Skip to content
Permalink
Browse files

indentation fix

  • Loading branch information...
niphlod committed Jan 25, 2016
1 parent dac994c commit 9bb22469b838988eb9770e130fb8146c1fbd0785
Showing with 6,082 additions and 6,080 deletions.
  1. +5 −5 dbdat.py
  2. +7 −7 plugins/couchdb/check_configuration_admins.py
  3. +5 −6 plugins/couchdb/check_configuration_allow_jsonp.py
  4. +5 −5 plugins/couchdb/check_configuration_cors.py
  5. +6 −7 plugins/couchdb/check_configuration_log_level.py
  6. +9 −9 plugins/couchdb/check_configuration_ssl.py
  7. +7 −8 plugins/couchdb/check_configuration_verify_auth.py
  8. +8 −8 plugins/couchdb/check_configuration_version.py
  9. +13 −12 plugins/couchdb/check_information_bind_ip.py
  10. +7 −7 plugins/couchdb/check_information_vendor.py
  11. +11 −10 plugins/couchdb/check_user_admins_weak_password.py
  12. +31 −31 plugins/db2/check_configuration_audit_buffer.py
  13. +30 −30 plugins/db2/check_configuration_authentication_mechanism.py
  14. +32 −32 plugins/db2/check_configuration_catalog_noauth.py
  15. +34 −34 plugins/db2/check_configuration_datalinks.py
  16. +30 −30 plugins/db2/check_configuration_dftdbpath.py
  17. +31 −31 plugins/db2/check_configuration_diaglevel.py
  18. +29 −29 plugins/db2/check_configuration_diagpath.py
  19. +30 −30 plugins/db2/check_configuration_discover.py
  20. +29 −29 plugins/db2/check_configuration_discover_inst.py
  21. +29 −29 plugins/db2/check_configuration_fed_noauth.py
  22. +30 −30 plugins/db2/check_configuration_health_mon.py
  23. +30 −30 plugins/db2/check_configuration_keepfenced.py
  24. +25 −25 plugins/db2/check_information_version.py
  25. +36 −36 plugins/db2/check_privilege_bindadd.py
  26. +35 −35 plugins/db2/check_privilege_connect.py
  27. +36 −36 plugins/db2/check_privilege_createtab.py
  28. +37 −37 plugins/db2/check_privilege_dbadm.py
  29. +36 −36 plugins/db2/check_privilege_external_quiesceconnect.py
  30. +36 −36 plugins/db2/check_privilege_external_routine.py
  31. +39 −41 plugins/db2/check_privilege_group_entitlements.py
  32. +36 −36 plugins/db2/check_privilege_implschema.py
  33. +36 −36 plugins/db2/check_privilege_load.py
  34. +36 −36 plugins/db2/check_privilege_nofence.py
  35. +40 −40 plugins/db2/check_privilege_secadm.py
  36. +68 −68 plugins/db2/check_privilege_syscat_views.py
  37. +35 −35 plugins/db2/check_privilege_tablespaces.py
  38. +54 −53 plugins/mongodb/check_configuration_jsonp.py
  39. +11 −10 plugins/mongodb/check_configuration_keyfile.py
  40. +13 −13 plugins/mongodb/check_configuration_localhost_auth_bypass.py
  41. +52 −52 plugins/mongodb/check_configuration_nohttpinterface.py
  42. +55 −55 plugins/mongodb/check_configuration_noscripting.py
  43. +54 −54 plugins/mongodb/check_configuration_rest_interface.py
  44. +92 −92 plugins/mongodb/check_configuration_ssl.py
  45. +5 −5 plugins/mongodb/check_configuration_test_database.py
  46. +7 −7 plugins/mongodb/check_configuration_verify_auth.py
  47. +8 −8 plugins/mongodb/check_configuration_version.py
  48. +5 −5 plugins/mongodb/check_information_banner.py
  49. +54 −53 plugins/mongodb/check_information_bind_ip.py
  50. +41 −41 plugins/mongodb/check_information_cmd_line_opts.py
  51. +7 −7 plugins/mongodb/check_information_database_list.py
  52. +10 −9 plugins/mongodb/check_user_weak_password.py
  53. +49 −47 plugins/mongodb/helper.py
  54. +36 −36 plugins/mssql/check_configuration_adhoc_distributed_queries.py
  55. +28 −28 plugins/mssql/check_configuration_clr.py
  56. +31 −31 plugins/mssql/check_configuration_cross_db_ownership.py
  57. +28 −28 plugins/mssql/check_configuration_default_trace_enabled.py
  58. +30 −30 plugins/mssql/check_configuration_login_auditing.py
  59. +28 −28 plugins/mssql/check_configuration_mail_xps.py
  60. +31 −31 plugins/mssql/check_configuration_ole_automation_procedures.py
  61. +28 −28 plugins/mssql/check_configuration_remote_access.py
  62. +29 −29 plugins/mssql/check_configuration_remote_admin_connections.py
  63. +27 −27 plugins/mssql/check_configuration_scan_startup_procs.py
  64. +26 −26 plugins/mssql/check_configuration_server_authentication.py
