Tools and Utilities
Here are some tools and utilities commonly used for practices related to database attacks:
redis-cli
A utility used to connect to Redis databases using the command line
Commands
Installation
sudo apt install redis
Usage
sudo redis-cli
sudo redis-cli -h $hostname #Specify hostname
sqlmap
Detect and take advantage of SQL injection vulnerabilities
Commands
Installation
sudo apt install sqlmap
Usage
sqlmap -u $URL #Show the sqli vulnerabilities
sqlmap -u "$URL" --dbms $dbname #Specify what database is
sqlmap -r $file.raw #Use a raw petition to set target information
sqlmap -r $file.raw --dump --dbs #Extract information of the databases
sqlmap -r $file.raw --dump --tables #Extract information of the tables
sqlmap -r $file.raw --dump -T $table #Extract information of an specific table
sqlmap -r $file.raw --level $level #Specify intensity level of the attack
Mongocli
Utility for connecting to MongoDB databases via the command line
Commands
Installation
sudo apt install mongocli
Usage
mongo --port $port
Mongosh
Commands
Installation
curl -O https://downloads.mongodb.com/compass/mongosh-2.3.2-linux-x64.tgz
tar xvf mongosh-2.3.2-linux-x64.tgz
mv ./bin/mongosh /usr/local/bin
Usage
mongosh mongodb://$IP:$PORT
PostgreSQL
A command-line utility used to connect or interact with PostgreSQL databases
Commands
Installation
sudo apt install postgresql
Usage
psql -h $IP #Connect to the PostgreSQL service
psql -h $IP -p $port #Connect specifying a port
psql -h $IP -U $username #Connect specifying a user
Last updated