Note: This software was intended to be used for Demonstration and Learning Purposes only. The author is not responsible for any damage it may cause and user holds full responsibility of his/her actions.
NoSQLAttack is an open source Python tool to automate expose MongoDB server IP on the internet and disclose the database data by MongoDB default configuration weaknesses and injection attacks. Presently, this project focuses on MongoDB.
Injection attacks, for example php array injection, js injection and mongo shell injection, endanger mongoDB. There are thousands of mongoDB are exposed on the internet, and hacker can download data from exposed mongoDB.
Usage and building from source:
git clone https://github.com/youngyangyang04/NoSQLAttack && cd NoSQLAttack
python setup.py install
just typping on Terminal NoSQLAttack
cd NoSQLAttack [on your path]