  65. +33 −34 plugins/mssql/check_configuration_trustworthy_database.py
  66. +27 −27 plugins/mssql/check_configuration_xp_cmdshell.py
  67. +36 −36 plugins/mssql/check_privileges_clr_assembly_permissions.py
  68. +38 −38 plugins/mssql/check_privileges_explicit_grants.py
  69. +36 −36 plugins/mssql/check_privileges_guest_user.py
  70. +36 −36 plugins/mssql/check_privileges_public_role.py
  71. +29 −29 plugins/mssql/check_user_builtin_administrators.py
  72. +30 −30 plugins/mssql/check_user_sa_account.py
  73. +40 −40 plugins/mysql/check_configuration_client_password.py
  74. +48 −47 plugins/mysql/check_configuration_error_log.py
  75. +38 −38 plugins/mysql/check_configuration_general_log.py
  76. +33 −33 plugins/mysql/check_configuration_host_wildcards.py
  77. +45 −45 plugins/mysql/check_configuration_listen_addresses.py
  78. +29 −29 plugins/mysql/check_configuration_local_infile.py
  79. +28 −28 plugins/mysql/check_configuration_old_passwords.py
  80. +28 −28 plugins/mysql/check_configuration_safe_show_database.py
  81. +28 −28 plugins/mysql/check_configuration_safe_user_create_global.py
  82. +28 −28 plugins/mysql/check_configuration_safe_user_create_session.py
  83. +28 −28 plugins/mysql/check_configuration_secure_auth.py
  84. +30 −30 plugins/mysql/check_configuration_skip_grant_tables.py
  85. +28 −28 plugins/mysql/check_configuration_skip_merge.py
  86. +28 −28 plugins/mysql/check_configuration_skip_networking.py
  87. +30 −30 plugins/mysql/check_configuration_skip_symbolic_links.py
  88. +28 −28 plugins/mysql/check_configuration_test_database.py
  89. +26 −26 plugins/mysql/check_configuration_tls_support.py
  90. +45 −45 plugins/mysql/check_configuration_version.py
  91. +27 −27 plugins/mysql/check_information_banner.py
  92. +32 −32 plugins/mysql/check_information_remote_hosts.py
  93. +35 −35 plugins/mysql/check_privilege_create_user.py
  94. +35 −35 plugins/mysql/check_privilege_file.py
  95. +35 −35 plugins/mysql/check_privilege_global_grant.py
  96. +13 −13 plugins/mysql/check_privilege_mysql_database.py
  97. +34 −34 plugins/mysql/check_privilege_process.py
  98. +7 −7 plugins/mysql/check_privilege_reload.py
  99. +7 −7 plugins/mysql/check_privilege_shutdown.py
  100. +32 −32 plugins/mysql/check_privilege_stale_users.py
  101. +35 −35 plugins/mysql/check_privilege_super.py
  102. +48 −48 plugins/mysql/check_privilege_user_grantables.py
  103. +61 −61 plugins/mysql/check_privilege_user_grants.py
  104. +72 −71 plugins/mysql/check_user_access_denied.py
  105. +30 −30 plugins/mysql/check_user_anonymous_users.py
  106. +30 −30 plugins/mysql/check_user_any_host.py
  107. +31 −31 plugins/mysql/check_user_empty_password.py
  108. +31 −31 plugins/mysql/check_user_root_name.py
  109. +31 −31 plugins/mysql/check_user_same_password.py
  110. +50 −50 plugins/mysql/check_user_weak_password.py
  111. +37 −37 plugins/oracle/check_configuration_admin_restrictions_listener.py
  112. +64 −64 plugins/oracle/check_configuration_audit_option.py
  113. +34 −34 plugins/oracle/check_configuration_audit_option_aud.py
  114. +25 −25 plugins/oracle/check_configuration_audit_sys_operations.py
  115. +25 −25 plugins/oracle/check_configuration_audit_trail.py
  116. +28 −28 plugins/oracle/check_configuration_dictionary_accessibility.py
  117. +29 −29 plugins/oracle/check_configuration_global_names.py
  118. +28 −28 plugins/oracle/check_configuration_local_os_authentication.py
  119. +27 −27 plugins/oracle/check_configuration_remote_listener.py
  120. +29 −29 plugins/oracle/check_configuration_remote_login_passwordfile.py
  121. +28 −28 plugins/oracle/check_configuration_remote_os_authentication.py
  122. +27 −27 plugins/oracle/check_configuration_remote_os_roles.py
  123. +27 −27 plugins/oracle/check_configuration_resource_limit.py
  124. +28 −28 plugins/oracle/check_configuration_sec_case_sensitive_logon.py
  125. +30 −30 plugins/oracle/check_configuration_sec_max_failed_login_attempts.py
  126. +30 −30 plugins/oracle/check_configuration_sec_protocol_error_further_action.py
