Latest change v0.5.1.1:
+ Update nsmcouch.py
+ idea/NoSQLMap-v0.5.iml & nosqlmap.py; fix two bug of set local mongoDB/shell IP:
Every time when user input Invalid IP, goodLen and goodDigits should be reset. If not do this, there will be a bug
For example enter 10.0.0.1234 firtly and the goodLen will be set to True and goodDigits will be set to False
Second step enter 10.0.123, because goodLen has already been set to True, this invalid IP will be put in myIP variables
line number is 313
set local mongoDB IP
NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases as well as web applications using NoSQL in order to disclose data from the database.
It is named as a tribute to Bernardo Damele and Miroslav’s Stampar’s popular SQL injection tool sqlmap, and its concepts are based on and extensions of Ming Chow’s excellent presentation at Defcon 21, “Abusing NoSQL Databases”. Presently the tool’s exploits are focused around MongoDB, but additional support for other NoSQL based platforms such as CouchDB, Redis, and Cassandra are planned in future releases.
On a Debian or Red Hat based system, the setup.sh script may be run as root to automate the installation of NoSQLMap’s dependencies.
Varies based on features used:
+ Metasploit Framework
+ Python with PyMongo
+ and urllib available.
– Automated MongoDB and CouchDB database enumeration and cloning attacks.
– Extraction of database names, users, and password hashes through MongoDB web applications.
– Scanning subnets or IP lists for MongoDB and CouchDB databases with default access and enumerating versions.
– Dictionary and brute force password cracking of recovered MongoDB and CouchDB hashes.
– PHP application parameter injection attacks against MongoClient to return all database records.
Installation using git:
git clone https://github.com/tcstool/NoSQLMap && cd NoSQLMap
Makesure all dependency has been install like Metasploit Framework & MongoDB.
apt-get install mongodb (make sure you have privileges access/root user)
sudo apt-get install python-pbkdf2 (don't use pip, error because letter & upper case PBKDF2)
sudo apt-get install python-httplib2
sudo apt-get install python-ipcalc
sudo apt-get install python-couchdb
sudo apt-get install python-pymongo
git pull origin master
Source : http://www.nosqlmap.net | Our post Before