import requests import uuid import time import json from datetime import datetime def enumerate_supabase_users(): base_url = "http://localhost:3000/api/v1/public/user-player" found_users = [] total_requests = 0 print("🔍 STARTE USER ENUMERATION ÜBER SUPABASE USER IDS") print("=" * 60) print(f"Zeit: {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}") print(f"Target: {base_url}") print("=" * 60) # Teste verschiedene UUID-Patterns test_uuids = [ str(uuid.uuid4()) for _ in range(1000) # Zufällige UUIDs ] print(f"📊 Teste {len(test_uuids)} UUIDs...") print("-" * 60) for i, uuid_str in enumerate(test_uuids, 1): try: response = requests.get(f"{base_url}/{uuid_str}", timeout=5) total_requests += 1 if response.status_code == 200: user_data = response.json() if user_data.get("success"): found_users.append(user_data["data"]) user = user_data["data"] print(f"✅ [{i:4d}] USER GEFUNDEN!") print(f" UUID: {uuid_str}") print(f" Name: {user['firstname']} {user['lastname']}") print(f" ID: {user['id']}") print(f" RFID: {user['rfiduid']}") print(f" Geburtsdatum: {user['birthdate']}") print(f" Leaderboard: {user['show_in_leaderboard']}") print("-" * 60) else: if i % 100 == 0: # Fortschritt alle 100 Requests print(f"⏳ [{i:4d}] Kein User gefunden (Fortschritt: {i}/{len(test_uuids)})") else: if i % 100 == 0: print(f"❌ [{i:4d}] HTTP {response.status_code} (Fortschritt: {i}/{len(test_uuids)})") except requests.exceptions.RequestException as e: print(f"🔥 [{i:4d}] Fehler bei UUID {uuid_str}: {e}") continue print("\n" + "=" * 60) print("📈 ENUMERATION ABGESCHLOSSEN") print("=" * 60) print(f"Total Requests: {total_requests}") print(f"Gefundene Users: {len(found_users)}") print(f"Erfolgsrate: {(len(found_users)/total_requests*100):.2f}%" if total_requests > 0 else "0%") if found_users: print("\n🎯 GEFUNDENE USERS:") print("-" * 60) for i, user in enumerate(found_users, 1): print(f"{i}. {user['firstname']} {user['lastname']}") print(f" ID: {user['id']} | RFID: {user['rfiduid']} | Geburtstag: {user['birthdate']}") print("-" * 60) # Speichere Ergebnisse in Datei timestamp = datetime.now().strftime("%Y%m%d_%H%M%S") filename = f"enumerated_users_{timestamp}.json" with open(filename, 'w', encoding='utf-8') as f: json.dump(found_users, f, indent=2, ensure_ascii=False) print(f"💾 Ergebnisse gespeichert in: {filename}") else: print("\n❌ Keine Users gefunden") print(f"\n⏰ Abgeschlossen um: {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}") return found_users def enumerate_rfid_uids(api_key, max_attempts=100): """RFID UID Enumeration (benötigt gültigen API-Key)""" base_url = "http://localhost:3000/api/v1/private/users/find" found_rfids = [] print("\n🔍 STARTE RFID UID ENUMERATION") print("=" * 60) print(f"Zeit: {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}") print(f"Target: {base_url}") print(f"API-Key: {api_key[:10]}...") print("=" * 60) # Generiere RFID UIDs zum Testen for i in range(1, max_attempts + 1): # Generiere RFID im Format AA:BB:CC:XX rfid_uid = f"AA:BB:CC:{i:02X}" try: response = requests.post( base_url, headers={ "Authorization": f"Bearer {api_key}", "Content-Type": "application/json" }, json={"uid": rfid_uid}, timeout=5 ) if response.status_code == 200: data = response.json() if data.get("success") and data.get("data", {}).get("exists"): found_rfids.append(data["data"]) user = data["data"] print(f"✅ [{i:3d}] RFID GEFUNDEN!") print(f" RFID: {rfid_uid}") print(f" Name: {user['firstname']} {user['lastname']}") print(f" Alter: {user['alter']}") print("-" * 60) else: if i % 20 == 0: # Fortschritt alle 20 Requests print(f"⏳ [{i:3d}] Kein User für RFID {rfid_uid}") else: print(f"❌ [{i:3d}] HTTP {response.status_code} für RFID {rfid_uid}") except requests.exceptions.RequestException as e: print(f"🔥 [{i:3d}] Fehler bei RFID {rfid_uid}: {e}") continue print("\n📈 RFID ENUMERATION ABGESCHLOSSEN") print(f"Gefundene RFIDs: {len(found_rfids)}") return found_rfids def test_admin_login(): """Teste Admin Login Enumeration""" base_url = "http://localhost:3000/api/v1/public/login" # Häufige Admin-Usernamen admin_usernames = [ "admin", "administrator", "root", "user", "test", "demo", "admin1", "admin2", "superuser", "manager", "operator" ] print("\n🔍 TESTE ADMIN LOGIN ENUMERATION") print("=" * 60) for username in admin_usernames: try: start_time = time.time() response = requests.post( base_url, json={"username": username, "password": "wrongpassword"}, timeout=5 ) end_time = time.time() response_time = (end_time - start_time) * 1000 # in ms print(f"👤 {username:12} | Status: {response.status_code:3d} | Zeit: {response_time:6.1f}ms") if response.status_code == 200: print(f" ⚠️ MÖGLICHERWEISE GÜLTIGER USERNAME!") except Exception as e: print(f"🔥 Fehler bei {username}: {e}") # Führe Enumeration aus if __name__ == "__main__": print("🚨 NINJA SERVER SECURITY AUDIT - USER ENUMERATION") print("⚠️ WARNUNG: Nur für autorisierte Sicherheitstests!") print() # 1. Supabase User ID Enumeration found_users = enumerate_supabase_users() # 2. Admin Login Test test_admin_login() # 3. RFID Enumeration (nur mit gültigem API-Key) api_key = input("\n🔑 API-Key für RFID Enumeration eingeben (oder Enter zum Überspringen): ").strip() if api_key: enumerate_rfid_uids(api_key, 50) # Teste nur 50 RFIDs else: print("⏭️ RFID Enumeration übersprungen") print("\n🏁 AUDIT ABGESCHLOSSEN")