search

codingo / NoSQLMap

Automated NoSQL database enumeration and web application exploitation tool.
GNU General Public License v3.0
2.82k stars 576 forks source link

ValueError: invalid literal for int() with base 10 / hostname with 4 parts seems to interpreted as IPv4 address #105

Closed drwetter closed 3 years ago

drwetter commented 4 years ago 
 _  _     ___  ___  _    __  __           
| \| |___/ __|/ _ \| |  |  \/  |__ _ _ __ 
| .` / _ \__ \ (_) | |__| |\/| / _` | '_ \
|_|\_\___/___/\__\_\____|_|  |_\__,_| .__/
 v0.7 codingo@protonmail.com        |_|   

1-Set options
2-NoSQL DB Access Attacks
3-NoSQL Web App attacks
4-Scan for Anonymous MongoDB Access
5-Change Platform (Current: MongoDB)
x-Exit
Select an option: 1

Options
1-Set target host/IP (Current: Not Set)
2-Set web app port (Current: 80)
3-Set App Path (Current: Not Set)
4-Toggle HTTPS (Current: OFF)
5-Set MongoDB Port (Current : 27017)
6-Set HTTP Request Method (GET/POST) (Current: GET)
7-Set my local MongoDB/Shell IP (Current: Not Set)
8-Set shell listener port (Current: Not Set)
9-Toggle Verbose Mode: (Current: OFF)
0-Load options file
a-Load options from saved Burp request
b-Save options file
h-Set headers
x-Back to main menu
Select an option: 1
Enter the host IP/DNS name: <REDACTED>

Traceback (most recent call last):
  File "nosqlmap.py", line 544, in <module>
    main(args)
  File "nosqlmap.py", line 47, in main
    mainMenu()
  File "nosqlmap.py", line 81, in mainMenu
    options()
  File "nosqlmap.py", line 279, in options
    if int(item) < 0 or int(item) > 255:
ValueError: invalid literal for int() with base 10: '<subdomain_of_redacted_hostname>'

Happens both on Debian 10 and with a docker image (via docker build).

Supplied hostname resolves fine but has probably not one A record but a CNAME record which has two A name records.

drwetter commented 4 years ago

My python is a bit vague. But If I just had a look at the code, it seems you're assuming that everything which has four "octets" qualifies for an IPv4 address. :-(

In my case the hostname is sub1.sub2.domain.tld.

If I edit if len(octets) != 4: to 5 and supply my hostname I do not see this error.

So you maybe want to check e.g. for numbers or real octets before.

bbeale commented 4 years ago

I have a fix for this. It seems to be working in this particular location -- when I get a chance later today I'll do some more testing and do the same fix in other places that take an IPV4 address before submitting my PR.

drwetter commented 4 years ago

@bbeale just a hint, before you check on numbers only and next occasion another dude has a similar problem: hostnames also can contain numbers. There are several regex patterns out there which seem to do a good job

bbeale commented 4 years ago

@drwetter thanks for the tip. I think the regex that I ended up using should be sufficient, but the fix I added went a step further with the validation. It may have been overkill. You're right though, there were several patterns just within the first couple search results.

drwetter commented 4 years ago

I had a similar problem once in my project and I found the patterns quite useful.

github-actions[bot] commented 3 years ago

Stale issue message