A FrameWork For NoSQL Scanning, Enumeration and Exploitation.

NoSQL Databases have gained popularity and its security has always been under the scanner.



The tool has support for over 5 databases MongoDB,CouchDB,Redis,H-Base and Cassandra.

Added Features:

First Ever Tool With Added Support For Mongo,Couch,Redis,H-Base,Cassandra

Support For NoSQL WebAPPS

Added payload list for JS Injection,Web application Enumeration.

Scan Support for Mongo,CouchDB and Redis

Dictionary Attack Support for Mongo,Cocuh and Redis

Enumeration Module added for the DB's,retrieves data in db's @ one shot.

Currently Discover's Web Interface for Mongo

Shodan Query Feature

MultiThreaded IP List Scanner

Dump and Copy Database features Added for CouchDB

Sniff for Mongo,Couch and Redis

Installation

Run chmod+x install.sh nosqlmap.py

./install.sh

nosqlexp.py -h (For Help Options)

Sample Usage

nosqlexp.py -ip localhost -scan

nosqlexp.py -ip localhost -dict mongo -file b.txt

nosqlexp.py -ip localhost -enum couch

nosqlexp.py -ip localhost -enum redis

nosqlexp.py -ip localhost -clone couch

nosqlexp.py -ip localhost -webapp "web_app_link"





NoSQL Databases are schema less databases. They were invented to store data easily and flexibly.The NoSQL Exploitation Framework focuses scanning,enumerating and exploiting these databases.