1 files changed, 97 insertions, 0 deletions
diff --git a/scripts/couchdb-databases.nse b/scripts/couchdb-databases.nse
new file mode 100644
index 0000000..c53c04b
--- /dev/null
+++ b/scripts/couchdb-databases.nse
@@ -0,0 +1,97 @@
+local http = require "http"
+local json = require "json"
+local nmap = require "nmap"
+local shortport = require "shortport"
+local stdnse = require "stdnse"
+local table = require "table"
+
+description = [[
+Gets database tables from a CouchDB database.
+
+For more info about the CouchDB HTTP API, see
+http://wiki.apache.org/couchdb/HTTP_database_API.
+]]
+
+---
+-- @usage
+-- nmap -p 5984 --script "couchdb-databases.nse" <host>
+-- @output
+-- PORT      STATE SERVICE REASON
+-- 5984/tcp open  unknown syn-ack
+-- | couchdb-databases:
+-- |   1 = test_suite_db
+-- |   2 = test_suite_db_a
+-- |   3 = test_suite_db/with_slashes
+-- |   4 = moneyz
+-- |   5 = creditcards
+-- |   6 = test_suite_users
+-- |_  7 = test_suite_db_b
+
+-- version 0.2
+-- Created 01/12/2010 - v0.1 - created by Martin Holst Swende <martin@swende.se>
+
+-- TODO : Authentication not implemented
+
+author = "Martin Holst Swende"
+license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
+categories = {"discovery", "safe"}
+
+portrule = shortport.port_or_service({5984})
+-- Some lazy shortcuts
+local dbg = stdnse.debug1
+
+local DISCARD = {}
+--- Removes uninteresting data from the table
+-- uses the DISCARD table above to see what
+-- keys should be omitted from the results
+-- @param data a table containing data
+--@return another table containing data, with some keys removed
+local function queryResultToTable(data)
+  local result = {}
+  for k,v in pairs(data) do
+    dbg("(%s,%s)",k,tostring(v))
+    if DISCARD[k] ~= 1 then
+      if type(v) == 'table' then
+        table.insert(result,k)
+        table.insert(result,queryResultToTable(v))
+      else
+        table.insert(result,(("%s = %s"):format(tostring(k), tostring(v))))
+      end
+    end
+  end
+  return result
+end
+
+action = function(host, port)
+  local data, result, err
+  dbg("Requesting all databases")
+  data = http.get( host, port, '/_all_dbs' )
+
+  -- check that body was received
+  if not data.body or data.body == "" then
+    local msg = ("%s did not respond with any data."):format(host.targetname or host.ip )
+    dbg( msg )
+    return  msg
+  end
+
+  -- The html body should look like this :
+  -- ["somedatabase", "anotherdatabase"]
+
+  local status, result = json.parse(data.body)
+  if not status then
+    dbg(result)
+    return result
+  end
+
+  -- Here we know it is a couchdb
+  port.version.name ='httpd'
+  port.version.product='Apache CouchDB'
+  nmap.set_port_version(host,port)
+
+  -- We have a valid table in result containing the parsed json
+  -- now, get all the interesting bits
+
+  result = queryResultToTable(result)
+
+  return stdnse.format_output(true, result )
+end