Nosql injection username and password enumeration script

Using this script, we can enumerate Usernames and passwords of Nosql(mongodb) injection vulnerable web applications.

git clone https://github.com/an0nlk/Nosql-MongoDB-injection-username-password-enumeration.git

Use

Arguments Description

-h, –h show this help message and exit

-u URL Form submission url. Eg: http://example.com/index.php

-up parameter Parameter name of the username. Eg: username, user

-pp parameter Parameter name of the password. Eg: password, pass

-op parameters Other paramters with the values. Separate each parameter with a comma(,).
Eg: login:Login, submit:Submit

-ep parameter Parameter that need to enumarate. Eg: username, password

-m Method Method of the form. Eg: GET/POST

Arguments	Description
-h, –h	show this help message and exit
-u URL	Form submission url. Eg: http://example.com/index.php
-up parameter	Parameter name of the username. Eg: username, user
-pp parameter	Parameter name of the password. Eg: password, pass
-op parameters	Other paramters with the values. Separate each parameter with a comma(,). Eg: login:Login, submit:Submit
-ep parameter	Parameter that need to enumarate. Eg: username, password
-m Method	Method of the form. Eg: GET/POST

Author: Kalana Sankalpa (Anon LK).

Source: https://github.com/an0nlk/

Rate this post

Tags: NoSQL injection