https://github.com/jibbscript/dbminer-multi
Toy Database Pillager cli tool in Go for use in post-exploitation reconnaissance and data pilfering
https://github.com/jibbscript/dbminer-multi
ctf-tools cybersecurity database-schema offensive-security redteam-tools security-tools system-programming
Last synced: 6 months ago
JSON representation
Toy Database Pillager cli tool in Go for use in post-exploitation reconnaissance and data pilfering
- Host: GitHub
- URL: https://github.com/jibbscript/dbminer-multi
- Owner: Jibbscript
- License: gpl-3.0
- Created: 2024-12-10T11:05:47.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-12-14T01:58:04.000Z (over 1 year ago)
- Last Synced: 2024-12-24T07:46:43.210Z (over 1 year ago)
- Topics: ctf-tools, cybersecurity, database-schema, offensive-security, redteam-tools, security-tools, system-programming
- Language: Go
- Homepage:
- Size: 34.2 KB
- Stars: 0
- Watchers: 1
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# DBMiner Multi
A post-exploitation tool designed to scan local database instances for sensitive data patterns including credit card details, SSNs, and other compliance-critical PII data.
## Features
- Interface-driven design for consistent behavior across different database backends
- Currently supports:
- MongoDB
- MySQL
- Pattern matching for sensitive data fields including:
- Social Security Numbers
- Credit Card Numbers
- Passwords
- Security/Authentication data
- Address information
- PII data fields
## Installation
Requires Go 1.23.0 or higher.
## Usage
### MongoDB Scanner
Example:
```bash
go run ./mongo/main.go localhost
```
### MySQL Scanner
Example:
```bash
go run ./mysql/main.go localhost
```
## Architecture
The project uses a modular architecture based on Go interfaces to ensure consistent behavior across different database implementations:
1. Core Interface (`dbminer.DatabaseMiner`):
- Defines common schema inspection methods
- Provides unified search functionality
- Implements regex-based pattern matching
2. Database-Specific Implementations:
- Each database type implements the DatabaseMiner interface
- Handles connection management
- Provides schema extraction logic specific to the database
## Pattern Detection
The scanner looks for common field names that might contain sensitive data:
- Social Security related fields
- Password/security fields
- Credit card related data (numbers, CVV, expiration)
- Address information (city, state, zip)
## Development
To add support for a new database type:
1. Create a new package for the database
2. Implement the DatabaseMiner interface
3. Provide database-specific connection and schema extraction logic
## Contributing
1. Fork the repository
2. Create your feature branch
3. Commit your changes
4. Push to the branch
5. Create a new Pull Request
## Security Notice
This tool is intended for authorized security testing and educational purposes only. Unauthorized database scanning or data extraction may violate applicable laws and regulations.
## Disclaimer
This tool is provided for educational and authorized testing purposes only. Users are responsible for ensuring compliance with applicable laws and regulations when using this tool.
## License
This project is licensed under the GNU General Public License v3.0 - see the LICENSE file for details.