Mongoaudit - A powerful MongoDB auditing and pentesting tool

  •        109

Mongoaudit not only detects mis-configurations, known vulnerabilities and bugs but also gives you advice on how to fix them, recommends best practices and teaches you how to DevOp like a pro! There are quite a few holes in its default configuration settings. This fact, combined with abundant lazy system administrators and developers, led to what the press has called the MongoDB apocalypse.

https://mongoaud.it/
https://github.com/stampery/mongoaudit

Tags
Implementation
License
Platform

   




Related Projects

Beef - Browser Exploitation Framework


BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser.

Nogotofail - Network Security Testing Tool


Nogotofail is a network security testing tool designed to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way. It includes testing for common SSL certificate verification issues, HTTPS and TLS/SSL library bugs, SSL and STARTTLS stripping issues, cleartext issues, and more.

Sqlmap - Automatic SQL injection and database takeover tool


sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

Metasploit Framework - World's most used penetration testing software


Metasploit, helps verify vulnerabilities and manage security assessments. It makes it easy to automate all phases of a penetration test, from choosing the right exploits to streamlining evidence collection and reporting.

Watcher: Web security testing tool and passive vulnerability scanner


A Fiddler plugin that passively checks web application's for a variety of security issues. Watcher acts as assistant to the web developer, tester, or security auditor, by quickly identifying real issues and hot-spots that commonly lead to security problems in web apps.



inspec - InSpec: Auditing and Testing Framework


InSpec is an open-source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security and policy requirements.InSpec makes it easy to run your tests wherever you need. More options are found in our CLI docs.

AATT - Automated Accessibility Testing Tool


Browser-based accessibility testing tools and plugins require manually testing each page, one at a time. Tools that can crawl a website can only scan pages that do not require login credentials, and that are not behind a firewall. Instead of developing, testing, and using a separate accessibility test suite, you can now integrate accessibility testing into your existing automation test suite using AATT.AATT tests web applications regarding conformance to the Web Content Accessibility Guidelines (WCAG) 2.0. Find a list of the WCAG 2.0 rules checked by HTMLCS Engine on the HTML CodeSniffer WCAG Standard Summary page and Chrome Engine on the Google Chrome Developer Audit rules. AATT provides an accessibility API and custom web application for HTML CodeSniffer, Axe and Chrome developer tool. Using the AATT web application, you can configure test server configurations inside the firewall, and test individual pages.

Hardanger - Web Application Penetration Testing Platform


Hardanger is an open source web application penetration testing platform for Microsoft Windows operating systems.

Benchmark


The OWASP Benchmark Project is a Java test suite designed to verify the speed and accuracy of vulnerability detection tools. The initial version is intended to support Static Analysis Security Testing Tools (SAST). A future release will support Dynamic Analysis Security Testing Tools (DAST), like OWASP ZAP, and Interactive Analysis Security Testing Tools (IAST). The goal is that this test application is fully runnable and all the vulnerabilities are actually exploitable so its a fair test for an

bench - A simple nodejs/autobench tool for testing mongodb and couchbase performance


A simple nodejs/autobench tool for testing mongodb and couchbase performance

mongo-perl-driver - Perl driver for the MongoDB


This file describes requirements and procedures for developing and testing the MongoDB Perl driver from its code repository. For instructions installing from CPAN or tarball, see the INSTALL.md file instead.While this distribution is shipped using Dist::Zilla, you do not need to install it or use it for development and testing.

DBMS-test-tools - Comparison testing any DBMS (ZODB vs MySQL vs MongoDB vs ,,,)


Comparison testing any DBMS (ZODB vs MySQL vs MongoDB vs ,,,)

mitmproxy - Intercept HTTP traffic for penetration testing


mitmproxy is an interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers. mitmproxy is an interactive, SSL-capable intercepting proxy with a console interface. mitmdump is the command-line version of mitmproxy. Think tcpdump for HTTP. mitmweb is a web-based interface for mitmproxy.

PHP-Mysql-to-MongoDB - PHP-CLI Migration from MySQL to MongoDB Tool


PHP-CLI Migration from MySQL to MongoDB Tool

robomongo - Native cross-platform MongoDB management tool


Robo 3T (formerly Robomongo *) is a shell-centric cross-platform MongoDB management tool. Unlike most other MongoDB admin UI tools, Robo 3T embeds the actual mongo shell in a tabbed interface with access to a shell command line as well as GUI interaction.Starting from version 1.1, Robo 3T embeds the MongoDB 3.4 shell.

PwnPi


PwnPi is a Linux-based penetration testing dropbox distribution for the Raspberry Pi. It currently has 200+ network security tools pre-installed to aid the penetration tester. It is built a stripped down version of the Debian Wheezy image from the Raspberry Pi foundation's website and uses Openbox as the window manager. PwnPi can be easily setup to send reverse connections from inside a target network by editing a simple configuration file.

Robomongo - Shell-centric cross-platform MongoDB management tool


Robomongo is a shell-centric cross-platform open source MongoDB management tool (i.e. Admin GUI). Robomongo embeds the same JavaScript engine that powers MongoDB's mongo shell. Everything you can write in mongo shell — you can write in Robomongo. It also provides you with syntax highlighting, autocompletion, different view modes (text, tree, custom) and more.

python-mongodb-blog - Simple blog application used for testing MongoDB Replica Sets


Simple blog application used for testing MongoDB Replica Sets

vagrant-mongodb - Vagrant basebox for Mongodb testing


Vagrant basebox for Mongodb testing