NoSQL Exploitation Framework - A Python Framework for NoSQL Scanning and Exploitation

NoSQL Exploitation Framework is a Python framework for NoSQL scanning and exploitation.

It can Detect NoSQL injections and other version vulnerabilities with zero feedback from the application.

Features:

• Support For Mongo, Couch, Redis, H-Base, Cassandra
• Support For NoSQL web apps
• Payload list for JS Injection, Web application Enumeration.
• Scan Support for Mongo, CouchDB, and Redis
• Dictionary Attack Support for Mongo, CouchDB, and Redis
• Enumeration Module added for the DB's, retrieves data in db's @ one shot.
• Currently Discover's Web Interface for Mongo
• Shodan Query Feature
• MultiThreaded IP List Scanner
• Dump and Copy Database features Added for CouchDB
• Sniff for Mongo, Couch and Redis

Installation:

• Install Pip, sudo apt-get install python-setuptools;easy_install pip
• pip install -r requirements.txt
• python nosqlframework.py -h (For Help Options)

Installation on Mac/Kali:

• Removed the scapy module by default for mac. So this should run by default. If you need to sniff run the script and then continue.
• Run installformac-kali.sh directly
• python nosqlframework.py -h (For Help Options)

Installing Nosql Exploitaiton Framework in Virtualenv:

• virtualenv nosqlframework
• source nosqlframework/bin/activate
• pip install -r requirements.txt
• nosqlframework/bin/python nosqlframework.py -h (For Help Options)
• deactivate (After usage)

Example usage:

  nosqlframework.py -ip localhost -scan  

  nosqlframework.py -ip localhost -dict mongo -file b.txt  

  nosqlframework.py -ip localhost -enum couch  

  nosqlframework.py -ip localhost -enum redis  

  nosqlframework.py -ip localhost -clone couch  

NoSQL Exploitation Framework

You might also like:

• jSQL Injection - A Cross-Platform SQL Injection Tool
• DNSwalk - A DNS Database Debugger
• Wifislax - A Slackware-Based Penetration Testing Distribution
• SQLSentinel - A Cross-Platform SQLi Vulnerability Scanner
• AnonTwi - Tool To Have More Privacy On Social Media
• HoneyDrive - A Honeypot Linux Distribution
• Samhain - Host Based Intrusion Detection System
• Knockpy - A Subdomain Scanner
• Algorithm - The Hacker Movie
• TXDNS - An Aggressive Multithreaded DNS Digger/Brute-Forcer
• PwnPi - A Pen-testing Drop Box Distribution For Raspberry Pi
• PwnSTAR - A Bash Script For Creating a "Malicious" Software-Enabled Access Point
• VMInjector - Tool For Bypassing Windows/Ubuntu/MacOSX Login Authentication Screen
• Hydra - A Powerful Network Password Cracking Tool
• ISME - A Framework For Testing IP Phones
• Comodo Password Decryptor - Tool For Recovering Stored Login Details From Comodo Dragon Browser
• Virtual Section Dumper - A Memory Dumping Tool
• Xenotix - XSS Vulnerability Detection and Exploitation Framework

from Effect Hacking full article here