Tools: NOSQLMap - SQLMap for nosql database

发布时间：2020-12-13 13:48:27 所属栏目：百科来源：网络整理

导读：What is NoSQLMap? NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases,as well as web applications using NoSQL in order to disclo

What is NoSQLMap?

NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases,as well as web applications using NoSQL in order to disclose data from the database. It is named as a tribute to Bernardo Damele and Miroslav's Stampar's popular SQL injection tool SQLmap,and its concepts are based on and extensions of Ming Chow's excellent presentation at Defcon 21,"Abusing NoSQL Databases". Presently the tool's exploits are focused around MongoDB,but additional support for other NoSQL based platforms such as CouchDB,Redis,and Cassandra are planned in future releases; right now the goal is to provide a proof of concept tool to debunk the premise that NoSQL is impervious to SQL injection attacks.

Features

Automated MongoDB database enumeration and cloning attacks.
PHP application parameter injection attacks against MongoClient to return all database records.
Javascript function variable escaping and arbitrarycode injection to return all database records.
Timing based attacks similar to blind SQL injection to validate Javascript injection vulnerabilities with no feedback from the application.
More coming soon!

Source: http://nosqlmap.net/

（编辑：李大同）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!