Skip to content

Commit a605dcf

Browse files
tcstooltcstool
committed
Doc updates
Added MongoDB install instructions and better detail for app settings. Corrected one spelling error.
1 parent e8b389e commit a605dcf

File tree

1 file changed

+5
-2
lines changed

1 file changed

+5
-2
lines changed

README.md

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@ Varies based on features used:
1818
- Python with PyMongo,
1919
- httplib2,
2020
- and urllib available.
21+
- A local, default MongoDB instance for cloning databases to. Check ["here"](http://docs.mongodb.org/manual/installation/) for installation instructions.
2122

2223
There are some various other libraries required that a normal Python installation should have readily available. Your milage may vary, check the script.
2324

@@ -51,7 +52,7 @@ Explanation of options:
5152
```
5253
1. Set target host/IP-The target web server (i.e. www.google.com) or MongoDB server you want to attack.
5354
2. Set web app port-TCP port for the web application if a web application is the target.
54-
3. Set URI Path-The portion of the URI containing the page name and any parameters but NOT the host name (e.g. acct.php?acctid=102).
55+
3. Set URI Path-The portion of the URI containing the page name and any parameters but NOT the host name (e.g. /app/acct.php?acctid=102).
5556
4. Set HTTP Request Method (GET/POST)-Set the request method to a GET or POST; Presently only GET is implemented but working on implementing POST requests exported from Burp.
5657
5. Set my local Mongo/Shell IP-Set this option if attacking a MongoDB instance directly to the IP of a target Mongo installation to clone victim databases to or open Meterpreter shells to.
5758
6. Set shell listener port-If opening Meterpreter shells, specify the port.
@@ -60,11 +61,13 @@ Explanation of options:
6061
9. Back to main menu-Use this once the options are set to start your attacks.
6162
```
6263

63-
Once options are set head back to the main menu and select DB access attacks or web app attacks as appropriate. The rest of the tool is "wizard" based and fairl self explanatory, but send emails to [email protected] or find me on Twitter [@tcstoolHax0r](https://twitter.com/tcstoolHax0r) if you have any questions or suggestions.
64+
Once options are set head back to the main menu and select DB access attacks or web app attacks as appropriate for whether you are attacking a NoSQL management port or web application. The rest of the tool is "wizard" based and fairly self explanatory, but send emails to [email protected] or find me on Twitter [@tcstoolHax0r](https://twitter.com/tcstoolHax0r) if you have any questions or suggestions.
6465

6566
Video
6667
=====
6768

6869
NoSQLMap MongoDB Management Attack Demo.
6970

7071
<a href="http://www.youtube.com/watch?feature=player_embedded&v=xSFi-jxOBwM" target="_blank"><img src="http://img.youtube.com/vi/xSFi-jxOBwM/0.jpg" alt="NoSQLMap MongoDB Management Attack Demo" width="240" height="180" border="10" /></a>
72+
73+

0 commit comments

Comments
 (0)