  127. +30 −30 plugins/oracle/check_configuration_sec_protocol_error_trace_action.py
  128. +29 −29 plugins/oracle/check_configuration_sec_return_server_release_banner.py
  129. +29 −29 plugins/oracle/check_configuration_sql92_security.py
  130. +30 −30 plugins/oracle/check_configuration_trace_files_public.py
  131. +30 −30 plugins/oracle/check_configuration_util_file_dir.py
  132. +95 −95 plugins/oracle/check_configuration_version.py
  133. +33 −33 plugins/oracle/check_privilege_alter_system.py
  134. +33 −33 plugins/oracle/check_privilege_any.py
  135. +35 −35 plugins/oracle/check_privilege_aud.py
  136. +33 −33 plugins/oracle/check_privilege_audit_system.py
  137. +33 −33 plugins/oracle/check_privilege_become_user.py
  138. +33 −33 plugins/oracle/check_privilege_create_any_library.py
  139. +33 −33 plugins/oracle/check_privilege_create_library.py
  140. +34 −34 plugins/oracle/check_privilege_create_procedure.py
  141. +33 −33 plugins/oracle/check_privilege_dba.py
  142. +33 −33 plugins/oracle/check_privilege_dba_.py
  143. +33 −33 plugins/oracle/check_privilege_dba_sys_privs_with_admin_option.py
  144. +33 −33 plugins/oracle/check_privilege_delete_catalog_role.py
  145. +32 −32 plugins/oracle/check_privilege_execute_any_procedure_dbsnmp.py
  146. +32 −32 plugins/oracle/check_privilege_execute_any_procedure_outln.py
  147. +33 −33 plugins/oracle/check_privilege_execute_catalog_role.py
  148. +34 −34 plugins/oracle/check_privilege_exempt_access_policy.py
  149. +34 −34 plugins/oracle/check_privilege_grant_any_object_privilege.py
  150. +34 −34 plugins/oracle/check_privilege_grant_any_privilege.py
  151. +33 −33 plugins/oracle/check_privilege_grant_any_role.py
  152. +33 −33 plugins/oracle/check_privilege_link.py
  153. +32 −32 plugins/oracle/check_privilege_proxy_users_connect.py
  154. +79 −79 plugins/oracle/check_privilege_public_dangerous_packages.py
  155. +33 −33 plugins/oracle/check_privilege_select_any_dictionary.py
  156. +33 −33 plugins/oracle/check_privilege_select_any_table.py
  157. +33 −33 plugins/oracle/check_privilege_select_catalog_role.py
  158. +33 −33 plugins/oracle/check_privilege_sys_scheduler_credential.py
  159. +33 −33 plugins/oracle/check_privilege_sys_user_mig.py
  160. +32 −32 plugins/oracle/check_privilege_user.py
  161. +35 −35 plugins/oracle/check_privilege_user_history.py
  162. +34 −34 plugins/oracle/check_user_dba_users_password.py
  163. +71 −71 plugins/oracle/check_user_default_credentials.py
  164. +41 −41 plugins/oracle/check_user_failed_logins.py
  165. +33 −33 plugins/oracle/check_user_no_users_assigned_default.py
  166. +34 −34 plugins/oracle/check_user_password_grace_time.py
  167. +33 −33 plugins/oracle/check_user_password_life_time.py
  168. +33 −33 plugins/oracle/check_user_password_lock_time.py
  169. +34 −34 plugins/oracle/check_user_password_reuse_max.py
  170. +34 −34 plugins/oracle/check_user_password_verify_function.py
  171. +33 −33 plugins/oracle/check_user_sessions_per_user.py
  172. +31 −31 plugins/oracle/check_user_sys_system_lock.py
  173. +38 −38 plugins/oracle/check_user_users_with_defpwd.py
  174. +66 −66 plugins/oracle/check_user_weak_password.py
  175. +5 −5 plugins/oracle/helper.py
  176. +44 −44 plugins/postgresql/check_configuration_host_wildcards.py
  177. +38 −38 plugins/postgresql/check_configuration_listen_addresses.py
  178. +26 −26 plugins/postgresql/check_configuration_local_infile.py
  179. +27 −27 plugins/postgresql/check_configuration_test_database.py
  180. +26 −26 plugins/postgresql/check_configuration_tls_support.py
  181. +48 −48 plugins/postgresql/check_configuration_version.py
  182. +27 −27 plugins/postgresql/check_information_banner.py
  183. +42 −42 plugins/postgresql/check_information_remote_hosts.py
  184. +34 −34 plugins/postgresql/check_privileges_security_definer.py
  185. +32 −32 plugins/postgresql/check_user_empty_password.py
  186. +50 −50 plugins/postgresql/check_user_weak_password.py
  187. +28 −29 plugins/postgresql/helper.py
  188. +47 −48 plugins/postgresql/off_check_privileges_user_privilege.py
@@ -51,7 +51,7 @@ def connect(self):
self.dbcurs = self.db.cursor()

