Any database may include sensitive information such as usernames , passwords or users data. This makes a proper security assessment with whole architecture review is required for identifying security gaps that can be used by hackers to compromise the system.
NoSQL databases are now often used to store information and data. security assessment and penetest NoSQL databases in the testing environment is important to identify vulnerabilities or configuration issues with the DB. NoSQL Exploitation Framework is an open source tool that you can use to enumerate, scan or exploit NoSQL databases.
Currently the tool support Mongo, CouchDB, Redis, H-Base, Cassandra and there is an ongoing development to add more features such as improving the web application detection, supporting Neo4j, Web Interface attack and Fuzz Platform. Currently the tool have the following features:
Enumeration NoSQL databases
Dump NoSQL databases
Support NoSQL Web Applications
Payload list for JS Injection,Web application Enumeration
Dictionary Attack Support for Mongo,Cocuh and Redis
Shodan Query Feature
MultiThreaded IP List Scanner
Sniff for Mongo,Couch and Redis
NOSQL
NoSQL EXPLOITATION FRAMEWORK scanning tool
Some usage commands are:
nosqlexp.py -ip localhost -scan
nosqlexp.py -ip localhost -dict mongo -file b.txt
nosqlexp.py -ip localhost -enum couch
nosqlexp.py -ip localhost -enum redis
nosqlexp.py -ip localhost -clone couch
nosqlexp.py -ip localhost -webapp “web_app_link”
This tool is authored by Francis Alexander and you can download the latest release on the following link: https://github.com/torque59/Nosql-Exploitation-Framework.
Source : SecTechno
25 April 2022
25 April 2022
25 April 2022
25 April 2022
25 April 2022
25 April 2022
25 April 2022
04 December 2020
© 2011-2024 All rights reserved
