CHips L MINI SHELL

CHips L pro

Current Path : /usr/share/nmap/scripts/
Upload File :
Current File : //usr/share/nmap/scripts/couchdb-stats.nse

description = [[
Gets database statistics from a CouchDB database.

For more info about the CouchDB HTTP API and the statistics, see 
http://wiki.apache.org/couchdb/Runtime_Statistics
and
http://wiki.apache.org/couchdb/HTTP_database_API.
]]

---
-- @usage
-- nmap -p 5984 --script "couchdb-stats.nse" <host>
-- @output
-- PORT     STATE SERVICE REASON
-- 5984/tcp open  httpd   syn-ack
-- | couchdb-stats:  
-- |   httpd_request_methods
-- |     GET (number of HTTP GET requests)
-- |       current = 5
-- |       count = 1617
-- |   couchdb
-- |     request_time (length of a request inside CouchDB without MochiWeb)
-- |       current = 1
-- |       count = 5
-- |   httpd_status_codes
-- |     200 (number of HTTP 200 OK responses)
-- |       current = 5
-- |       count = 1617
-- |   httpd
-- |     requests (number of HTTP requests)
-- |       current = 5
-- |       count = 1617
-- |_  Authentication : NOT enabled ('admin party')

-- version 0.3
--
-- Created 01/20/2010 - v0.1 - created by Martin Holst Swende <martin@swende.se>
-- Modified 07/02/2010 - v0.2 - added test if auth is enabled, compacted output a bit (mhs)

author = "Martin Holst Swende"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"discovery", "safe"}
require "shortport"
require "http"
require "json"
portrule = shortport.port_or_service({5984})
-- Some lazy shortcuts
local function dbg(str,...)
	stdnse.print_debug("couchdb-stats:"..str, unpack(arg))
end


local DISCARD = {stddev=1,min=1,max=1, mean=1}
--- Removes uninteresting data from the table
-- uses the DISCARD table above to see what
-- keys should be omitted from the results
-- @param data a table containg data
--@return another table containing data, with some keys removed
local function queryResultToTable(data)
	local result = {}
	for k,v in pairs(data) do
		dbg("(%s,%s)",k,tostring(v))
		if DISCARD[k] ~= 1 then
			if type(v) == 'table' then
				if v["description"] ~= nil then
					k = string.format("%s (%s)",tostring(k), tostring(v["description"]))
					v["description"] = nil
				end
				table.insert(result,k)
				table.insert(result,queryResultToTable(v))
			else
				table.insert(result,(("%s = %s"):format(tostring(k), tostring(v))))
			end
		end
	end
	return result
end


action = function(host, port)
	local data, result, err
	
	data = http.get( host, port, '/_stats' )
	
	-- check that body was received
	if not data.body or data.body == "" then
		local msg = ("%s did not respond with any data."):format(hostrgetname or host.ip )
		dbg( msg ) 
		return  msg
	end
	
	-- The html body should look like this : 
	--
	--{"httpd_status_codes":{"200":{"current":10,"count":29894,"mean":0.0003345152873486337,"min":0,"max":1,"stddev":0.01828669972606202,"description":"number of HTTP 200 OK responses"},"500":{"current":1,"count":28429,"mean":0.00003517534911534013,"min":0,"max":1,"stddev":0.005930776661631644,"description":"number of HTTP 500 Internal Server Error responses"}},"httpd_request_methods":{"GET":{"current":12,"count":29894,"mean":0.00040141834481835866,"min":0,"max":2,"stddev":0.02163701147572207,"description":"number of HTTP GET requests"}},"httpd":{"requests":{"current":12,"count":29894,"mean":0.00040141834481835866,"min":0,"max":2,"stddev":0.02163701147572207,"description":"number of HTTP requests"}},"couchdb":{"request_time":{"current":23,"count":12,"mean":32.58333333333333,"min":1,"max":287,"stddev":77.76723638882608,"description":"length of a request inside CouchDB without MochiWeb"}}}

	local status, result = json.parse(data.body)
	if not status then
		dbg(result)
		return result
	end
	
	-- Here we know it is a couchdb
	port.version.name ='httpd'
	port.version.product='Apache CouchDB'
	nmap.set_port_version(host,port,'hardmatched')
	
	-- We have a valid table in result containing the parsed json
	-- now, get all the interesting bits		
	
	result = queryResultToTable(result)
	
	-- Additionally, we can check if authentication is used :
	-- The following actions are restricted if auth is used 
-- 	create db (PUT /database)
-- 	delete db (DELETE /database)
-- 	Creating a design document (PUT /database/_design/app)
-- 	Updating a design document (PUT /database/_design/app?rev=1-4E2)
-- 	Deleting a design document (DELETE /database/_design/app?rev=1-6A7)
-- 	Triggering compaction (POST /_compact)
-- 	Reading the task status list (GET /_active_tasks)
-- 	Restart the server (POST /_restart)
-- 	Read the active configuration (GET /_config)
-- 	Update the active configuration (PUT /_config)
	
	data = http.get( host, port, '/_config' ) 
	local status, authresult = json.parse(data.body)

