Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/torque59/Nosql-Exploitation-Framework

A Python Framework For NoSQL Scanning and Exploitation
https://github.com/torque59/Nosql-Exploitation-Framework

nosql nosql-database nosql-enumeration nosql-exploitation-framework nosql-injection nosql-security

Last synced: 3 months ago
JSON representation

A Python Framework For NoSQL Scanning and Exploitation

Awesome Lists containing this project

README 

        
[![Baikal](https://baikal.io/badges/torque59/NoSQL-Exploitation-Framework)](https://baikal.io/torque59/NoSQL-Exploitation-Framework)

[![Requirements Status](https://requires.io/github/torque59/Nosql-Exploitation-Framework/requirements.svg?branch=master)](https://requires.io/github/torque59/Nosql-Exploitation-Framework/requirements/?branch=master)



Nosql-Exploitation-Framework

============================



A FrameWork For NoSQL Scanning and Exploitation Framework



NoSQL Exploitation Framework 2.02b Released



Author

============================

- NoSQL Exploitation Framework Authored By Francis Alexander



Wiki

============================

- NoSQL Exploitation Framework Wiki on Installation & Usage - 



Features:

============================



- First Ever Tool With Added Support For Mongo,Couch,Redis,H-Base,Cassandra

- Support For NoSQL WebAPPS

- Added payload list for JS Injection,Web application Enumeration.

- Scan Support for Mongo,CouchDB and Redis

- Dictionary Attack Support for Mongo,Couch and Redis

- Enumeration Module added for the DB's,retrieves data in db's @ one shot.

- Currently Discover's Web Interface for Mongo

- Shodan Query Feature

- MultiThreaded IP List Scanner

- Dump and Copy Database features Added for CouchDB

- Sniff for Mongo,Couch and Redis



Change Log V2.02b:

============================



- The framework has been updated and moved to python3

- Added Dockerfile

- Bug fixes



Installation

============================

- Install Pip, sudo apt-get install python-setuptools;easy_install pip

- pip install -r requirements.txt

- python nosqlframework.py -h (For Help Options)



Installation (Docker)

============================

- docker build -t torque59/nosqlframework . OR docker pull torque59/nosqlframework

- docker run -it torque59/nosqlframework --help

- docker run -it torque59/nosqlframework -ip ip_Addr -enum mongo



Installation on Mac/Kali

============================

- Removed the scapy module by default for mac. So this should run by default. If you need to sniff run the script and then continue.

- Run installformac-kali.sh directly

- python nosqlframework.py -h (For Help Options)



Installing Nosql Exploitaiton Framework in Virtualenv

-------------------------------------

- virtualenv nosqlframework

- source nosqlframework/bin/activate

- pip install -r requirements.txt

- nosqlframework/bin/python nosqlframework.py -h (For Help Options)

- deactivate (After usage)



Contribution

----------------



- It would be great seeing this project grow , do contribute by issuing a pull request.



Sample Usage

============================

- nosqlframework.py -ip localhost -scan

- nosqlframework.py -ip localhost -dict mongo -file b.txt

- nosqlframework.py -ip localhost -enum couch

- nosqlframework.py -ip localhost -enum redis

- nosqlframework.py -ip localhost -clone couch



Sample Output

============================



- http://imgur.com/4KMntxJ



Future Releases

============================



- Improved Web App Detection

- Support for Neo4j on the way

- Web Interface attack and Fuzz Platform



Bugs or Queries

============================

- Plse report any bugs or queries @ [email protected] [@torque59](https://twitter.com/torque59)