ptelastic 0.0.20

Tool for testing Elasticsearch vulnerabilities and misconfigurations.

PTELASTIC

Security testing tool for identifying, fingerprinting, and exploiting vulnerabilities in Elasticsearch instances.
The tool:

• Identifies whether or not Elasticsearch is running on a host
• Identifies whether it is running on HTTP or HTTPS
• Identifies whether or not it has authentication enabled
• Enumerates:
  • Elasticsearch version
  • Modules, their version and description
  • Installed plugins and their version
  • Users, their roles and privileges
• Tests for the following CVEs:
  • CVE-2015-5531
  • CVE-2015-1427
  • CVE-2014-3120
  • CVE-2015-3337
  • any other CVE the host might be vulnerable to
• Dumps:
  • Structure of indices
  • Data from indices

Installation

pip install ptelastic

Adding to PATH

If you're unable to invoke the script from your terminal, it's likely because it's not included in your PATH. You can resolve this issue by executing the following commands, depending on the shell you're using:

For Bash Users

echo "export PATH=\"`python3 -m site --user-base`/bin:\$PATH\"" >> ~/.bashrc
source ~/.bashrc

For ZSH Users

echo "export PATH=\"`python3 -m site --user-base`/bin:\$PATH\"" >> ~/.zshrc
source ~/.zshrc

Usage examples

ptelastic -u https://www.example.com/

Options

   -u   --url                              <url>                             Connect to URL
   -ts  --tests                            <test>                            Specify one or more tests to perform:
                                            AUTH                             Elasticsearch authentication test
                                            CVE-2014-3120                    Elasticsearch CVE-2014-3120 test
                                            CVE-2015-1427                    Elasticsearch CVE-2015-1427 test
                                            CVE-2015-3337                    Elasticsearch CVE-2015-3337 test
                                            CVE-2015-5531                    Elasticsearch CVE-2015-5531 test
                                            CVE-LOOKUP                       Elasticsearch CVE lookup
                                            DATA_DUMP                        Elasticsearch data dump module
                                            HTTPS                            Elasticsearch HTTP/S test
                                            IS_ELASTIC                       Elasticsearch availability test
                                            STRUCTURE_DUMP                   Elasticsearch data structure test
                                            SW                               Elasticsearch software test
                                            USERS                            Elasticsearch user enumeration
                                                                               
   -p   --proxy                            <proxy>                           Set proxy (e.g. http://127.0.0.1:8080)
   -T   --timeout                          <miliseconds>                     Set timeout (default 10)
   -t   --threads                          <threads>                         Set thread count (default 10)
   -c   --cookie                           <cookie>                          Set cookie
   -a   --user-agent                       <a>                               Set User-Agent header
   -H   --headers                          <header:value>                    Set custom header(s)
   -r   --redirects                                                          Follow redirects (default False)
   -vv  --verbose                                                            Enable verbose mode
   -v   --version                                                            Show script version and exit
   -h   --help                                                               Show this help message and exit
   -j   --json                                                               Output in JSON format
   -U   --user                                                               Set user to authenticate as
   -P   --password                                                           Set password to authenticate with
   -F   --file                             </path/to/file>                   File to read if host is vulnerable to CVE-2015-5531 (default /etc/passwd)
   -di  --dump-index<index1, index2, ...>  Specify index to dump with data_dump module
   -df  --dump-field                       <field1,field2, field3.subfield>  Specify fields to dump with data_dump module
   -o   --output                           <filename>                        Specify the name of the file to store structure/data dump to
   -b   --built-in                                                           Enumerate/dump built-in Elasticsearch indexes

Dependencies

ptlibs>=1.0.32
packaging
requests

License

Copyright (c) 2025 Penterep Security s.r.o.

ptelastic is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

ptelastic is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with ptelastic. If not, see https://www.gnu.org/licenses/.

Warning

You are only allowed to run the tool against the websites which you have been given permission to pentest. We do not accept any responsibility for any damage/harm that this application causes to your computer, or your network. Penterep is not responsible for any illegal or malicious use of this code. Be Ethical!