NoSQL Exploitation Framework - A Python Framework for NoSQL Scanning and Exploitation

NoSQL Exploitation Framework - A Python Framework for NoSQL Scanning and Exploitation

NoSQL Exploitation Framework is a Python framework for NoSQL scanning and exploitation.

It can Detect NoSQL injections and other version vulnerabilities with zero feedback from the application.

Features:

  • Support For Mongo, Couch, Redis, H-Base, Cassandra
  • Support For NoSQL web apps
  • Payload list for JS Injection, Web application Enumeration.
  • Scan Support for Mongo, CouchDB, and Redis
  • Dictionary Attack Support for Mongo, CouchDB, and Redis
  • Enumeration Module added for the DB's, retrieves data in db's @ one shot.
  • Currently Discover's Web Interface for Mongo
  • Shodan Query Feature
  • MultiThreaded IP List Scanner
  • Dump and Copy Database features Added for CouchDB
  • Sniff for Mongo, Couch and Redis

Installation:

  • Install Pip, sudo apt-get install python-setuptools;easy_install pip
  • pip install -r requirements.txt
  • python nosqlframework.py -h (For Help Options)

Installation on Mac/Kali:

  • Removed the scapy module by default for mac. So this should run by default. If you need to sniff run the script and then continue.
  • Run installformac-kali.sh directly
  • python nosqlframework.py -h (For Help Options)

    Installing Nosql Exploitaiton Framework in Virtualenv:

    • virtualenv nosqlframework
    • source nosqlframework/bin/activate
    • pip install -r requirements.txt
    • nosqlframework/bin/python nosqlframework.py -h (For Help Options)
    • deactivate (After usage)

      Example usage:

        nosqlframework.py -ip localhost -scan  
        nosqlframework.py -ip localhost -dict mongo -file b.txt  
        nosqlframework.py -ip localhost -enum couch  
        nosqlframework.py -ip localhost -enum redis  
        nosqlframework.py -ip localhost -clone couch  





        from Effect Hacking full article here