A FrameWork For NoSQL Scanning and Exploitation Framework
NoSQL Exploitation Framework 2.0 Released
- NoSQL Exploitation Framework Authored By Francis Alexander
- First Ever Tool With Added Support For Mongo,Couch,Redis,H-Base,Cassandra
- Support For NoSQL WebAPPS
- Added payload list for JS Injection,Web application Enumeration.
- Scan Support for Mongo,CouchDB and Redis
- Dictionary Attack Support for Mongo,Cocuh and Redis
- Enumeration Module added for the DB's,retrieves data in db's @ one shot.
- Currently Discover's Web Interface for Mongo
- Shodan Query Feature
- MultiThreaded IP List Scanner
- Dump and Copy Database features Added for CouchDB
- Sniff for Mongo,Couch and Redis
- Modularised approach, Now comes with Configuration file, tweak to your customization
- Multithreaded dictionary attacks,file enumeration
- Support for Heuristic based Redis remote file enumeration,Added Redis System enumeration
- Now select Databases depending upon options -d "Database" -t "table" -d "Dump"
- Improved Scan Support for Mongo,CouchDB,Redis,Cassandra and H-Base
- Improved dump feature
- Bug fixes
- Install Pip, sudo apt-get install python-setuptools;easy_install pip
- pip install -r requirements.txt
- python nosqlframework.py -h (For Help Options)
- Run installformac-kali.sh directly
- python nosqlframework.py -h (For Help Options)
- virtualenv nosqlframework
- source nosqlframework/bin/activate
- pip install -r requirements.txt
- nosqlframework/bin/python nosqlframework.py -h (For Help Options)
- deactivate (After usage)
- It would be great seeing this project grow , do contribute by issuing a pull request.
- nosqlframework.py -ip localhost -scan
- nosqlframework.py -ip localhost -dict mongo -file b.txt
- nosqlframework.py -ip localhost -enum couch
- nosqlframework.py -ip localhost -enum redis
- nosqlframework.py -ip localhost -clone couch
- Improved Web App Detection
- Support for Neo4j on the way
- Web Interface attack and Fuzz Platform
- Plse report any bugs or queries @ helofrancis@gmail.com @torque59