• Stars
    star
    126
  • Rank 284,543 (Top 6 %)
  • Language
    PHP
  • Created over 7 years ago
  • Updated over 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A lab for playing with NoSQL Injection

NoSQLi Lab

With the rise in popularity of NoSQL I figured it was time to build a lab so I could have a play with the different techniques used to attack them. This lab was the result.

Seeing as I've already played with Redis for some development work I decided to go with MongoDB here. I have built two different scenarios in this lab, an equivalent of the SQLi " or 1=1" vulnerability and also a new type of attack, which is specific to NoSQL, script injection. I might add more later but these were good for a start.

For more information see the full write up on my site:

NoSQLi Lab

More Repositories

1

DVWA

Damn Vulnerable Web Application (DVWA)
PHP
10,022
star
2

CeWL

CeWL is a Custom Word List Generator
Ruby
1,890
star
3

pipal

Pipal, THE password analyser
Ruby
625
star
4

RSMangler

RSMangler will take a wordlist and perform various manipulations on it similar to those done by John the Ripper with a few extras.
Ruby
208
star
5

GitHunter

A tool for searching a Git repository for interesting content
Go
93
star
6

authlab

A lab to play with authentication and authorisation problems
HTML
90
star
7

vuLnDAP

A vulnerable LDAP based web app written in Golang
Go
76
star
8

CloudStorageFinder

A collection of tools to find data that has been made public in cloud storage systems such as S3 Buckets and Digital Ocean Spaces
Ruby
65
star
9

leakyrepo

A repo which contains lots of things which it shouldn't
42
star
10

scanner_user_agents

A list of user agents belonging to common web scanners.
38
star
11

sitediff

Fingerprint a web app using local files as the fingerprint sources
Ruby
36
star
12

svg_xss

Defending against XSS in SVG files
PHP
30
star
13

twofi

Twitter Words of Interest - Generate word lists from twitter searches
Ruby
30
star
14

RSYaba

RSYaba Modular Brute Force Attacker
Ruby
19
star
15

pat_to_pass

Pat to Pass - Convert observed key presses to potential password lists
Ruby
13
star
16

powershell_port_scanner

A port scanner written in PowerShell
PowerShell
12
star
17

deleet

Take a word list and convert 1337 spellings back to normal
Ruby
11
star
18

bearer_injection

A script to run with mitmproxy to inject a bearer token into every request.
Python
10
star
19

gin_tutorial

Learning to build web apps in Gin. Don't expect anything new or ground breaking, I'm just following tutorials.
Go
9
star
20

go_practice

My practice Go files
Go
7
star
21

cracked_flask

A very simple lab for cracking Flask session cookies
Python
7
star
22

ots-cert-demo

Proof of concept code to go with my OTS Certificate blog post
Go
6
star
23

cachepoisoner

A lab to play with web cache poisoning
PHP
6
star
24

typo_squatter

Suggest common typos to a given domain name which could be in use by typo squatters
Ruby
5
star
25

DumbContracts

Learning and playing with Ethereum Smart Contracts
Solidity
4
star
26

digininja

All about me!
2
star
27

sockettome

A lab for security testing web sockets
PHP
2
star
28

dvwa.github.io

Source code for the DVWA homepage.
CSS
1
star
29

october_apache_test

A test for October CMS to see if Apache is setup correctly
PHP
1
star
30

kb2severity

Lookup the MS severity for a given KB
Go
1
star