Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/torque59/Nosql-Exploitation-Framework
A Python Framework For NoSQL Scanning and Exploitation
https://github.com/torque59/Nosql-Exploitation-Framework
nosql nosql-database nosql-enumeration nosql-exploitation-framework nosql-injection nosql-security
Last synced: 21 days ago
JSON representation
A Python Framework For NoSQL Scanning and Exploitation
- Host: GitHub
- URL: https://github.com/torque59/Nosql-Exploitation-Framework
- Owner: torque59
- License: bsd-3-clause
- Created: 2013-12-26T17:46:11.000Z (almost 11 years ago)
- Default Branch: master
- Last Pushed: 2024-10-24T18:21:27.000Z (about 2 months ago)
- Last Synced: 2024-10-26T03:35:03.299Z (about 2 months ago)
- Topics: nosql, nosql-database, nosql-enumeration, nosql-exploitation-framework, nosql-injection, nosql-security
- Language: Python
- Homepage:
- Size: 2.8 MB
- Stars: 595
- Watchers: 31
- Forks: 157
- Open Issues: 69
-
Metadata Files:
- Readme: README.md
- License: COPYING
Awesome Lists containing this project
- awesome-hacking-lists - torque59/Nosql-Exploitation-Framework - A Python Framework For NoSQL Scanning and Exploitation (Python)
README
[![Baikal](https://baikal.io/badges/torque59/NoSQL-Exploitation-Framework)](https://baikal.io/torque59/NoSQL-Exploitation-Framework)
[![Requirements Status](https://requires.io/github/torque59/Nosql-Exploitation-Framework/requirements.svg?branch=master)](https://requires.io/github/torque59/Nosql-Exploitation-Framework/requirements/?branch=master)Nosql-Exploitation-Framework
============================A FrameWork For NoSQL Scanning and Exploitation Framework
NoSQL Exploitation Framework 2.02b Released
Author
============================
- NoSQL Exploitation Framework Authored By Francis AlexanderWiki
============================
- NoSQL Exploitation Framework Wiki on Installation & Usage -Features:
============================- First Ever Tool With Added Support For Mongo,Couch,Redis,H-Base,Cassandra
- Support For NoSQL WebAPPS
- Added payload list for JS Injection,Web application Enumeration.
- Scan Support for Mongo,CouchDB and Redis
- Dictionary Attack Support for Mongo,Couch and Redis
- Enumeration Module added for the DB's,retrieves data in db's @ one shot.
- Currently Discover's Web Interface for Mongo
- Shodan Query Feature
- MultiThreaded IP List Scanner
- Dump and Copy Database features Added for CouchDB
- Sniff for Mongo,Couch and RedisChange Log V2.02b:
============================- The framework has been updated and moved to python3
- Added Dockerfile
- Bug fixesInstallation
============================
- Install Pip, sudo apt-get install python-setuptools;easy_install pip
- pip install -r requirements.txt
- python nosqlframework.py -h (For Help Options)Installation (Docker)
============================
- docker build -t torque59/nosqlframework . OR docker pull torque59/nosqlframework
- docker run -it torque59/nosqlframework --help
- docker run -it torque59/nosqlframework -ip ip_Addr -enum mongoInstallation on Mac/Kali
============================
- Removed the scapy module by default for mac. So this should run by default. If you need to sniff run the script and then continue.
- Run installformac-kali.sh directly
- python nosqlframework.py -h (For Help Options)Installing Nosql Exploitaiton Framework in Virtualenv
-------------------------------------
- virtualenv nosqlframework
- source nosqlframework/bin/activate
- pip install -r requirements.txt
- nosqlframework/bin/python nosqlframework.py -h (For Help Options)
- deactivate (After usage)Contribution
----------------- It would be great seeing this project grow , do contribute by issuing a pull request.
Sample Usage
============================
- nosqlframework.py -ip localhost -scan
- nosqlframework.py -ip localhost -dict mongo -file b.txt
- nosqlframework.py -ip localhost -enum couch
- nosqlframework.py -ip localhost -enum redis
- nosqlframework.py -ip localhost -clone couchSample Output
============================- http://imgur.com/4KMntxJ
Future Releases
============================- Improved Web App Detection
- Support for Neo4j on the way
- Web Interface attack and Fuzz PlatformBugs or Queries
============================
- Plse report any bugs or queries @ [email protected] [@torque59](https://twitter.com/torque59)