Skip to content

torque59/Nosql-Exploitation-Framework

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

151 Commits

dbattacks

dbattacks

 
 

dictionary

dictionary

 
 

dump

dump

 
 

logs/screenshots

logs/screenshots

 
 

payload

payload

 
 

reqs/macosx

reqs/macosx

 
 

sniff

sniff

 
 

webattacks

webattacks

 
 

.gitignore

.gitignore

 
 

COPYING

COPYING

 
 

Dockerfile

Dockerfile

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

contributions.md

contributions.md

 
 

coreconfigure.py

coreconfigure.py

 
 

installformac-kali.sh

installformac-kali.sh

 
 

nosqlframework.py

nosqlframework.py

 
 

requirements.txt

requirements.txt

 
 

Repository files navigation

Baikal Requirements Status

Nosql-Exploitation-Framework

A FrameWork For NoSQL Scanning and Exploitation Framework

NoSQL Exploitation Framework 2.02b Released

Author

  • NoSQL Exploitation Framework Authored By Francis Alexander

Wiki

Features:

  • First Ever Tool With Added Support For Mongo,Couch,Redis,H-Base,Cassandra
  • Support For NoSQL WebAPPS
  • Added payload list for JS Injection,Web application Enumeration.
  • Scan Support for Mongo,CouchDB and Redis
  • Dictionary Attack Support for Mongo,Couch and Redis
  • Enumeration Module added for the DB's,retrieves data in db's @ one shot.
  • Currently Discover's Web Interface for Mongo
  • Shodan Query Feature
  • MultiThreaded IP List Scanner
  • Dump and Copy Database features Added for CouchDB
  • Sniff for Mongo,Couch and Redis

Change Log V2.02b:

  • The framework has been updated and moved to python3
  • Added Dockerfile
  • Bug fixes

Installation

  • Install Pip, sudo apt-get install python-setuptools;easy_install pip
  • pip install -r requirements.txt
  • python nosqlframework.py -h (For Help Options)

Installation (Docker)

  • docker build -t torque59/nosqlframework . OR docker pull torque59/nosqlframework
  • docker run -it torque59/nosqlframework --help
  • docker run -it torque59/nosqlframework -ip ip_Addr -enum mongo

Installation on Mac/Kali

  • Removed the scapy module by default for mac. So this should run by default. If you need to sniff run the script and then continue.
  • Run installformac-kali.sh directly
  • python nosqlframework.py -h (For Help Options)

Installing Nosql Exploitaiton Framework in Virtualenv

  • virtualenv nosqlframework
  • source nosqlframework/bin/activate
  • pip install -r requirements.txt
  • nosqlframework/bin/python nosqlframework.py -h (For Help Options)
  • deactivate (After usage)

Contribution

  • It would be great seeing this project grow , do contribute by issuing a pull request.

Sample Usage

  • nosqlframework.py -ip localhost -scan
  • nosqlframework.py -ip localhost -dict mongo -file b.txt
  • nosqlframework.py -ip localhost -enum couch
  • nosqlframework.py -ip localhost -enum redis
  • nosqlframework.py -ip localhost -clone couch

Sample Output

Future Releases

  • Improved Web App Detection
  • Support for Neo4j on the way
  • Web Interface attack and Fuzz Platform

Bugs or Queries

About

A Python Framework For NoSQL Scanning and Exploitation

Topics

nosql nosql-database nosql-exploitation-framework nosql-injection nosql-enumeration nosql-security

Resources

Readme

License

BSD-3-Clause, GPL-2.0 licenses found

Licenses found

BSD-3-Clause
LICENSE
GPL-2.0
COPYING
Activity

Stars

592 stars

Watchers

31 watching

Forks

157 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 6

Languages