Skip to content
/ Papaya Public
forked from eversinc33/Papaya

NoSQL Injection Tool to bypass login forms & extract usernames/passwords using regular expressions.

0 stars 12 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

halfluke/Papaya

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
README.md
README.md
 
 
papaya.py
papaya.py
 
 
requirements.txt
requirements.txt
 
 
screenshot.png
screenshot.png
 
 

Repository files navigation

Papaya

screenshot

Papaya is a tool to test if a MongoDB/NoSQL-based web application is vulnerable to a basic nosql injection on POST login forms, including tests for password and username extraction.

The attack works by injecting nosql's $regex and $eq operators on passwords and usernames.

Usage

python3 papaya.py TARGET_URL
  • test for vulnerability
  • if application is vulnerable, search for a string that is unique in the positive response and set it as the identifier
  • choose an attack

Dependencies

pip install -r requirements.txt

About

NoSQL Injection Tool to bypass login forms & extract usernames/passwords using regular expressions.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%