hack-tools/NoSQLAttack at master · hacktoolspack/hack-tools

Name	Name	Last commit message	Last commit date
parent directory ..
docs	docs
images	images
LICENSE.md	LICENSE.md
README.md	README.md
buildAttackUri.py	buildAttackUri.py
getApps.py	getApps.py
globalVar.py	globalVar.py
globalVar.pyc	globalVar.pyc
main.py	main.py
mongo.py	mongo.py
mongo.pyc	mongo.pyc
option.py	option.py
scanIP.py	scanIP.py
setup.py	setup.py

Name

Last commit message

Last commit date

#中文说明 #NoSQLAttack #Introduction NoSQLAttack is an open source Python tool to automate expose MongoDB server IP on the internet and disclose the database data by MongoDB default configuration weaknesses and injection attacks. Presently, this project focuses on MongoDB.

It is base on NoSQLMap, tcstool's popular NoSQL injection tool and shodan, first search engine for Internet-connected devices.

Some attack tests are based on and extensions of follow papers

There are two systems for testing NoSQL injection in this project-NoSQLInjectionAttackDemo. #Background NoSQL injection attacks, for example php array injection, javascript injection and mongo shell injection, endanger mongoDB. There are thousands of mongoDB are exposed on the internet, and hacker can download data from exposed mongoDB.

#Requirements On a Debian or Red Hat based system, NoSQLAttack's dependencies already be writen in setup.py. This project is built on Pycharm COMMUNITY 2016.1 with python 2.7.10.

Varies based on features used:

Shodan-1.5.3
httplib2-0.9
Python-2.7
pymongo-2.7.2
requests-2.5.0
ipcalc-1.1.3
MongoDB

#Building On Linux, it goes something like this:

cd NoSQLAttack
python setup.py install

#Tips

If after entering "python setup.py install", terminal show error information "No module named setuptools", just install setuptools. On Ubuntu, "sudo apt-get install python-setuptools", this command is useful
Install MongoDB for MongoDB default configuration attack.

#Usage After building, you can run NoSQLAttack like this:

NoSQLAttack

Upon starting NoSQLAttack you are presented with the main menu:

================================================
        _   _       _____  _____ _                      
       | \ | |     /  ___||  _  | |                     
       |  \| | ___ \ `--. | | | | |                   
       | . ` |/ _ \ `--. \| | | | |                    
       | |\  | (_) /\__/ /\ \/' / |____          
       \_| \_/\___/\____/  \_/\_\_____/                  
                                        _          
    /\      _      _                   | |  _        
   /  \   _| |_  _| |    _____    ___  | | / /       
  / /\ \ |_   _||_   _| / __  \  / __| | |/ /        
 / /--\ \  | |_   | |_  | |_| | | |__  | |\ \       
/ / -- \ \ \___\  \___\ \______\ \___| | | \_\      
================================================    
NoSQLAttack-v0.2
sunxiuyang04@gmail.com


1-Scan attacked IP
2-Configurate parameters
3-MongoDB Access Attacks
4-Injection Attacks
x-Exit

#videos NoSQLAttack Demo for MongoDB.

(1)default configuration Attacks demo (2)injection attacks demo

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Files

NoSQLAttack

NoSQLAttack

README.md

Files

NoSQLAttack

Directory actions

More options

Directory actions

More options

Latest commit

History

NoSQLAttack

Folders and files

parent directory

README.md