Skip to content

torque59/Nosql-Exploitation-Framework

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
78 branches 0 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
dbattacks
 
 
dictionary
 
 
dump
 
 
logs/screenshots
 
 
payload
 
 
reqs/macosx
 
 
sniff
 
 
webattacks
 
 
.gitignore
 
 
COPYING
 
 
Dockerfile
 
 
LICENSE
 
 
README.md
 
 
contributions.md
 
 
coreconfigure.py
 
 
installformac-kali.sh
 
 
nosqlframework.py
 
 
requirements.txt
 
 
Nosql-Exploitation-Framework Author Wiki Features: Change Log V2.02b: Installation Installation (Docker) Installation on Mac/Kali Installing Nosql Exploitaiton Framework in Virtualenv Contribution Sample Usage Sample Output Future Releases Bugs or Queries

README.md

Baikal Requirements Status

Nosql-Exploitation-Framework

A FrameWork For NoSQL Scanning and Exploitation Framework

NoSQL Exploitation Framework 2.02b Released

Author

  • NoSQL Exploitation Framework Authored By Francis Alexander

Wiki

Features:

  • First Ever Tool With Added Support For Mongo,Couch,Redis,H-Base,Cassandra
  • Support For NoSQL WebAPPS
  • Added payload list for JS Injection,Web application Enumeration.
  • Scan Support for Mongo,CouchDB and Redis
  • Dictionary Attack Support for Mongo,Couch and Redis
  • Enumeration Module added for the DB's,retrieves data in db's @ one shot.
  • Currently Discover's Web Interface for Mongo
  • Shodan Query Feature
  • MultiThreaded IP List Scanner
  • Dump and Copy Database features Added for CouchDB
  • Sniff for Mongo,Couch and Redis

Change Log V2.02b:

  • The framework has been updated and moved to python3
  • Added Dockerfile
  • Bug fixes

Installation

  • Install Pip, sudo apt-get install python-setuptools;easy_install pip
  • pip install -r requirements.txt
  • python nosqlframework.py -h (For Help Options)

Installation (Docker)

  • docker build -t torque59/nosqlframework . OR docker pull torque59/nosqlframework
  • docker run -it torque59/nosqlframework --help
  • docker run -it torque59/nosqlframework -ip ip_Addr -enum mongo

Installation on Mac/Kali

  • Removed the scapy module by default for mac. So this should run by default. If you need to sniff run the script and then continue.
  • Run installformac-kali.sh directly
  • python nosqlframework.py -h (For Help Options)

Installing Nosql Exploitaiton Framework in Virtualenv

  • virtualenv nosqlframework
  • source nosqlframework/bin/activate
  • pip install -r requirements.txt
  • nosqlframework/bin/python nosqlframework.py -h (For Help Options)
  • deactivate (After usage)

Contribution

  • It would be great seeing this project grow , do contribute by issuing a pull request.

Sample Usage

  • nosqlframework.py -ip localhost -scan
  • nosqlframework.py -ip localhost -dict mongo -file b.txt
  • nosqlframework.py -ip localhost -enum couch
  • nosqlframework.py -ip localhost -enum redis
  • nosqlframework.py -ip localhost -clone couch

Sample Output

Future Releases

  • Improved Web App Detection
  • Support for Neo4j on the way
  • Web Interface attack and Fuzz Platform

Bugs or Queries

About

A Python Framework For NoSQL Scanning and Exploitation

Topics

nosql nosql-database nosql-exploitation-framework nosql-injection nosql-enumeration nosql-security

Resources

Readme

License

BSD-3-Clause, GPL-2.0 licenses found

Licenses found

BSD-3-Clause
LICENSE
GPL-2.0
COPYING
Activity

Stars

591 stars

Watchers

31 watching

Forks

157 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 6

Languages