9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%
Gets database tables from a CouchDB database.
For more info about the CouchDB HTTP API, see <http://wiki.apache.org/couchdb/HTTP_database_API>.
See the documentation for the slaxml library.
See the documentation for the http library.
See the documentation for the smbauth library.
nmap -p 5984 --script "couchdb-databases.nse" <host>
PORT STATE SERVICE REASON
5984/tcp open unknown syn-ack
| couchdb-databases:
| 1 = test_suite_db
| 2 = test_suite_db_a
| 3 = test_suite_db/with_slashes
| 4 = moneyz
| 5 = creditcards
| 6 = test_suite_users
|_ 7 = test_suite_db_b
local http = require "http"
local json = require "json"
local nmap = require "nmap"
local shortport = require "shortport"
local stdnse = require "stdnse"
local table = require "table"
description = [[
Gets database tables from a CouchDB database.
For more info about the CouchDB HTTP API, see
http://wiki.apache.org/couchdb/HTTP_database_API.
]]
---
-- @usage
-- nmap -p 5984 --script "couchdb-databases.nse" <host>
-- @output
-- PORT STATE SERVICE REASON
-- 5984/tcp open unknown syn-ack
-- | couchdb-databases:
-- | 1 = test_suite_db
-- | 2 = test_suite_db_a
-- | 3 = test_suite_db/with_slashes
-- | 4 = moneyz
-- | 5 = creditcards
-- | 6 = test_suite_users
-- |_ 7 = test_suite_db_b
-- version 0.2
-- Created 01/12/2010 - v0.1 - created by Martin Holst Swende <[email protected]>
-- TODO : Authentication not implemented
author = "Martin Holst Swende"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"discovery", "safe"}
portrule = shortport.port_or_service({5984})
-- Some lazy shortcuts
local dbg = stdnse.debug1
local DISCARD = {}
--- Removes uninteresting data from the table
-- uses the DISCARD table above to see what
-- keys should be omitted from the results
-- @param data a table containing data
--@return another table containing data, with some keys removed
local function queryResultToTable(data)
local result = {}
for k,v in pairs(data) do
dbg("(%s,%s)",k,tostring(v))
if DISCARD[k] ~= 1 then
if type(v) == 'table' then
table.insert(result,k)
table.insert(result,queryResultToTable(v))
else
table.insert(result,(("%s = %s"):format(tostring(k), tostring(v))))
end
end
end
return result
end
action = function(host, port)
local data, result, err
dbg("Requesting all databases")
data = http.get( host, port, '/_all_dbs' )
-- check that body was received
if not data.body or data.body == "" then
local msg = ("%s did not respond with any data."):format(host.targetname or host.ip )
dbg( msg )
return msg
end
-- The html body should look like this :
-- ["somedatabase", "anotherdatabase"]
local status, result = json.parse(data.body)
if not status then
dbg(result)
return result
end
-- Here we know it is a couchdb
port.version.name ='httpd'
port.version.product='Apache CouchDB'
nmap.set_port_version(host,port)
-- We have a valid table in result containing the parsed json
-- now, get all the interesting bits
result = queryResultToTable(result)
return stdnse.format_output(true, result )
end
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%