2. About Me Independent Security Researcher Member of
OpenSecurity Currently Pursuing My B.Tech (Amal Jyothi College of
Engineering) Speaker (Spoke @ Defcon Kerala, Defcon
Bangalore,DerbyCon USA) Will Be Speaking @ Hack in the Box AMS 2014
on NoSQL Security and Exploitation Framework where the full fledged
framework will be released Sleeps @ Morning, Researches and Codes @
Night
3. LongShort NoSQLStory Straight Out of the Box Issues Default
port Mongo:27017,Couch:5984,Redis:6379 Default Security=NULL A
Shodan Search could fetch you 1000s of Servers Easily, P.S: I am
Not Joking Weak Authentication Mechanisms Encryption Issues Session
Hijacking and MiTM Attacks AvailableAuthentication Mechanisms
Difficult to Deploy
4. Why Is the Framework Special ?
5. FEATURES For the FirstTime Ever A Scanning and Enumeration
Framework for NoSQL Databases Written in Python Scanning Module For
Mongo,Couch,Redis Enumeration Module for Mining DB data for Mongo,
Couch and Redis Sniffs For Sessions and Passwords Detection of REST
Interfaces Shodan Search Feature Couch DB Auto Dump Using Session
ID Dictionary Attack Clone and Dump Databases on the Fly. Auto
Screenshot Feature Available for REST Interface Detection for
Master-Slave replication in Mongo and acts accordingly
6. Future Releases Added Support for Web App detection and
Exploitation Stored Procedure Calls (Post Exploitation Phase) Added
Support for Neo4J,H-Base,Cassandra Shodan Header based Search Iron
Python GUIVersion in Progress Multithreaded and Proxy Support
Resource Exhaustion by creating Arbitrary Databases Fuzzing
Module