`katana.units.web.basic_nosqli` — NoSQL Injection¶

Basic NoSQL Injection

This will attempt basic NoSQL injection (MongoDB) of the form "username": {"$gt": ""}, "password": {"$gt": ""},.

It passes a User-Agent to act as a regular Firefox web browser.

This unit inherits from katana.units.web.WebUnit as that contains lots of predefined variables that can be used throughout multiple web units.

Warning

This unit automatically attempts to perform malicious actions on the target. DO NOT use this in any circumstances where you do not have the authority to operate!

class katana.units.web.basic_nosqli.Unit(*args, **kwargs)

Bases: katana.units.web.WebUnit

GROUPS = ['web', 'shell', 'basic_nosqli']: These are “tags” for a unit. Considering it is a web unit, “web” is included, as well as the tag “shell”, and the name of the unit itself, “basic_nosqli”.

PRIORITY = 25: Priority works with 0 being the highest priority, and 100 being the lowest priority. 50 is the default priorty. This unit has a higher priority.

RECURSE_SELF = False: This unit should not recurse on itself.

evaluate(case: Any)

Evaluate the target. Attempt to perform NoSQL injection (MongoDB) on the form found on the target web page.

Parameters:	case – A case returned by `enumerate`. For this unit, the `enumerate` function is not used.
Returns:	None. This function should not return any data.

katana.units.web.basic_nosqli — NoSQL Injection¶

`katana.units.web.basic_nosqli` — NoSQL Injection¶