Nosql Exploitation Framework: FrameWork For NoSQL Scanning and Exploitation Framework – Penetration Testing

Nosql Exploitation Framework is a FrameWork For NoSQL Scanning and Exploitation Framework.

Feature:

First Ever Tool With Added Support For Mongo,Couch,Redis,H-Base,Cassandra

Support For NoSQL WebAPPS

Added payload list for JS Injection,Web application Enumeration.

Scan Support for Mongo,CouchDB and Redis

Dictionary Attack Support for Mongo,Cocuh and Redis

Enumeration Module added for the DB’s,retrieves data in db’s @ one shot.

Currently Discover’s Web Interface for Mongo

Shodan Query Feature

MultiThreaded IP List Scanner

Dump and Copy Database features Added for CouchDB

Sniff for Mongo,Couch and Redis

Installation

Install Pip, sudo apt-get install python-setuptools;easy_install pip
git clone http://ift.tt/2sfx9P6
pip install -r requirements.txt
python nosqlframework.py -h (For Help Options)
Installation on Mac/Kali

Run installformac-kali.sh directly
python nosqlframework.py -h (For Help Options)

Installing Nosql Exploitaiton Framework in Virtualenv

virtualenv nosqlframework
source nosqlframework/bin/activate
pip install -r requirements.txt
nosqlframework/bin/python nosqlframework.py -h (For Help Options)
deactivate (After usage)

Usage

nosqlframework.py -ip localhost -scan
nosqlframework.py -ip localhost -dict mongo -file b.txt
nosqlframework.py -ip localhost -enum couch
nosqlframework.py -ip localhost -enum redis
nosqlframework.py -ip localhost -clone couch

Source: Github

The post Nosql Exploitation Framework: FrameWork For NoSQL Scanning and Exploitation Framework appeared first on Penetration Testing.

Anúncios

Deixe um comentário

Preencha os seus dados abaixo ou clique em um ícone para log in:

Logotipo do WordPress.com

Você está comentando utilizando sua conta WordPress.com. Sair / Alterar )

Imagem do Twitter

Você está comentando utilizando sua conta Twitter. Sair / Alterar )

Foto do Facebook

Você está comentando utilizando sua conta Facebook. Sair / Alterar )

Foto do Google+

Você está comentando utilizando sua conta Google+. Sair / Alterar )

Conectando a %s