Nosql-Exploitation-Framework - A FrameWork For NoSQL Scanning and Exploitation Framework


A FrameWork For NoSQL Scanning, Enumeration and Exploitation.
NoSQL Databases are schema less databases. They were invented to store data easily and flexibly.
NoSQL Databases have gained popularity and its security has always been under the scanner.
The NoSQL Exploitation Framework focuses scanning,enumerating and exploiting these databases.
The tool has support for over 5 databases MongoDB,CouchDB,Redis,H-Base and Cassandra.

Added Features:

  • First Ever Tool With Added Support For Mongo,Couch,Redis,H-Base,Cassandra
  • Support For NoSQL WebAPPS
  • Added payload list for JS Injection,Web application Enumeration.
  • Scan Support for Mongo,CouchDB and Redis
  • Dictionary Attack Support for Mongo,Cocuh and Redis
  • Enumeration Module added for the DB's,retrieves data in db's @ one shot.
  • Currently Discover's Web Interface for Mongo
  • Shodan Query Feature
  • MultiThreaded IP List Scanner
  • Dump and Copy Database features Added for CouchDB
  • Sniff for Mongo,Couch and Redis

Installation

  • Run chmod+x install.sh nosqlmap.py
  • ./install.sh
  • nosqlexp.py -h (For Help Options)

Sample Usage

  • nosqlexp.py -ip localhost -scan
  • nosqlexp.py -ip localhost -dict mongo -file b.txt
  • nosqlexp.py -ip localhost -enum couch
  • nosqlexp.py -ip localhost -enum redis
  • nosqlexp.py -ip localhost -clone couch
  • nosqlexp.py -ip localhost -webapp "web_app_link"