187 lines
6.9 KiB
Python
187 lines
6.9 KiB
Python
import requests
|
|
import uuid
|
|
import time
|
|
import json
|
|
from datetime import datetime
|
|
|
|
def enumerate_supabase_users():
|
|
base_url = "http://localhost:3000/api/v1/public/user-player"
|
|
found_users = []
|
|
total_requests = 0
|
|
|
|
print("🔍 STARTE USER ENUMERATION ÜBER SUPABASE USER IDS")
|
|
print("=" * 60)
|
|
print(f"Zeit: {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}")
|
|
print(f"Target: {base_url}")
|
|
print("=" * 60)
|
|
|
|
# Teste verschiedene UUID-Patterns
|
|
test_uuids = [
|
|
str(uuid.uuid4()) for _ in range(1000) # Zufällige UUIDs
|
|
]
|
|
|
|
print(f"📊 Teste {len(test_uuids)} UUIDs...")
|
|
print("-" * 60)
|
|
|
|
for i, uuid_str in enumerate(test_uuids, 1):
|
|
try:
|
|
response = requests.get(f"{base_url}/{uuid_str}", timeout=5)
|
|
total_requests += 1
|
|
|
|
if response.status_code == 200:
|
|
user_data = response.json()
|
|
if user_data.get("success"):
|
|
found_users.append(user_data["data"])
|
|
user = user_data["data"]
|
|
print(f"✅ [{i:4d}] USER GEFUNDEN!")
|
|
print(f" UUID: {uuid_str}")
|
|
print(f" Name: {user['firstname']} {user['lastname']}")
|
|
print(f" ID: {user['id']}")
|
|
print(f" RFID: {user['rfiduid']}")
|
|
print(f" Geburtsdatum: {user['birthdate']}")
|
|
print(f" Leaderboard: {user['show_in_leaderboard']}")
|
|
print("-" * 60)
|
|
else:
|
|
if i % 100 == 0: # Fortschritt alle 100 Requests
|
|
print(f"⏳ [{i:4d}] Kein User gefunden (Fortschritt: {i}/{len(test_uuids)})")
|
|
else:
|
|
if i % 100 == 0:
|
|
print(f"❌ [{i:4d}] HTTP {response.status_code} (Fortschritt: {i}/{len(test_uuids)})")
|
|
|
|
except requests.exceptions.RequestException as e:
|
|
print(f"🔥 [{i:4d}] Fehler bei UUID {uuid_str}: {e}")
|
|
continue
|
|
|
|
print("\n" + "=" * 60)
|
|
print("📈 ENUMERATION ABGESCHLOSSEN")
|
|
print("=" * 60)
|
|
print(f"Total Requests: {total_requests}")
|
|
print(f"Gefundene Users: {len(found_users)}")
|
|
print(f"Erfolgsrate: {(len(found_users)/total_requests*100):.2f}%" if total_requests > 0 else "0%")
|
|
|
|
if found_users:
|
|
print("\n🎯 GEFUNDENE USERS:")
|
|
print("-" * 60)
|
|
for i, user in enumerate(found_users, 1):
|
|
print(f"{i}. {user['firstname']} {user['lastname']}")
|
|
print(f" ID: {user['id']} | RFID: {user['rfiduid']} | Geburtstag: {user['birthdate']}")
|
|
print("-" * 60)
|
|
|
|
# Speichere Ergebnisse in Datei
|
|
timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")
|
|
filename = f"enumerated_users_{timestamp}.json"
|
|
with open(filename, 'w', encoding='utf-8') as f:
|
|
json.dump(found_users, f, indent=2, ensure_ascii=False)
|
|
print(f"💾 Ergebnisse gespeichert in: {filename}")
|
|
else:
|
|
print("\n❌ Keine Users gefunden")
|
|
|
|
print(f"\n⏰ Abgeschlossen um: {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}")
|
|
|
|
return found_users
|
|
|
|
def enumerate_rfid_uids(api_key, max_attempts=100):
|
|
"""RFID UID Enumeration (benötigt gültigen API-Key)"""
|
|
base_url = "http://localhost:3000/api/v1/private/users/find"
|
|
found_rfids = []
|
|
|
|
print("\n🔍 STARTE RFID UID ENUMERATION")
|
|
print("=" * 60)
|
|
print(f"Zeit: {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}")
|
|
print(f"Target: {base_url}")
|
|
print(f"API-Key: {api_key[:10]}...")
