Tools: NOSQLMap - SQLMap for nosql database
来源:互联网 发布:网络暴力事件案例概括 编辑:程序博客网 时间:2024/05/01 14:21
What is NoSQLMap?
NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases, as well as web applications using NoSQL in order to disclose data from the database. It is named as a tribute to Bernardo Damele and Miroslav's Stampar's popular SQL injection tool SQLmap, and its concepts are based on and extensions of Ming Chow's excellent presentation at Defcon 21, "Abusing NoSQL Databases". Presently the tool's exploits are focused around MongoDB, but additional support for other NoSQL based platforms such as CouchDB, Redis, and Cassandra are planned in future releases; right now the goal is to provide a proof of concept tool to debunk the premise that NoSQL is impervious to SQL injection attacks.
Features
NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases, as well as web applications using NoSQL in order to disclose data from the database. It is named as a tribute to Bernardo Damele and Miroslav's Stampar's popular SQL injection tool SQLmap, and its concepts are based on and extensions of Ming Chow's excellent presentation at Defcon 21, "Abusing NoSQL Databases". Presently the tool's exploits are focused around MongoDB, but additional support for other NoSQL based platforms such as CouchDB, Redis, and Cassandra are planned in future releases; right now the goal is to provide a proof of concept tool to debunk the premise that NoSQL is impervious to SQL injection attacks.
Features
- Automated MongoDB database enumeration and cloning attacks.
- PHP application parameter injection attacks against MongoClient to return all database records.
- Javascript function variable escaping and arbitrary code injection to return all database records.
- Timing based attacks similar to blind SQL injection to validate Javascript injection vulnerabilities with no feedback from the application.
- More coming soon!
Source: http://nosqlmap.net/
0 0
- Tools: NOSQLMap - SQLMap for nosql database
- Tools for Administering the Database
- SAP CCMS tools for database administration
- Evaluating NoSQL performance: Which database is right for your data?
- Security-Database Best IT Security Tools for 2009
- Slide Show: 10 SQL Injection Tools For Database Pwnage
- Oracle NoSQL Database
- Sqlmap plugin for BurpSuite
- Sqlmap tutorial for beginners
- Comparison of database tools
- 《Survey on NoSQL Database》翻译
- NoSql database——Redis
- spring starter project (STS tools)构建工程 Cannot determine embedded database driver class for
- 如何用好NoSQL?Database-as-a-Service
- Picking the Right NoSQL Database Tool
- 甲骨文发布NoSQL Database 2.0版本
- sqlmap
- sqlmap
- HTML中td元素的nowrap属性
- mongoDB存java object
- Git详解之五 分布式Git
- 服务器部署
- javascript高级程序设计学习笔记一
- Tools: NOSQLMap - SQLMap for nosql database
- Oracle 不同故障的恢复方案 .
- hdu 4737 A Bit Fun
- 安装rlwrap工具
- 非结构化数据--mongodb数据库的基本操作
- 胡侃学习(理论)计算机
- 怎样解决maven项目中依赖的jar包和tomcat中的jar包的冲突
- 在初始对话框中利用函数GetCommandLineW获取MFC程序的命令行参数
- VIdeos: AppSecUSA 2013