View Issue Details

IDProjectCategoryView StatusLast Update
0003326Kali LinuxNew Tool Requestspublic2020-02-11 16:09
ReporterUNATCO Assigned To 
PrioritynormalSeverityfeatureReproducibilityalways
Status closedResolutionwon't fix 
Summary0003326: NoSQLMap
Description

http://nosqlmap.net

Automated MongoDB and CouchDB database enumeration and cloning attacks.

Extraction of database names, users, and password hashes through MongoDB web applications.

Scanning subnets or IP lists for MongoDB and CouchDB databases with default access and enumerating versions.

Dictionary and brute force password cracking of recovered MongoDB and CouchDB hashes.

PHP application parameter injection attacks against MongoClient to return all database records.

Javascript function variable escaping and arbitrary code injection to return all database records.

Timing based attacks similar to blind SQL injection to validate Javascript injection vulnerabilities with no feedback from the application.

Steps To Reproduce

Please add to repos when you get the chance. AWESOME tool.

Additional Information

Note: If you are having issues with testing SSL web applications with self-signed or untrusted certificates on Kali Linux 2.0, this is a known issue. As a workaround, add the certificate to the system trusted certificates which should allow testing to function properly.

https://github.com/tcstool/NoSQLMap/issues/30

Relationships

duplicate of 0002988 closed NoSQLMap 

Activities

UNATCO

UNATCO

2016-06-16 19:58

reporter   ~0005384

g0tmi1k, sorry for posting a duplicate, but it's such a useful program; had to. Anyone else want this?

UNATCO

UNATCO

2016-07-09 14:16

reporter   ~0005485

Bug Board Firewall blocks me posting the Traceback output when trying to run NoSQLMap after make & install. Seems to think it's some kind of attempted exploit lol.

The gist from the Traceback is "ImportError: No module named nsmscan" with NoSQLMap not running.

Please, please, please consider adding to the repos. Thanks.

tcstool

tcstool

2016-07-11 16:17

reporter   ~0005520

Thanks for supporting my tool guys! Would love to see it in Kali.

Self-signed cert issue should be fixed in version 0.7 which is in the "stable" branch on github.

NSMScan is an internal module which should be cloned with the Github repo. Email me at [email protected] if you continue to have issues.

UNATCO

UNATCO

2016-07-16 04:56

reporter   ~0005544

tcstool, thank you for posting here. Look forward to seeing your tool in the repos soon. It's badly needed...

Have tried to build nosqlmap on multiple installs of Kali and the same Pythhon 2.7 nsmscan problem pops up.

The verbatim traceback triggers the Bug Tracker firewall and blocks the post. lmao

Contacted the administrators about it already and not much can be done other than posting it as an attachment.

tcstool

tcstool

2016-07-21 02:00

reporter   ~0005565

This should be fixed now...In case this was a stopping point from it being added to the repos.

UNATCO

UNATCO

2016-07-21 06:02

reporter   ~0005566

IT WORKS!!!

THANK YOU, THANK YOU, THANK YOU!!!

Okay... NoSQLMap now works GREAT with Kali. Please add to the repos. Please.

UNATCO

UNATCO

2016-08-03 23:33

reporter   ~0005621

Still working great. Any interest in adding to the repos from the admins?

g0tmi1k

g0tmi1k

2018-01-29 15:06

administrator   ~0008436

To help speed up the process of evaluating the tool, please make sure to include the following information (the more information you include, the more beneficial it will for us):

  • [Name] - The name of the tool
  • [Version] - What version of the tool should be added?
    --- If it uses source control (such as git), please make sure there is a release to match (e.g. git tag)
  • [Homepage] - Where can the tool be found online? Where to go to get more information?
  • [Download] - Where to go to get the tool?
  • [Author] - Who made the tool?
  • [Licence] - How is the software distributed? What conditions does it come with?
  • [Description] - What is the tool about? What does it do?
  • [Dependencies] - What is needed for the tool to work?
  • [Similar tools] - What other tools are out there?
  • [How to install] - How do you compile it?
  • [How to use] - What are some basic commands/functions to demonstrate it?
g0tmi1k

g0tmi1k

2020-02-11 16:08

administrator   ~0012240

Its python 2 (currently) - which is EOL https://github.com/codingo/NoSQLMap/issues/97

Issue History

Date Modified Username Field Change
2016-06-01 08:05 UNATCO New Issue
2016-06-01 08:06 g0tmi1k Relationship added duplicate of 0002988
2016-06-16 19:58 UNATCO Note Added: 0005384
2016-07-09 14:16 UNATCO Note Added: 0005485
2016-07-11 16:17 tcstool Note Added: 0005520
2016-07-16 04:56 UNATCO Note Added: 0005544
2016-07-21 02:00 tcstool Note Added: 0005565
2016-07-21 06:02 UNATCO Note Added: 0005566
2016-08-03 23:33 UNATCO Note Added: 0005621
2018-01-29 14:23 g0tmi1k Summary Please Add NoSQLMap to the Repos => NoSQLMap
2018-01-29 14:23 g0tmi1k Description Updated
2018-01-29 15:06 g0tmi1k Note Added: 0008436
2018-02-21 09:35 g0tmi1k Product Version 2016.1 =>
2019-12-09 13:30 g0tmi1k Severity minor => feature
2020-02-11 16:08 g0tmi1k Note Added: 0012240
2020-02-11 16:09 g0tmi1k Status new => closed
2020-02-11 16:09 g0tmi1k Resolution open => won't fix