katana.units.web.basic_nosqli
— NoSQL Injection¶
Basic NoSQL Injection
This will attempt basic NoSQL injection (MongoDB) of the form
"username": {"$gt": ""}, "password": {"$gt": ""},
.
It passes a User-Agent to act as a regular Firefox web browser.
This unit inherits from katana.units.web.WebUnit
as that contains
lots of predefined variables that can be used throughout multiple web units.
Warning
This unit automatically attempts to perform malicious actions on the target. DO NOT use this in any circumstances where you do not have the authority to operate!
-
class
katana.units.web.basic_nosqli.
Unit
(*args, **kwargs) Bases:
katana.units.web.WebUnit
-
GROUPS
= ['web', 'shell', 'basic_nosqli'] These are “tags” for a unit. Considering it is a web unit, “web” is included, as well as the tag “shell”, and the name of the unit itself, “basic_nosqli”.
-
PRIORITY
= 25 Priority works with 0 being the highest priority, and 100 being the lowest priority. 50 is the default priorty. This unit has a higher priority.
-
RECURSE_SELF
= False This unit should not recurse on itself.
-
evaluate
(case: Any) Evaluate the target. Attempt to perform NoSQL injection (MongoDB) on the form found on the target web page.
Parameters: case – A case returned by enumerate
. For this unit, theenumerate
function is not used.Returns: None. This function should not return any data.
-