elif 'sybase' == self.dbtype:
#TODO
# TODO
print("Sybase is not yet supported.")
quit()

@@ -109,7 +109,7 @@ def hacktheplanet(self):
with open(self.report, 'w') as report_file:
report_file.write('{"title":"' + self.describe_scan() + '", "report_data":[')

count = 0 # counter for reporting
count = 0 # counter for reporting

for database_check in self.checks:
# load a database check
@@ -137,12 +137,12 @@ def hacktheplanet(self):
elif 'clp' == c.TYPE:
# command line processor option for db2
import subprocess

try:
p = subprocess.Popen(c.CMD, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
out, err = p.communicate()
result['result'] = c.do_check(out)

except Exception as e:
print(e)

@@ -264,7 +264,7 @@ def __init__(self, dbtype=None):

if 0 == len(configuration.get(arguments.p, 'privileged_account')):
print('Warning: Attempting to connect with empty privileged_account.')

scan.dbuser = configuration.get(arguments.p, 'privileged_account')
scan.dbpass = configuration.get(arguments.p, 'privileged_account_password')
scan.appuser = configuration.get(arguments.p, 'application_account')
@@ -9,31 +9,31 @@ class check_configuration_admins():
TITLE = 'Admins'
CATEGORY = 'Configuration'
TYPE = 'nosql'
SQL = None # SQL not needed... because this is NoSQL.
SQL = None # SQL not needed... because this is NoSQL.

verbose = False
skip = False
skip = False
result = {}
db = None

def do_check(self):
admins = self.db.config()['admins']
output = ''

if len(admins) > 0:
self.result['level'] = 'GREEN'
output = 'Configured admins:\n'

for admin in admins:
output += '%s\n' % (admin)
else:
self.result['level'] = 'RED'
output = 'No admins found. CouchDB Admin Party in effect.'

