126 lines
5.1 KiB
Python
126 lines
5.1 KiB
Python
from autorecon.plugins import ServiceScan
|
|
|
|
class NmapMongoDB(ServiceScan):
|
|
|
|
def __init__(self):
|
|
super().__init__()
|
|
self.name = "Nmap MongoDB"
|
|
self.tags = ['default', 'safe', 'databases']
|
|
|
|
def configure(self):
|
|
self.match_service_name('^mongod')
|
|
|
|
async def run(self, service):
|
|
await service.execute('nmap {nmap_extra} -sV -p {port} --script="banner,(mongodb* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_mongodb_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_mongodb_nmap.xml" {address}')
|
|
|
|
class NmapMSSQL(ServiceScan):
|
|
|
|
def __init__(self):
|
|
super().__init__()
|
|
self.name = "Nmap MSSQL"
|
|
self.tags = ['default', 'safe', 'databases']
|
|
|
|
def configure(self):
|
|
self.match_service_name(['^mssql', '^ms\-sql'])
|
|
|
|
def manual(self, service, plugin_was_run):
|
|
if service.target.ipversion == 'IPv4':
|
|
service.add_manual_command('(sqsh) interactive database shell:', 'sqsh -U <username> -P <password> -S {address}:{port}')
|
|
|
|
async def run(self, service):
|
|
await service.execute('nmap {nmap_extra} -sV -p {port} --script="banner,(ms-sql* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" --script-args="mssql.instance-port={port},mssql.username=sa,mssql.password=sa" -oN "{scandir}/{protocol}_{port}_mssql_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_mssql_nmap.xml" {address}')
|
|
|
|
class NmapMYSQL(ServiceScan):
|
|
|
|
def __init__(self):
|
|
super().__init__()
|
|
self.name = "Nmap MYSQL"
|
|
self.tags = ['default', 'safe', 'databases']
|
|
|
|
def configure(self):
|
|
self.match_service_name('^mysql')
|
|
|
|
def manual(self, service, plugin_was_run):
|
|
if service.target.ipversion == 'IPv4':
|
|
service.add_manual_command('(sqsh) interactive database shell:', 'sqsh -U <username> -P <password> -S {address}:{port}')
|
|
|
|
async def run(self, service):
|
|
await service.execute('nmap {nmap_extra} -sV -p {port} --script="banner,(mysql* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_mysql_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_mysql_nmap.xml" {address}')
|
|
|
|
class NmapOracle(ServiceScan):
|
|
|
|
def __init__(self):
|
|
super().__init__()
|
|
self.name = "Nmap Oracle"
|
|
self.tags = ['default', 'safe', 'databases']
|
|
|
|
def configure(self):
|
|
self.match_service_name('^oracle')
|
|
|
|
def manual(self, service, plugin_was_run):
|
|
service.add_manual_command('Brute-force SIDs using Nmap:', 'nmap {nmap_extra} -sV -p {port} --script="banner,oracle-sid-brute" -oN "{scandir}/{protocol}_{port}_oracle_sid-brute_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_oracle_sid-brute_nmap.xml" {address}')
|
|
|
|
async def run(self, service):
|
|
await service.execute('nmap {nmap_extra} -sV -p {port} --script="banner,(oracle* or ssl*) and not (brute or broadcast or dos or external or fuzzer)" -oN "{scandir}/{protocol}_{port}_oracle_nmap.txt" -oX "{scandir}/xml/{protocol}_{port}_oracle_nmap.xml" {address}')
|
|
|
|
class OracleTNScmd(ServiceScan):
|
|
|
|
def __init__(self):
|
|
super().__init__()
|
|
self.name = "Oracle TNScmd"
|
|
self.tags = ['default', 'safe', 'databases']
|
|
|
|
def configure(self):
|
|
self.match_service_name('^oracle')
|
|
|
|
async def run(self, service):
|
|
if service.target.ipversion == 'IPv4':
|
|
await service.execute('tnscmd10g ping -h {address} -p {port} 2>&1', outfile='{protocol}_{port}_oracle_tnscmd_ping.txt')
|
|
await service.execute('tnscmd10g version -h {address} -p {port} 2>&1', outfile='{protocol}_{port}_oracle_tnscmd_version.txt')
|
|
|
|
class OracleScanner(ServiceScan):
|
|
|
|
def __init__(self):
|
|
super().__init__()
|
|
self.name = "Oracle Scanner"
|
|
self.tags = ['default', 'safe', 'databases']
|
|
|
|
def configure(self):
|
|
self.match_service_name('^oracle')
|
|
|
|
async def run(self, service):
|
|
await service.execute('oscanner -v -s {address} -P {port} 2>&1', outfile='{protocol}_{port}_oracle_scanner.txt')
|
|
|
|
class OracleODAT(ServiceScan):
|
|
|
|
def __init__(self):
|
|
super().__init__()
|
|
self.name = "Oracle ODAT"
|
|
self.tags = ['default', 'safe', 'databases']
|
|
|
|
def configure(self):
|
|
self.match_service_name('^oracle')
|
|
|
|
def manual(self, service, plugin_was_run):
|
|
service.add_manual_commands('Install ODAT (https://github.com/quentinhardy/odat) and run the following commands:', [
|
|
'python odat.py tnscmd -s {address} -p {port} --ping',
|
|
'python odat.py tnscmd -s {address} -p {port} --version',
|
|
'python odat.py tnscmd -s {address} -p {port} --status',
|
|
'python odat.py sidguesser -s {address} -p {port}',
|
|
'python odat.py passwordguesser -s {address} -p {port} -d <sid> --accounts-file accounts/accounts_multiple.txt',
|
|
'python odat.py tnspoison -s {address} -p {port} -d <sid> --test-module'
|
|
])
|
|
|
|
class OraclePatator(ServiceScan):
|
|
|
|
def __init__(self):
|
|
super().__init__()
|
|
self.name = "Oracle Patator"
|
|
self.tags = ['default', 'databases']
|
|
|
|
def configure(self):
|
|
self.match_service_name('^oracle')
|
|
|
|
def manual(self, service, plugin_was_run):
|
|
service.add_manual_command('Install Oracle Instant Client (https://github.com/rapid7/metasploit-framework/wiki/How-to-get-Oracle-Support-working-with-Kali-Linux) and then bruteforce with patator:', 'patator oracle_login host={address} port={port} user=COMBO00 password=COMBO01 0=/usr/share/seclists/Passwords/Default-Credentials/oracle-betterdefaultpasslist.txt -x ignore:code=ORA-01017 -x ignore:code=ORA-28000')
|