NoSQLAttack v0.2 - tool to automate exploit MongoDB server IP on Internet.

NoSQLAttack v0.2 – tool to automate exploit MongoDB server IP on Internet.

Note: This software was intended to be used for Demonstration and Learning Purposes only. The author is not responsible for any damage it may cause and user holds full responsibility of his/her actions.

NoSQLAttack is an open source Python tool to automate expose MongoDB server IP on the internet and disclose the database data by MongoDB default configuration weaknesses and injection attacks. Presently, this project focuses on MongoDB.

Background
Injection attacks, for example php array injection, js injection and mongo shell injection, endanger mongoDB. There are thousands of mongoDB are exposed on the internet, and hacker can download data from exposed mongoDB.

NoSQLAttack v0.2

NoSQLAttack v0.2

Requirements:
+ Shodan-1.5.3
+ httplib2-0.9
+ Python-2.7
+ pymongo-2.7.2
+ requests-2.5.0
+ ipcalc-1.1.3
+ MongoDB

Usage and building from source:

Source: https://github.com/youngyangyang04