A FrameWork For NoSQL Scanning and Exploitation Framework

NoSQL Exploitation Framework 2.0 Released

• NoSQL Exploitation Framework Authored By Francis Alexander

• First Ever Tool With Added Support For Mongo,Couch,Redis,H-Base,Cassandra
• Support For NoSQL WebAPPS
• Added payload list for JS Injection,Web application Enumeration.
• Scan Support for Mongo,CouchDB and Redis
• Dictionary Attack Support for Mongo,Cocuh and Redis
• Enumeration Module added for the DB's,retrieves data in db's @ one shot.
• Currently Discover's Web Interface for Mongo
• Shodan Query Feature
• MultiThreaded IP List Scanner
• Dump and Copy Database features Added for CouchDB
• Sniff for Mongo,Couch and Redis

• Modularised approach, Now comes with Configuration file, tweak to your customization
• Multithreaded dictionary attacks,file enumeration
• Support for Heuristic based Redis remote file enumeration,Added Redis System enumeration
• Now select Databases depending upon options -d "Database" -t "table" -d "Dump"
• Improved Scan Support for Mongo,CouchDB,Redis,Cassandra and H-Base
• Improved dump feature
• Bug fixes

• Install Pip, sudo apt-get install python-setuptools;easy_install pip
• pip install -r requirements.txt
• python nosqlframework.py -h (For Help Options)

• Removed the scapy module by default for mac. So this should run by default. If you need to sniff run the script and then continue.
• Run installformac-kali.sh directly
• python nosqlframework.py -h (For Help Options)

• virtualenv nosqlframework
• source nosqlframework/bin/activate
• pip install -r requirements.txt
• nosqlframework/bin/python nosqlframework.py -h (For Help Options)
• deactivate (After usage)

• It would be great seeing this project grow , do contribute by issuing a pull request.

• nosqlframework.py -ip localhost -scan
• nosqlframework.py -ip localhost -dict mongo -file b.txt
• nosqlframework.py -ip localhost -enum couch
• nosqlframework.py -ip localhost -enum redis
• nosqlframework.py -ip localhost -clone couch

• http://imgur.com/4KMntxJ

• Improved Web App Detection
• Support for Neo4j on the way
• Web Interface attack and Fuzz Platform

• Plse report any bugs or queries @ [email protected] @torque59