Mongoaudit - A powerful MongoDB auditing and pentesting tool

  •        119

Mongoaudit not only detects mis-configurations, known vulnerabilities and bugs but also gives you advice on how to fix them, recommends best practices and teaches you how to DevOp like a pro! There are quite a few holes in its default configuration settings. This fact, combined with abundant lazy system administrators and developers, led to what the press has called the MongoDB apocalypse.

https://mongoaud.it/
https://github.com/stampery/mongoaudit

Tags
Implementation
License
Platform

   




Related Projects

Beef - Browser Exploitation Framework


BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser.

Nogotofail - Network Security Testing Tool


Nogotofail is a network security testing tool designed to help developers and security researchers spot and fix weak TLS/SSL connections and sensitive cleartext traffic on devices and applications in a flexible, scalable, powerful way. It includes testing for common SSL certificate verification issues, HTTPS and TLS/SSL library bugs, SSL and STARTTLS stripping issues, cleartext issues, and more.

Sqlmap - Automatic SQL injection and database takeover tool


sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

Metasploit Framework - World's most used penetration testing software


Metasploit, helps verify vulnerabilities and manage security assessments. It makes it easy to automate all phases of a penetration test, from choosing the right exploits to streamlining evidence collection and reporting.

Watcher: Web security testing tool and passive vulnerability scanner


A Fiddler plugin that passively checks web application's for a variety of security issues. Watcher acts as assistant to the web developer, tester, or security auditor, by quickly identifying real issues and hot-spots that commonly lead to security problems in web apps.


awesome-pentest - A collection of awesome penetration testing resources, tools and other shiny things


A collection of awesome penetration testing resources. Penetration testing is the practice of launching authorized, simulated attacks against computer systems and their physical infrastructure to expose potential security weaknesses and vulnerabilities.

SniffAir - A framework for wireless pentesting.


SniffAir is an open-source wireless security framework which provides the ability to easily parse passively collected wireless data as well as launch sophisticated wireless attacks. SniffAir takes care of the hassle associated with managing large or multiple pcap files while thoroughly cross-examining and analyzing the traffic, looking for potential security flaws. Along with the prebuilt queries, SniffAir allows users to create custom queries for analyzing the wireless data stored in the backend SQL database. SniffAir is built on the concept of using these queries to extract data for wireless penetration test reports. The data can also be leveraged in setting up sophisticated wireless attacks included in SniffAir as modules. Tested and supported on Kali Linux, Debian and Ubuntu.

inspec - InSpec: Auditing and Testing Framework


InSpec is an open-source testing framework for infrastructure with a human- and machine-readable language for specifying compliance, security and policy requirements.InSpec makes it easy to run your tests wherever you need. More options are found in our CLI docs.

Hardanger - Web Application Penetration Testing Platform


Hardanger is an open source web application penetration testing platform for Microsoft Windows operating systems.

mitmproxy - Intercept HTTP traffic for penetration testing


mitmproxy is an interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers. mitmproxy is an interactive, SSL-capable intercepting proxy with a console interface. mitmdump is the command-line version of mitmproxy. Think tcpdump for HTTP. mitmweb is a web-based interface for mitmproxy.

robomongo - Native cross-platform MongoDB management tool


Robo 3T (formerly Robomongo *) is a shell-centric cross-platform MongoDB management tool. Unlike most other MongoDB admin UI tools, Robo 3T embeds the actual mongo shell in a tabbed interface with access to a shell command line as well as GUI interaction.Starting from version 1.1, Robo 3T embeds the MongoDB 3.4 shell.

ncrack - Ncrack network authentication tool


Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a modular approach, a command-line syntax similar to Nmap and a dynamic engine that can adapt its behaviour based on network feedback. It allows for rapid, yet reliable large-scale auditing of multiple hosts.Ncrack's features include a very flexible interface granting the user full control of network operations, allowing for very sophisticated bruteforcing attacks, timing templates for ease of use, runtime interaction similar to Nmap's and many more. Protocols supported are: SSH, RDP, FTP, Telnet, HTTP(S), POP3(S), IMAP, SMB, VNC, SIP, Redis, PostgreSQL, MySQL, MSSQL, MongoDB, Cassandra, WinRM, OWA.

PwnPi


PwnPi is a Linux-based penetration testing dropbox distribution for the Raspberry Pi. It currently has 200+ network security tools pre-installed to aid the penetration tester. It is built a stripped down version of the Debian Wheezy image from the Raspberry Pi foundation's website and uses Openbox as the window manager. PwnPi can be easily setup to send reverse connections from inside a target network by editing a simple configuration file.

Robomongo - Shell-centric cross-platform MongoDB management tool


Robomongo is a shell-centric cross-platform open source MongoDB management tool (i.e. Admin GUI). Robomongo embeds the same JavaScript engine that powers MongoDB's mongo shell. Everything you can write in mongo shell — you can write in Robomongo. It also provides you with syntax highlighting, autocompletion, different view modes (text, tree, custom) and more.

Metasploitable


This is Metasploitable2 (Linux) Metasploitable is an intentionally vulnerable Linux virtual machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques. The default login and password is msfadmin:msfadmin. Never expose this VM to an untrusted network (use NAT or Host-only mode if you have any questions what that means). To contact the developers, please send email to msfdev@metasploit.com

SQL Data Capture - Black Box Application Testing


A tool for capturing and analyzing data modifications; an audit trail generator with a data modifications viewer. Helps with testing, troubleshooting and exploring application functionality. ASP.NET 3.5 C#, SMO application. Audit and CRUD generators are included.

qark - Tool to look for several security related Android application vulnerabilities


Quick Android Review Kit - This tool is designed to look for several security related Android application vulnerabilities, either in source code or packaged APKs.

accessibility-developer-tools - This is a library of accessibility-related testing and utility code.


This is a library of accessibility-related testing and utility code. Its main component is the accessibility audit: a collection of audit rules checking for common accessibility problems, and an API for running these rules in an HTML page.

Galunggung - Penetration Test Studio


Galunggung is an open source project based .NET framework to build security tools for penetration test. It will consist of security collection tools. These tools also can be applied to penetration test and hacking purpose at your own risk.

SecurityShepherd - Web and mobile application security training platform


The OWASP Security Shepherd Project is a web and mobile application security training platform. Security Shepherd has been designed to foster and improve security awareness among a varied skill-set demographic. The aim of this project is to take AppSec novices or experienced engineers and sharpen their penetration testing skill set to security expert status. We've got fully automated and step by step walkthroughs on our wiki page to help you get Security Shepherd up and running.