NoSQLAttack: automate exploit MongoDB server IP on Internet
NoSQLAttack is an open source Python tool to automate expose MongoDB server IP on the internet and disclose the database data by MongoDB default configuration weaknesses and injection attacks. Presently, this project focuses on MongoDB.
Some attack tests are based on and extensions of following papers
- Diglossia: Detecting Code Injection Attacks with Precision and Efficiency
- No SQL, No Injection?
- Several thousand MongoDBs without access control on the Internet.
git clone https://github.com/youngyangyang04/NoSQLAttack.git
python setup.py install
Copyright (C) 2017 youngyangyang04