TechKnow

Author Topic: NoSQLMap ( Automated NoSQL database enumeration )  (Read 233 times)

0 Members and 1 Guest are viewing this topic.

Offline Conner Snowden

  • EHVSN
  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
  • Hussssh !!
NoSQLMap ( Automated NoSQL database enumeration )
« on: February 14, 2018, 06:49:58 PM »
NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases and web applications using NoSQL in order to disclose or clone data from the database.

Originally authored by tcsstool and now maintained by codingo_ NoSQLMap is named as a tribute to Bernardo Damele and Miroslav's Stampar's popular SQL injection tool sqlmap. Its concepts are based on and extensions of Ming Chow's excellent presentation at Defcon 21, "Abusing NoSQL Databases".

What is NoSQL?
A NoSQL (originally referring to "non SQL", "non relational" or "not only SQL") database provides a mechanism for storage and retrieval of data which is modeled in means other than the tabular relations used in relational databases. Such databases have existed since the late 1960s, but did not obtain the "NoSQL" moniker until a surge of popularity in the early twenty-first century, triggered by the needs of Web 2.0 companies such as Facebook, Google, and Amazon.com. NoSQL databases are increasingly used in big data and real-time web applications. NoSQL systems are also sometimes called "Not only SQL" to emphasize that they may support SQL-like query languages.

Requirements
On a Debian or Red Hat based system, the setup.sh script may be run as root to automate the installation of NoSQLMap's dependencies.

Varies based on features used:

Metasploit Framework,
Python with PyMongo,
httplib2,
and urllib available.
A local, default MongoDB instance for cloning databases to


Download
https://github.com/codingo/NoSQLMap
Knock knock , i was here !