Skip to content
This repository has been archived by the owner on May 3, 2024. It is now read-only.

eversinc33/Papaya

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits

README.md

README.md

 
 

papaya.py

papaya.py

 
 

requirements.txt

requirements.txt

 
 

screenshot.png

screenshot.png

 
 

Repository files navigation

Papaya

screenshot

Papaya is a tool to test if a MongoDB/NoSQL-based web application is vulnerable to a basic nosql injection on POST login forms, including tests for password and username extraction.

The attack works by injecting nosql's $regex and $eq operators on passwords and usernames.

Usage

python3 papaya.py TARGET_URL
  • test for vulnerability
  • if application is vulnerable, search for a string that is unique in the positive response and set it as the identifier
  • choose an attack

Dependencies

pip install -r requirements.txt

About

NoSQL Injection Tool to bypass login forms & extract usernames/passwords using regular expressions.

Topics

security mongodb nosql bruteforce webapp nosql-injection login-bypass mongodb-injection

Resources

Readme
Activity

Stars

30 stars

Watchers

2 watching

Forks

11 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages