top of page
Search

Nosqlmap- Kali Linux

Updated: Apr 17, 2023


NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases and web applications using NoSQL in order to disclose or clone data from the database.

A NoSQL (originally referring to “non SQL”, “non relational” or “not only SQL”) database provides a mechanism for storage and retrieval of data which is modeled in means other than the tabular relations used in relational databases.

Such databases have existed since the late 1960s, but did not obtain the “NoSQL” moniker until a surge of popularity in the early twenty-first century, triggered by the needs of Web 2.0 companies such as Facebook, Google, and Amazon.com.


s required that a normal Python installation should have readily available. Your milage may vary, check the script.


Setup

python setup.py install

Alternatively you can build a Docker image by changing to the docker directory and entering:

docker build -t nosqlmap

Usage Instructions


Start with

python NoSQLMap

NoSQLMap uses a menu based system for building attacks. Upon starting NoSQLMap you are presented with with the main menu:

  • Set options (do this first)

  • NoSQL DB Access Attacks

  • NoSQL Web App attacks

  • Scan for Anonymous MongoDB Access

  • Exit

Explanation of options:

  • Set target host/IP-The target web server (i.e. www.google.com) or MongoDB server you want to attack.

  • Set web app port-TCP port for the web application if a web application is the target.

  • Set URI Path-The portion of the URI containing the page name and any parameters but NOT the host name (e.g. /app/acct.php?acctid=102).

  • Set HTTP Request Method (GET/POST)-Set the request method to a GET or POST; Presently only GET is implemented but working on implementing POST requests exported from Burp.

  • Set my local Mongo/Shell IP-Set this option if attacking a MongoDB instance directly to the IP of a target Mongo installation to clone victim databases to or open Meterpreter shells to.

  • Set shell listener port-If opening Meterpreter shells, specify the port.

  • Load options file-Load a previously saved set of settings for 1-6.

  • Load options from saved Burp request-Parse a request saved from Burp Suite and populate the web application options.

  • Save options file-Save settings 1-6 for future use.

  • Back to main menu-Use this once the options are set to start your attacks.


<script async src="https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-5000231061331296"

crossorigin="anonymous"></script>


Tags:

65 views0 comments

Recent Posts

See All

Comments

©2022 www.theblackthreat.in All right reserved.
bottom of page