-
Notifications
You must be signed in to change notification settings - Fork 4
/
Elasticsearch.cs
71 lines (67 loc) · 3.41 KB
/
Elasticsearch.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
namespace Reecon
{
class Elasticsearch // Port 9200
{
public static (string, string) GetInfo(string ip, int port)
{
string returnString = "";
// Get basic data
string pageData = Web.DownloadString($"http://{ip}:{port}/").Text;
returnString = "- Bug Reelix to fix this (Ref: OSINT Json)";
/*
//ElasticSearchObject theObject = JsonSerializer.Deserialize<ElasticSearchObject>(pageData);
ElasticSearchObject theObject = (ElasticSearchObject)JsonSerializer.Deserialize(pageData, typeof(ElasticSearchObject));
// Simialr formatting to nmap
returnString += $"- Version: {theObject.version.number} (name: {theObject.name}; cluster: {theObject.cluster_name}; Lucene: {theObject.version.lucene_version}){Environment.NewLine}";
// https://nvd.nist.gov/vuln/detail/CVE-2015-5531
// Directory traversal vulnerability in Elasticsearch before 1.6.1
// https://www.exploit-db.com/exploits/38383
// Get indices
string indexData = Web.DownloadString($"http://{ip}:{port}/_cat/indices").Text; // ?v for non-ordered data
List<string> indexList = indexData.Split(Environment.NewLine.ToCharArray()).ToList();
// Remove any empty indices
indexList = indexList.Where(x => x.Length != 0).ToList();
returnString += $"- Indexes: {indexList.Count}" + Environment.NewLine;
foreach (string index in indexList)
{
List <string> items = index.Split(' ').ToList();
// Remove any empty items
items = items.Where(x => !string.IsNullOrWhiteSpace(x)).ToList();
// ?v -> Health, Status, Index, UUID, Pri, Rep, docs.count, docs.deleted, store.size, pri.store.size
string indexName = items[2];
string indexItems = items[6];
returnString += $"-- Index: {indexName} ({indexItems} items){Environment.NewLine}";
returnString += $"--- http://{ip}:9200/{indexName}/_search/?pretty&size={indexItems}{Environment.NewLine}";
}
returnString = returnString.Trim(Environment.NewLine.ToCharArray());
*/
return ("Elasticsearch", returnString);
}
}
#pragma warning disable IDE1006 // Naming Styles are supressed since these are case sensitive
public class ElasticSearchObject
{
public string name { get; set; }
public string cluster_name { get; set; }
public string cluster_uuid { get; set; }
public ElasticSearchObjectVersion version { get; set; }
public string tagline { get; set; }
}
public class ElasticSearchObjectVersion
{
public string number { get; set; }
public string build_flavor { get; set; }
public string build_type { get; set; }
public string build_hash { get; set; }
public DateTime build_date { get; set; }
public bool build_snapshot { get; set; }
public string lucene_version { get; set; }
public string minimum_wire_compatibility_version { get; set; }
public string minimum_index_compatibility_version { get; set; }
}
#pragma warning restore IDE1006 // Naming Styles
}