• Stars
    star
    286
  • Rank 144,690 (Top 3 %)
  • Language
    Python
  • License
    GNU General Publi...
  • Created over 8 years ago
  • Updated over 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

NoSQLAttack is an open source Python tool to automate exploit MongoDB server IP on Internet and disclose the database data by MongoDB default configuration weaknesses and injection attacks.

中文说明

NoSQLAttack

Introduction

NoSQLAttack is an open source Python tool to automate expose MongoDB server IP on the internet and disclose the database data by MongoDB default configuration weaknesses and injection attacks. Presently, this project focuses on MongoDB.

Some attack tests are based on and extensions of follow papers

There are two systems for testing NoSQL injection in this project-NoSQLInjectionAttackDemo.

Background

NoSQL injection attacks, for example php array injection, javascript injection and mongo shell injection, endanger mongoDB. There are thousands of mongoDB are exposed on the internet, and hacker can download data from exposed mongoDB.

Requirements

On a Debian or Red Hat based system, NoSQLAttack's dependencies already be writen in setup.py. This project is built on Pycharm COMMUNITY 2016.1 with python 2.7.10.

Varies based on features used:

  • Shodan-1.5.3
  • httplib2-0.9
  • Python-2.7
  • pymongo-2.7.2
  • requests-2.5.0
  • ipcalc-1.1.3
  • MongoDB

Building

On Linux, it goes something like this:

cd NoSQLAttack
python setup.py install

Tips

  • If after entering "python setup.py install", terminal show error information "No module named setuptools", just install setuptools. On Ubuntu, "sudo apt-get install python-setuptools", this command is useful
  • Install MongoDB for MongoDB default configuration attack.

Usage

After building, you can run NoSQLAttack like this:

NoSQLAttack

Upon starting NoSQLAttack you are presented with the main menu:

================================================
        _   _       _____  _____ _                      
       | \ | |     /  ___||  _  | |                     
       |  \| | ___ \ `--. | | | | |                   
       | . ` |/ _ \ `--. \| | | | |                    
       | |\  | (_) /\__/ /\ \/' / |____          
       \_| \_/\___/\____/  \_/\_\_____/                  
                                        _          
    /\      _      _                   | |  _        
   /  \   _| |_  _| |    _____    ___  | | / /       
  / /\ \ |_   _||_   _| / __  \  / __| | |/ /        
 / /--\ \  | |_   | |_  | |_| | | |__  | |\ \       
/ / -- \ \ \___\  \___\ \______\ \___| | | \_\      
================================================    
NoSQLAttack-v0.2
[email protected]


1-Scan attacked IP
2-Configurate parameters
3-MongoDB Access Attacks
4-Injection Attacks
x-Exit

videos

NoSQLAttack Demo for MongoDB.

(1)default configuration Attacks demo (2)injection attacks demo

NoSQLAttack MongoDB default configuration Attacks demo NoSQLAttack MongoDB default configuration Attacks demo

More Repositories

1

leetcode-master

《代码随想录》LeetCode 刷题攻略:200道经典题目刷题顺序,共60w字的详细图解,视频难点剖析,50余张思维导图,支持C++,Java,Python,Go,JavaScript等多语言版本,从此算法学习不再迷茫!🔥🔥 来看看,你会发现相见恨晚!🚀
Shell
38,350
star
2

Skiplist-CPP

A tiny KV storage based on skiplist written in C++ language| 使用C++开发,基于跳表实现的轻量级键值数据库🔥🔥 🚀
C++
1,424
star
3

TechCPP

【C++面试&C++学习指南】 这里整理了C++后端研发工程师面试和工作必备的知识点 。
1,321
star
4

PowerVim

Make your vim more power and much easer.
Vim Script
1,116
star
5

Markdown-Resume-Template

BAT程序员自己的简历模板分享出来了 。技术简历追求简单明了,避免没有必要的花哨修饰,大家可以fork到自己仓库中,基于这个模板进行修改。
684
star
6

DesignPattern

This repository is built for design pattern in C++
C++
187
star
7

youngyangyang04

147
star
8

fileHttpServer

A simple file HTTP server, written in golang, that include get, put, post method to upload files
Go
130
star
9

Gomoku

五子棋对战游戏,支持多个client同时在线对战,由于游戏性质,使用典型的同步阻塞IO模型,多进程提供服务
C
82
star
10

NoSQLInjectionAttackDemo

NoSQLInjectionAttackDemo is website demo for test NoSQL Injection. There are two website demos in this project and all databases are mongoDB
CSS
40
star
11

NetworkDisk

【代码随想录知识星球】项目分享-基于Vue和Spring Boot等技术构建的前后端分离、分布式的网盘系统
Java
21
star
12

PowerSqlgen

Generate sqls to test mysql database
Shell
20
star
13

interview-master

面试大师
9
star
14

algorithm-interview-course

算法面试通关精讲
C++
8
star
15

Backend-Developer-Interview-Tutorial

史上最全的后端开发面试攻略
7
star
16

CS-Books

📚 计算机技术类书籍 PDF 最强总结
6
star
17

vssue

4
star
18

planeGame

my plane game
Java
3
star
19

codestyle

尽量不要写重复的代码
C++
3
star
20

RPC-Java

【代码随想录知识星球】项目分享-手撕RPC框架
2
star
21

KVstorageBaseRaft-cpp

【代码随想录知识星球】项目分享-基于Raft的k-v存储数据库
1
star
22

youngyangyang04.github.io

Carl Sun's BLOG
CSS
1
star
23

APPbackendFramework

A simple APP backend framework
PHP
1
star
24

Documents

This repository is for sharing my documents
1
star
25

test2

C
1
star
26

fileScan_1

Part of the OMS infrastructure. generates xml file by scan the local project, analyze the xml and download the bundle that the system need by scan properties file that include the many websites infomation.
Java
1
star