	-- If authorization is used, we should get back something like
	-- {"error":"unauthorized","reason":"You are not a server admin."}
	-- Otherwise, a *lot* of data,  : 
-- 	{"httpd_design_handlers":{"_info":"{couch_httpd_db,   handle_design_info_req}",
-- 	"_list":"{couch_httpd_show, handle_view_list_req}","_show":"{couch_httpd_show, handle_doc_show_req}",
-- 	"_update":"{couch_httpd_show, handle_doc_update_req}","_view":"{couch_httpd_view, handle_view_req}"},
-- 	"httpd_global_handlers":{"/":"{couch_httpd_misc_handlers, handle_welcome_req, <<\"Welcome\">>}",
-- 	"_active_tasks":"{couch_httpd_misc_handlers, handle_task_status_req}",
-- 	"_all_dbs":"{couch_httpd_misc_handlers, handle_all_dbs_req}",
-- 	"_config":"{couch_httpd_misc_handlers, handle_config_req}",
-- 	"_log":"{couch_httpd_misc_handlers, handle_log_req}","_oauth":"{couch_httpd_oauth, handle_oauth_req}",
-- 	"_replicate":"{couch_httpd_misc_handlers, handle_replicate_req}","_restart":"{couch_httpd_misc_handlers, handle_restart_req}",
-- 	"_session":"{couch_httpd_auth, handle_session_req}","_sleep":"{couch_httpd_misc_handlers, handle_sleep_req}",
-- 	"_stats":"{couch_httpd_stats_handlers, handle_stats_req}","_user":"{couch_httpd_auth, handle_user_req}",
-- 	"_utils":"{couch_httpd_misc_handlers, handle_utils_dir_req, \"/usr/share/couchdb/www\"}",
-- 	"_uuids":"{couch_httpd_misc_handlers, handle_uuids_req}","favicon.ico":"{couch_httpd_misc_handlers, handle_favicon_req, \"/usr/share/couchdb/www\"}"},
-- 	"query_server_config":{"reduce_limit":"true"},"log":{"file":"/var/log/couchdb/0.10.0/couch.log","level":"info"},
-- 	"query_servers":{"javascript":"/usr/bin/couchjs /usr/share/couchdb/server/main.js"},
-- 	"daemons":{"batch_save":"{couch_batch_save_sup, start_link, []}","db_update_notifier":"{couch_db_update_notifier_sup, start_link, []}",
-- 	"external_manager":"{couch_external_manager, start_link, []}","httpd":"{couch_httpd, start_link, []}",
-- 	"query_servers":"{couch_query_servers, start_link, []}","stats_aggregator":"{couch_stats_aggregator, start, []}",
-- 	"stats_collector":"{couch_stats_collector, start, []}","view_manager":"{couch_view, start_link, []}"},
-- 	"httpd":{"WWW-Authenticate":"Basic realm=\"administrator\"","authentication_handlers":"{couch_httpd_oauth, oauth_authentication_handler}, {couch_httpd_auth, default_authentication_handler}",
-- 	"bind_address":"127.0.0.1","default_handler":"{couch_httpd_db, handle_request}","port":"5984"},"httpd_db_handlers":{"_changes":"{couch_httpd_db, handle_changes_req}",
-- 	"_compact":"{couch_httpd_db, handle_compact_req}","_design":"{couch_httpd_db, handle_design_req}","_temp_view":"{couch_httpd_view, handle_temp_view_req}",
-- 	"_view":"{couch_httpd_view, handle_db_view_req}","_view_cleanup":"{couch_httpd_db, handle_view_cleanup_req}"},
-- 	"couch_httpd_auth":{"authentication_db":"users","require_valid_user":"false","secret":"replace this with a real secret in your local.ini file"},
-- 	"couchdb":{"batch_save_interval":"1000","batch_save_size":"1000","database_dir":"/var/lib/couchdb/0.10.0","delayed_commits":"true",
-- 	"max_attachment_chunk_size":"4294967296","max_dbs_open":"100","max_document_size":"4294967296",
-- 	"os_process_timeout":"5000","util_driver_dir":"/usr/lib/couchdb/erlang/lib/couch-0.10.0/priv/lib","view_index_dir":"/var/lib/couchdb/0.10.0"}}
	local auth = "Authentication : %s"
	local authEnabled = "unknown"

	if(status) then 
		if(authresult["error"] == "unauthorized") then authEnabled = "enabled"
		elseif (authresult["httpd_design_handlers"] ~= nil) then authEnabled = "NOT enabled ('admin party')" 
		end
	end
	table.insert(result, auth:format(authEnabled))
	return stdnse.format_output(true, result )
end

Copyright 2K16 - 2K18 Indonesian Hacker Rulez