Tools and Utilities

Here are some tools and utilities commonly used for practices related to database attacks:

redis-cli

  • A utility used to connect to Redis databases using the command line

Commands

  • Installation

sudo apt install redis

  • Usage

sudo redis-cli
sudo redis-cli -h $hostname #Specify hostname

sqlmap

  • Detect and take advantage of SQL injection vulnerabilities

Commands

  • Installation

sudo apt install sqlmap

  • Usage

sqlmap -u $URL #Show the sqli vulnerabilities
sqlmap -u "$URL" --dbms $dbname #Specify what database is
sqlmap -r $file.raw #Use a raw petition to set target information
sqlmap -r $file.raw --dump --dbs #Extract information of the databases
sqlmap -r $file.raw --dump --tables #Extract information of the tables
sqlmap -r $file.raw --dump -T $table #Extract information of an specific table
sqlmap -r $file.raw --level $level #Specify intensity level of the attack

Mongocli

  • Utility for connecting to MongoDB databases via the command line

Commands

  • Installation

sudo apt install mongocli

  • Usage

mongo --port $port

Mongosh

  • Adapted utility for connecting to MongoDB databases via the command line, similar to Mongocli but with some extra options

Commands

  • Installation

curl -O https://downloads.mongodb.com/compass/mongosh-2.3.2-linux-x64.tgz
tar xvf mongosh-2.3.2-linux-x64.tgz
mv ./bin/mongosh /usr/local/bin

  • Usage

mongosh mongodb://$IP:$PORT

PostgreSQL

  • A command-line utility used to connect or interact with PostgreSQL databases

Commands

  • Installation

sudo apt install postgresql

  • Usage

psql -h $IP #Connect to the PostgreSQL service
psql -h $IP -p $port #Connect specifying a port
psql -h $IP -U $username #Connect specifying a user

Last updated