|
|
print("=" * 60)
|
|
|
|
# Generiere RFID UIDs zum Testen
|
|
for i in range(1, max_attempts + 1):
|
|
# Generiere RFID im Format AA:BB:CC:XX
|
|
rfid_uid = f"AA:BB:CC:{i:02X}"
|
|
|
|
try:
|
|
response = requests.post(
|
|
base_url,
|
|
headers={
|
|
"Authorization": f"Bearer {api_key}",
|
|
"Content-Type": "application/json"
|
|
},
|
|
json={"uid": rfid_uid},
|
|
timeout=5
|
|
)
|
|
|
|
if response.status_code == 200:
|
|
data = response.json()
|
|
if data.get("success") and data.get("data", {}).get("exists"):
|
|
found_rfids.append(data["data"])
|
|
user = data["data"]
|
|
print(f"✅ [{i:3d}] RFID GEFUNDEN!")
|
|
print(f" RFID: {rfid_uid}")
|
|
print(f" Name: {user['firstname']} {user['lastname']}")
|
|
print(f" Alter: {user['alter']}")
|
|
print("-" * 60)
|
|
else:
|
|
if i % 20 == 0: # Fortschritt alle 20 Requests
|
|
print(f"⏳ [{i:3d}] Kein User für RFID {rfid_uid}")
|
|
else:
|
|
print(f"❌ [{i:3d}] HTTP {response.status_code} für RFID {rfid_uid}")
|
|
|
|
except requests.exceptions.RequestException as e:
|
|
print(f"🔥 [{i:3d}] Fehler bei RFID {rfid_uid}: {e}")
|
|
continue
|
|
|
|
print("\n📈 RFID ENUMERATION ABGESCHLOSSEN")
|
|
print(f"Gefundene RFIDs: {len(found_rfids)}")
|
|
|
|
return found_rfids
|
|
|
|
def test_admin_login():
|
|
"""Teste Admin Login Enumeration"""
|
|
base_url = "http://localhost:3000/api/v1/public/login"
|
|
|
|
# Häufige Admin-Usernamen
|
|
admin_usernames = [
|
|
"admin", "administrator", "root", "user", "test", "demo",
|
|
"admin1", "admin2", "superuser", "manager", "operator"
|
|
]
|
|
|
|
print("\n🔍 TESTE ADMIN LOGIN ENUMERATION")
|
|
print("=" * 60)
|
|
|
|
for username in admin_usernames:
|
|
try:
|
|
start_time = time.time()
|
|
response = requests.post(
|
|
base_url,
|
|
json={"username": username, "password": "wrongpassword"},
|
|
timeout=5
|
|
)
|
|
end_time = time.time()
|
|
response_time = (end_time - start_time) * 1000 # in ms
|
|
|
|
print(f"👤 {username:12} | Status: {response.status_code:3d} | Zeit: {response_time:6.1f}ms")
|
|
|
|
if response.status_code == 200:
|
|
print(f" ⚠️ MÖGLICHERWEISE GÜLTIGER USERNAME!")
|
|
|
|
except Exception as e:
|
|
print(f"🔥 Fehler bei {username}: {e}")
|
|
|
|
# Führe Enumeration aus
|
|
if __name__ == "__main__":
|
|
print("🚨 NINJA SERVER SECURITY AUDIT - USER ENUMERATION")
|
|
print("⚠️ WARNUNG: Nur für autorisierte Sicherheitstests!")
|
|
print()
|
|
|
|
# 1. Supabase User ID Enumeration
|
|
found_users = enumerate_supabase_users()
|
|
|
|
# 2. Admin Login Test
|
|
test_admin_login()
|
|
|
|
# 3. RFID Enumeration (nur mit gültigem API-Key)
|
|
api_key = input("\n🔑 API-Key für RFID Enumeration eingeben (oder Enter zum Überspringen): ").strip()
|
|
if api_key:
|
|
enumerate_rfid_uids(api_key, 50) # Teste nur 50 RFIDs
|
|
else:
|
|
print("⏭️ RFID Enumeration übersprungen")
|
|
|
|
print("\n🏁 AUDIT ABGESCHLOSSEN") |