NoSQLMap – Automated NoSQL MongoDB Exploitation Tool


NoSQLMap is an open source Python-based automated NoSQL MongoDB exploitation tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases. It is also intended to attack web applications using NoSQL in order to disclose data from the database.

NoSQLMap - Automated NoSQL MongoDB Exploitation Tool


What is NoSQLMap?

Presently the tool’s exploits are focused around MongoDB, but additional support for other NoSQL based platforms such as CouchDB, Redis, and Cassandra are planned in future releases.

A NoSQL (originally referring to “non SQL”, “non-relational” or “not only SQL”) database provides a mechanism for storage and retrieval of data which is modelled by means other than the tabular relations used in relational databases. Such databases have existed since the late 1960s, but did not obtain the “NoSQL” moniker until a surge of popularity in the early twenty-first century, triggered by the needs of Web 2.0 companies such as Facebook, Google, and Amazon.com.

NoSQL databases are increasingly used in big data and real-time web applications. NoSQL systems are also sometimes called “Not only SQL” to emphasize that they may support SQL-like query languages.

And if you’ve been paying attention, you’ll know you will need some help with MongoDB Security.

Don’t forget to check this too: mongoaudit – MongoDB Auditing & Pen-testing Tool

Requirements for NoSQL MongoDB Exploitation

On a Debian or Red Hat based system, the setup.sh script may be run as root to automate the installation of NoSQLMap’s dependencies.

Varies based on features used:

  • Metasploit Framework,
  • Python with PyMongo,
  • httplib2,
  • and urllib available.
  • A local, default MongoDB instance for cloning databases to

There are some various other libraries required that a normal Python installation should have readily available. Your mileage may vary, check the script.


NoSQLMap MongoDB Hacking Usage Options

  1. Set target host/IP-The target web server (i.e. www.google.com) or MongoDB server you want to attack.
  2. Set web app port-TCP port for the web application if a web application is the target.
  3. Set URI Path-The portion of the URI containing the page name and any parameters but NOT the host name (e.g. /app/acct.php?acctid=102).
  4. Set HTTP Request Method (GET/POST)-Set the request method to a GET or POST; Presently only GET is implemented but working on implementing POST requests exported from Burp.
  5. Set my local Mongo/Shell IP-Set this option if attacking a MongoDB instance directly to the IP of a target Mongo installation to clone victim databases to or open Meterpreter shells to.
  6. Set shell listener port-If opening Meterpreter shells, specify the port.
  7. Load options file-Load a previously saved set of settings for 1-6.
  8. Load options from saved Burp request-Parse a request saved from Burp Suite and populate the web application options.
  9. Save options file-Save settings 1-6 for future use.

You can download NoSQLMap here:

NoSQLMap-0.5.zip

Or read more here.

Posted in: Database Hacking

, ,


Latest Posts:


truffleHog - Search Git for High Entropy Strings with Commit History truffleHog – Search Git for High Entropy Strings with Commit History
truffleHog is a Python-based tool to search Git for high entropy strings, digging deep into commit history and branches. This is effective at finding secrets accidentally committed.
AIEngine - AI-driven Network Intrusion Detection System AIEngine – AI-driven Network Intrusion Detection System
AIEngine is a next-generation interactive/programmable Python/Ruby/Java/Lua and Go AI-driven Network Intrusion Detection System engine with many capabilities.
Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.
UBoat - Proof Of Concept PoC HTTP Botnet Project UBoat – Proof Of Concept PoC HTTP Botnet Project
UBoat is a PoC HTTP Botnet designed to replicate a full weaponised commercial botnet like the famous large scale infectors Festi, Grum, Zeus and SpyEye.
LambdaGuard - AWS Lambda Serverless Security Scanner LambdaGuard – AWS Lambda Serverless Security Scanner
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
exe2powershell - Convert EXE to BAT Files exe2powershell – Convert EXE to BAT Files
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.


Comments are closed.