NoSQL Exploitation Framework - A Python Framework for NoSQL Scanning and Exploitation
NoSQL Exploitation Framework is a Python framework for NoSQL scanning and exploitation.
It can Detect NoSQL injections and other version vulnerabilities with zero feedback from the application.
Features:
- Support For Mongo, Couch, Redis, H-Base, Cassandra
- Support For NoSQL web apps
- Payload list for JS Injection, Web application Enumeration.
- Scan Support for Mongo, CouchDB, and Redis
- Dictionary Attack Support for Mongo, CouchDB, and Redis
- Enumeration Module added for the DB's, retrieves data in db's @ one shot.
- Currently Discover's Web Interface for Mongo
- Shodan Query Feature
- MultiThreaded IP List Scanner
- Dump and Copy Database features Added for CouchDB
- Sniff for Mongo, Couch and Redis
Installation:
- Install Pip, sudo apt-get install python-setuptools;easy_install pip
- pip install -r requirements.txt
- python nosqlframework.py -h (For Help Options)
Installation on Mac/Kali:
- Removed the scapy module by default for mac. So this should run by default. If you need to sniff run the script and then continue.
- Run installformac-kali.sh directly
- python nosqlframework.py -h (For Help Options)
Installing Nosql Exploitaiton Framework in Virtualenv:
- virtualenv nosqlframework
- source nosqlframework/bin/activate
- pip install -r requirements.txt
- nosqlframework/bin/python nosqlframework.py -h (For Help Options)
- deactivate (After usage)
Example usage:
nosqlframework.py -ip localhost -scannosqlframework.py -ip localhost -dict mongo -file b.txtnosqlframework.py -ip localhost -enum couchnosqlframework.py -ip localhost -enum redisnosqlframework.py -ip localhost -clone couchSource: www.effecthacking.com
NoSQL Exploitation Framework - A Python Framework for NoSQL Scanning and Exploitation
Reviewed by Anonymous
on
4:02 AM
Rating:
Reviewed by Anonymous
on
4:02 AM
Rating:
