NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases as well as web applications using NoSQL in order to disclose data from the database.

Abusing NoSQL Databases ".





It is named as a tribute to Bernardo Damele and Miroslav's Stampar's popular SQL injection tool sqlmap, and its concepts are based on and extensions of Ming Chow's excellent presentation at Defcon 21, "".

Requirements:

On a Debian or Red Hat based system, the setup.sh script may be run as root to automate the installation of NoSQLMap's dependencies.





Varies based on features used:

Metasploit Framework

Python with PyMongo

httplib2

urllib

A local, default MongoDB instance for cloning databases

Features: