Nosql Exploitation Framework: FrameWork For NoSQL Scanning and Exploitation Framework

Nosql Exploitation Framework is a FrameWork For NoSQL Scanning and Exploitation Framework.

Feature:

  • First Ever Tool With Added Support For Mongo,Couch,Redis,H-Base,Cassandra
  • Support For NoSQL WebAPPS
  • Added payload list for JS Injection,Web application Enumeration.
  • Scan Support for Mongo,CouchDB and Redis
  • Dictionary Attack Support for Mongo,Cocuh and Redis
  • Enumeration Module added for the DB’s,retrieves data in db’s @ one shot.
  • Currently Discover’s Web Interface for Mongo
  • Shodan Query Feature
  • MultiThreaded IP List Scanner
  • Dump and Copy Database features Added for CouchDB
  • Sniff for Mongo,Couch and Redis

Installation

Install Pip, sudo apt-get install python-setuptools;easy_install pip

git clone https://github.com/torque59/Nosql-Exploitation-Framework.git
pip install -r requirements.txt
python nosqlframework.py -h (For Help Options)
Installation on Mac/Kali

Run installformac-kali.sh directly
python nosqlframework.py -h (For Help Options)

Installing Nosql Exploitaiton Framework in Virtualenv

virtualenv nosqlframework
source nosqlframework/bin/activate
pip install -r requirements.txt
nosqlframework/bin/python nosqlframework.py -h (For Help Options)
deactivate (After usage)

 Usage

nosqlframework.py -ip localhost -scan

nosqlframework.py -ip localhost -dict mongo -file b.txt
nosqlframework.py -ip localhost -enum couch
nosqlframework.py -ip localhost -enum redis
nosqlframework.py -ip localhost -clone couch

Source: Github