self.result['output'] = output

return self.result

def __init__(self, parent):
print('Performing check: ' + self.TITLE)
self.db = parent.db
@@ -6,30 +6,29 @@ class check_configuration_allow_jsonp():
retrieved from systems other than the one the page was served by.
"""
# References:
#

TITLE = 'Allow JSONP'
CATEGORY = 'Configuration'
TYPE = 'nosql'
SQL = None # SQL not needed... because this is NoSQL.
SQL = None # SQL not needed... because this is NoSQL.

verbose = False
skip = False
skip = False
result = {}
db = None

def do_check(self):
value = self.db.config()['httpd']['allow_jsonp']

if 'false' == value:
self.result['level'] = 'GREEN'
self.result['output'] = 'JSONP is (%s) not enabled.' % (value)
else:
self.result['level'] = 'RED'
self.result['output'] = 'JSONP is (%s) enabled.' % (value)

return self.result

def __init__(self, parent):
print('Performing check: ' + self.TITLE)
self.db = parent.db
@@ -10,25 +10,25 @@ class check_configuration_cors():
TITLE = 'Enable CORS'
CATEGORY = 'Configuration'
TYPE = 'nosql'
SQL = None # SQL not needed... because this is NoSQL.
SQL = None # SQL not needed... because this is NoSQL.

verbose = False
skip = False
skip = False
result = {}
db = None

def do_check(self):
value = self.db.config()['httpd']['enable_cors']

if 'false' == value:
self.result['level'] = 'RED'
self.result['output'] = 'CORS is (%s) not enabled.' % (value)
else:
self.result['level'] = 'GREEN'
self.result['output'] = 'CORS is (%s) enabled.' % (value)

return self.result

def __init__(self, parent):
print('Performing check: ' + self.TITLE)
self.db = parent.db
@@ -1,26 +1,25 @@
class check_configuration_log_level():
"""
check_configuration_log_level:
Ensure the log level is approrpiate for your environment. Typically debug
Ensure the log level is approrpiate for your environment. Typically debug
level should not be enabled in production. With debug level enabled user
passowrds may be logged in plain text.
"""
# References:
#

TITLE = 'Debug Log Level'
CATEGORY = 'Configuration'
TYPE = 'nosql'
SQL = None # SQL not needed... because this is NoSQL.
SQL = None # SQL not needed... because this is NoSQL.

verbose = False
skip = False
skip = False
result = {}
db = None

def do_check(self):
value = self.db.config()['log']['level']

if 'debug' == value:
self.result['level'] = 'RED'
self.result['output'] = 'Log level is (%s).' % (value)
@@ -30,9 +29,9 @@ def do_check(self):
else:
self.result['level'] = 'YELLOW'
self.result['output'] = 'Log level is (%s).' % (value)

return self.result

def __init__(self, parent):
print('Performing check: ' + self.TITLE)
self.db = parent.db
@@ -1,9 +1,9 @@
class check_configuration_ssl():
"""
check_configuration_ssl:
If you don't use SSL your data is traveling between your CouchDB client and CouchDB
server unencrypted and is susceptible to eavesdropping, tampering and "man in
the middle" attacks. This is especially important if you are connecting to your
If you don't use SSL your data is traveling between your CouchDB client and CouchDB
server unencrypted and is susceptible to eavesdropping, tampering and "man in
the middle" attacks. This is especially important if you are connecting to your
CouchDB server over unsecure networks like the internet.
"""
# References:
@@ -12,30 +12,30 @@ class check_configuration_ssl():
TITLE = 'Enable SSL'
CATEGORY = 'Configuration'
TYPE = 'nosql'
SQL = None # SQL not needed... because this is NoSQL.
SQL = None # SQL not needed... because this is NoSQL.

verbose = False
skip = False
skip = False
result = {}
db = None

def do_check(self):
daemons = self.db.config()['daemons']
match = False

for daemon in daemons:
if 'httpsd' == daemon:
match = True

if False == match:
self.result['level'] = 'RED'
self.result['output'] = 'SSL is not enabled.'
else:
self.result['level'] = 'GREEN'
self.result['output'] = 'SSL is enabled.'

