Nosql-Exploitation (1 Viewer)

R

RoJang

Joined
Mar 12, 2017
Credits
0
Rating - 0%
Nosql-Exploitation-Framework
A FrameWork For NoSQL Scanning and Exploitation Framework

NoSQL Exploitation Framework 2.0 Released

Author
  • NoSQL Exploitation Framework Authored By Francis Alexander
Added Features:
  • First Ever Tool With Added Support For Mongo,Couch,Redis,H-Base,Cassandra
  • Support For NoSQL WebAPPS
  • Added payload list for JS Injection,Web application Enumeration.
  • Scan Support for Mongo,CouchDB and Redis
  • Dictionary Attack Support for Mongo,Cocuh and Redis
  • Enumeration Module added for the DB's,retrieves data in db's @ one shot.
  • Currently Discover's Web Interface for Mongo
  • Shodan Query Feature
  • MultiThreaded IP List Scanner
  • Dump and Copy Database features Added for CouchDB
  • Sniff for Mongo,Couch and Redis
Change Log V2.0:
  • Modularised approach, Now comes with Configuration file, tweak to your customization
  • Multithreaded dictionary attacks,file enumeration
  • Support for Heuristic based Redis remote file enumeration,Added Redis System enumeration
  • Now select Databases depending upon options -d "Database" -t "table" -d "Dump"
  • Improved Scan Support for Mongo,CouchDB,Redis,Cassandra and H-Base
  • Improved dump feature
  • Bug fixes
Installation
  • Install Pip, sudo apt-get install python-setuptools;easy_install pip
  • pip install -r requirements.txt
  • python nosqlframework.py -h (For Help Options)
Installation on Mac/Kali
  • Run installformac-kali.sh directly
  • python nosqlframework.py -h (For Help Options)
Installing Nosql Exploitaiton Framework in Virtualenv
  • virtualenv nosqlframework
  • source nosqlframework/bin/activate
  • pip install -r requirements.txt
  • nosqlframework/bin/python nosqlframework.py -h (For Help Options)
  • deactivate (After usage)
Contribution
  • It would be great seeing this project grow , do contribute by issuing a pull request.
Sample Usage
  • nosqlframework.py -ip localhost -scan
  • nosqlframework.py -ip localhost -dict mongo -file b.txt
  • nosqlframework.py -ip localhost -enum couch
  • nosqlframework.py -ip localhost -enum redis
  • nosqlframework.py -ip localhost -clone couch
Sample Output
Future Releases
  • Improved Web App Detection
  • Support for Neo4j on the way
  • Web Interface attack and Fuzz Platform
https://github.com/torque59/Nosql-Exploitation-Framework
 
You must log in or register to reply here.

Users who are viewing this thread

Total: 2 (members: 0, guests: 2)
Top