Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/robyfirnandoyusuf/nosqlinsanity

NoSQLInsanity: Tool for Security Assesment NoSQL (Linear Search VS Binary Search)
https://github.com/robyfirnandoyusuf/nosqlinsanity

nosql nosql-injection web-security web-security-research

Last synced: 18 days ago
JSON representation

NoSQLInsanity: Tool for Security Assesment NoSQL (Linear Search VS Binary Search)

Host: GitHub
URL: https://github.com/robyfirnandoyusuf/nosqlinsanity
Owner: robyfirnandoyusuf
License: apache-2.0
Created: 2022-08-12T16:52:47.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2023-08-29T03:23:27.000Z (over 1 year ago)
Last Synced: 2024-11-11T09:41:33.554Z (3 months ago)
Topics: nosql, nosql-injection, web-security, web-security-research
Language: Python
Homepage:
Size: 98.6 KB
Stars: 2
Watchers: 1
Forks: 0
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        [![contributions](https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat)](https://github.com/robyfirnandoyusuf/NoSQLInsanity/issues)

# 💉 NoSQLInsanity



#### This research for final year project

NoSQLInsanity: Tool for Security Assesment NoSQL

### Wireframe

https://whimsical.com/nosqlinsanity-F2thpyebcaNPyCQr4UBabe

Researcher : Roby Firnando Yusuf aka greycat aka 0x00b0


Supervisor : Daniel Rudiaman S. S.T., M. Kom

- [Installation](#installation)

  - [from Source](#from-source)

- [Usage](#usage)

  - [Options](#options)

- [License](#license)

- [Acknowledments](#acknowledments)

### Installation

It's fairly simple to install NoSQLInsanity:

#### from Source

Clone repository and install requirements:

```

$ git clone https://github.com/robyfirnandoyusuf/NoSQLInsanity.git

$ cd NoSQLInsanity/

$ pip3 install -r requirements.txt

```

#### from Docker

Pull the Docker image by running:

```bash

$ docker pull robyfirnando/nosqlinsanity:v2.0.1

```

#### from PyPi

Coming Soon

### Usage

Simply,

```bash

# from source

$ python3 NoSQLInsanity.py --url "https://lab.s.he-left.me/auth/login" --platform "mongodb"

# from docker

$ docker run -it robyfirnando/nosqlinsanity:v2.0.1 --url "https://lab.s.he-left.me/auth/login" --platform "mongodb"

```



### Options

Here are all the options it supports.

| **Argument**  	| **Description**                             	

|---------------	|---------------------------------------------

| --url    	| Vulnerable endpoint                       	| ``                                        |

| -s, --silent  	| Silent mode _(hide the time measurements)_ 

### Features

1. Dump by known a value

2. Dump by unknown value (dump all documents by specify field)

3. Multiple option algorithms (Linear and Binary Search)

## License

`NoSQLInsanity` is distributed under Apache 2.

## Acknowledments

Since this tool includes some contributions, and I'm not an asshole, I'll publically thank the following users for their supports, helps and resources:

- Daniel Lu aka BrownieInMotion (DiceGang - Redpwn)

- Fernanda Darmasaputra (Tim Petir - OurLastNight)

- Pavel Sorokin (BI.ZONE Security Researcher)

- and You

### TODO:

- [x] Print Info

- [x] Menu Param

- [x] Menu HTTP Method

- [x] Menu Input Payload

- [x] Engine Checker Website is UP or DOWN

- [x] Engine Vuln Test

- [x] Auto Set Success-Identifier

- [x] Engine Linear (Dump known value)

- [x] Engine Linear (Dump unknown value)

- [x] Engine Linear Count Length

- [x] Engine Binary Search (Dump known value)

- [x] Engine Binary Search (Dump unknown value)

- [x] Engine BinSearch Count Length

- [x] Research ability MongoDB to perform BinSearch

- [x] Add measurement each chars LinearSearch (Dump known value)

- [x] Add measurement each chars LinearSearch (Dump unknown value)

- [x] Add measurement each chars BinSearch (Dump known value)

- [x] Add measurement each chars BinSearch (Dump unknown value)

- [x] Log Report CSV