return self.result

def __init__(self, parent):
print('Performing check: ' + self.TITLE)
self.db = parent.db
@@ -4,36 +4,35 @@ class check_configuration_verify_auth():
Verifying authentication is required.
"""
# References:
#

TITLE = 'Authentication Required'
CATEGORY = 'Configuration'
TYPE = 'nosql'
SQL = None # SQL not needed... because this is NoSQL.
SQL = None # SQL not needed... because this is NoSQL.

verbose = False
skip = False
skip = False
result = {}

db = None

def do_check(self):
try:
config = self.db.config()
self.result['level'] = 'RED'
self.result['output'] = 'Unauthenticated connection succeded.'

except Exception as e:
self.result['level'] = 'GREEN'
self.result['output'] = 'Unauthenticated connection failed, message:\n%s\n' % (e)

return self.result

def __init__(self, parent):
print('Performing check: ' + self.TITLE)
import couchdb
from urlparse import urlparse

# parent connection is authenticated so create a new unauthenticated connection
url = urlparse(parent.dbhost)
self.db = couchdb.Server(url.scheme + '://' + url.hostname + ':' + parent.dbport)
@@ -8,39 +8,39 @@ class check_configuration_version():
TITLE = 'Version Check'
CATEGORY = 'Configuration'
TYPE = 'nosql'
SQL = None # SQL not needed... because this is NoSQL.
SQL = None # SQL not needed... because this is NoSQL.

verbose = False
skip = False
skip = False
result = {}
db = None

def do_check(self):
LATEST_VERSION = '1.6.1'
version_number = self.db.version()

if version_number:
latest = LATEST_VERSION.split('.')
thisdb = version_number.split('.')

if int(thisdb[0]) < int(latest[0]):
self.result['level'] = 'RED'
self.result['output'] = '%s very old version.' % (version_number)

elif int(thisdb[1]) < int(latest[1]):
self.result['level'] = 'YELLOW'
self.result['output'] = '%s old version.' % (version_number)

elif int(thisdb[2]) < int(latest[2]):
self.result['level'] = 'YELLOW'
self.result['output'] = '%s slightly old version.' % (version_number)

else:
self.result['level'] = 'GREEN'
self.result['output'] = '%s recent version.' % (version_number)

return self.result

def __init__(self, parent):
print('Performing check: ' + self.TITLE)
self.db = parent.db
@@ -1,11 +1,12 @@
import ConfigParser


class check_information_bind_ip():
"""
check_information_bind_ip:
If your system has multiple network interfaces you can use the "bind_ip" option
to restrict your couchdb server to listen only on the interfaces that are
relevant. By default couchdb will bind to the loopback interface (127.0.0.1 or
relevant. By default couchdb will bind to the loopback interface (127.0.0.1 or
localhost).
"""
# References:
@@ -14,38 +15,38 @@ class check_information_bind_ip():
TITLE = 'Bind IP'
CATEGORY = 'Information'
TYPE = 'configuration_file'
SQL = None # SQL not needed... because this is NoSQL.
SQL = None # SQL not needed... because this is NoSQL.

verbose = False
skip = False
skip = False
result = {}

def do_check(self, configuration_file):
configuration = ConfigParser.ConfigParser()

try:
configuration.read(configuration_file)
configuration.read(configuration_file)

except ConfigParser.ParsingError as e:
if self.verbose:
print('Ignoring parsing errors:\n' + str(e))

try:
bind_address = configuration.get('httpd', 'bind_address')

if '127.0.0.1' == bind_address or 'localhost' == bind_address:
if '127.0.0.1' == bind_address or 'localhost' == bind_address:
self.result['level'] = 'GREEN'
self.result['output'] = 'Database listening on localhost only. (' + str(bind_address) + ')'
else:
self.result['level'] = 'YELLOW'
self.result['output'] = 'Database listening is not localhost only (' + str(bind_address) + ')'
except ConfigParser.NoOptionError as e:

except ConfigParser.NoOptionError as e:
self.result['level'] = 'GREEN'
self.result['output'] = 'bind-address option not set, default is 127.0.0.1 or localhost.'

return self.result

def __init__(self, parent):
print('Performing check: ' + self.TITLE)

0 comments on commit 9bb2246

Please sign in to comment.
You can’t perform that action at this time.