required=False, metavar='')
    general.add_argument(
        '-authall', help="Authenticate with Credentials For the Entire DB (username:password)", required=False, metavar='')
    general.add_argument('-write', help="Write to file",
                         required=False, metavar='')
    general.add_argument(
        '-screen', help="Enable Screenshots for the Rest Interfaces", metavar='')

    # General Database Enumeration

    genenum = parser.add_argument_group(title='General Database Enumeration')

    genenum.add_argument(
        '-db', help="Specify Database/Collection", required=False, metavar='')
    genenum.add_argument('-c', help="Specify Column",
                         required=False, metavar='')
    genenum.add_argument(
        '-dump', help="Dumps Collection/Column Data", required=False, action='store_true')
    genenum.add_argument('-limit', help="Specify Limit to be Displayed")
    genenum.add_argument(
        '-post', help="Post Phase Enumeration (enable/disable)", required=False, metavar='')

    # Utilities Available includes Shodan scanner, Dictionary attack

    utilopts = parser.add_argument_group(title='Utilities')

    utilopts.add_argument(
        '-shodan', help="Shodan Search Specify port number", required=False, metavar='')
    utilopts.add_argument('-mass', help="Mass Scanner",
                          required=False, metavar='')
    utilopts.add_argument(
        '-dict', help='Dictionary Attack (mongo,couch,redis) + Filename', required=False, metavar='')
    utilopts.add_argument('-clone', help="Clone's DB",
                          required=False, metavar='')
    utilopts.add_argument('-sniff', help="Sniff on Couch DB",
                          required=False, metavar='')

    webopts = parser.add_argument_group(title='Web Attack Enumeration')

    # -url argument not working. url is passed in webapp
    # webopts.add_argument('-url', help="URL to Specify", required=False,metavar='')
    webopts.add_argument('-data', help="Post Parameters",
                         required=False, metavar='')
    # This parameter is not hanled properly. Input required is a URL
    # webopts.add_argument('-webapp', help="Scan Web App (mongo,couch,redis)", required=False,metavar='')
    webopts.add_argument(
        '-webapp', help="Scan Web App | input required if specified is the URL", required=False, metavar='')
    webopts.add_argument(
        '-param', help="Specify Params with commas (username,password)", required=False, metavar='')

#    mongopt = parser.add_argument_group(title='Mongo Enumeration')
#	Added during future Enumeration
#	couchopt = parser.add_argument_group(title='Couch Enumeration')
#	couchopt.add_argument('-post',help="Enable Post Attacks",required=False,action='store_false')

    redisopt = parser.add_argument_group(title='Redis Enumeration')

    redisopt.add_argument(
        '-filecheck', help="System File Enumerator (Specify Testfile Path)", required=False, metavar='')
    redisopt.add_argument(
        '-exhaust', help="Exhaust Attacks on Redis(2.6+)", required=False, action='store_true')
    redisopt.add_argument(
        '-remotecheck', help="Checks if vulnerable to RCE(Lua Sandbox Bypass)", required=False, action='store_true')

    args = vars(parser.parse_args())

    coreconfigure.Config(args)


if __name__ == "__main__":
    main()