Tools and Utilities

Here are some tools and utilities commonly used for practices related to database attacks:

redis-cli

A utility used to connect to Redis databases using the command line

Commands

Installation

sudo apt install redis

Usage

sudo redis-cli
sudo redis-cli -h $hostname #Specify hostname

sqlmap

Detect and take advantage of SQL injection vulnerabilities

Commands

Installation

sudo apt install sqlmap

Usage

sqlmap -u $URL #Show the sqli vulnerabilities
sqlmap -u "$URL" --dbms $dbname #Specify what database is
sqlmap -r $file.raw #Use a raw petition to set target information
sqlmap -r $file.raw --dump --dbs #Extract information of the databases
sqlmap -r $file.raw --dump --tables #Extract information of the tables
sqlmap -r $file.raw --dump -T $table #Extract information of an specific table
sqlmap -r $file.raw --level $level #Specify intensity level of the attack

Mongocli

Utility for connecting to MongoDB databases via the command line

Commands

Installation

sudo apt install mongocli

Usage

mongo --port $port

Mongosh

Adapted utility for connecting to MongoDB databases via the command line, similar to Mongocli but with some extra options

Commands

Installation

curl -O https://downloads.mongodb.com/compass/mongosh-2.3.2-linux-x64.tgz
tar xvf mongosh-2.3.2-linux-x64.tgz
mv ./bin/mongosh /usr/local/bin

Usage

mongosh mongodb://$IP:$PORT

PostgreSQL

A command-line utility used to connect or interact with PostgreSQL databases

Commands

Installation

sudo apt install postgresql

Usage

psql -h $IP #Connect to the PostgreSQL service
psql -h $IP -p $port #Connect specifying a port
psql -h $IP -U $username #Connect specifying a user

Last updated 5 months ago