TLDR;
- Shodan can be used to find Calibre servers.
- I wrote an nmap script for identification and metadata analysis
- 2.5 million titles are available on identified servers
- An average of 10k~ titles per server
- If you use the Calibre web server, verify the authentication and it's network connectivity.
- The Calibre developers don't have the best history of dealing with security issues.
I love reading, and I especially like my e-readers. They allow you to carry and travel with hundreds of books. Calibre is an open source e-book management application, and probably one of the most popular. It's capable of running a server to allow remote users to browse and download books. Knowing this and being a pentester by trade, I became quite curious if there was any notable presence of Calibre on the internet. In it's default configuration, Calibre does not require any authentication to access the web interface. Using Shodan.io, we can search for the keyword Calibre in the server HTTP header.
Using the export function, we can gather a large number of possible Calibre web servers quickly. Depending on the version of Calibre, it's possible to extract the entire manifest of all the books. This includes the title, author, genre, etc. For the older version, it's possible to scrape the mobile interface using regex for the total number of books.
To help expedite the process of identifying Calibre web servers, I wrote a simple nmap script to help identify:
- Version
- If authentication is required
- Number of books
I created a pull request to have it integrated in future releases of nmap pending approval.
Using my script, I enumerated roughly 2,500,000 titles on unauthenticated Calibre servers.
Of the original 1,800 or so servers from Shodan, we were able to download the manifest file from 225 Calibre servers. Note this doesn't include unauthenticated servers which don't offer the manifest file. I didn't write a crawler to parse individual titles and requesting potentially 100s of pages from a single host.
From the 225 Calibre servers, I was able to identify about 10,000 unique titles. Some interesting observations:
- Ironically, there's a number of "cybersecurity" titles.
- I tried searching through the titles for sensitive documents such as "receipt" or "invoice" or "tax". Nothing.
- Unsurprisingly given world demographics, a large number of titles are not English. This might have hamstringed my manual analysis.
What next?
This is just a jumping off point that came from a lazy weekend morning, some interesting takeaways and ideas to for next steps
- Build an actual script to harvest all 2.5 million books.
- PDFs, EPUBs, and MOBIs can contain metadata. It may be possible to disclose sensitive information.
- There are some poorly documented API endpoints available via /cdb/ (unauth'd /cdb/cmd anyone?) which can be used to programmatically interface. If I was to to review Calibre more closely, I would start here.
Interesting. Your lazy morning amazed me
ReplyDeleteI set up a Calibre server 35 minutes ago. 5 minutes later people started knocking on the door of my server. Thank god for Little Snitch. And no thanks to you. [Except that it may actually improve Kovid Goyal's security, so thanks for that :-D )
ReplyDeletethanks for your lazy morning
ReplyDeletei use library genesis for books and internet-hacks.com to find better study resources
DeleteJoining is the stage of the steel fabrication course of that involves combining and integrating all the minimize and shaped elements to type a single, larger structure. Steel fabricating is the process of creating steel merchandise through secondary steel manufacturing processes. This is Puffer Jacket a type of slicing that involves removing materials from inventory using a software with a sharp tip or edge. The slicing software partially penetrates the material and moves in the direction of|in path of} the path of the slicing line.
ReplyDeleteSometimes a no deposit bonus is just a bunch of low-value free spins on a penny slot. You’ll need to be extraordinarily fortunate to make various of} bucks from such a deal. This bonus is a dream to all gambling fanatics and a majority of them look for a casino site that offers sort of|this sort of|this sort of} profit. A month-to-month bonus is offered by a casino site on a month-to-month basis, per occasion or essential holiday corresponding to Thanksgiving Day or Christmas Day in the type of a free spin as a reward. This is an unique bonus that is given to purchasers who make large deposits and are loyal to the casino. They got superior rewards corresponding to free devices, discounted journey, or free dining in an 1xbet unique restaurant.
ReplyDeleteIan wrote to Disabled World to inform us of his experience half in} on-line Caribbean Poker. Pretty a lot each myth about US slots is true of UK fruit machines. When a bonus spherical happens, it ALWAYS appears the bonus spherical occurs 2 or three extra times in a brief interval after the first bonus spherical, then no bonuses for ages - and lots of cash gone. Slot machine win per unit per day is internet of participation charges and progressive accruals. / Data Dynamics insists on the necessity of a worldwide wealthy platform for enterprise information environments, permitting for a better understanding of their 원엑스벳 assets. Every time you upgrade a legend, you earn free bonuses which may vary from rank-up rewards, which offer you a coin reward, all the best way|the method in which} {up to|as a lot as} the Grand Reward, which is won after you totally rank up your whole legends.
ReplyDelete