Add command line arguments (so you do not need to keep loading session files) + Colour support!
Closed this issue · 21 comments
If it is possible, could the following settings be put into an command line arguments so it doesn't need to be interactive in order to use the program:
1-Set target host/IP (Current: 10.11.1.xxx)
2-Set web app port (Current: 443)
3-Set App Path (Current: /app)
4-Toggle HTTPS (Current: ON)
5-Set MongoDB Port (Current : 27017)
6-Set HTTP Request Method (GET/POST) (Current: GET)
7-Set my local MongoDB/Shell IP (Current: Not Set)
8-Set shell listener port (Current: Not Set)
9-Toggle Verbose Mode: (Current: ON)
e.g.
python nosqlmap.py --url 10.11.1.xxx --port 443 --path "/path/db"
I considered that but did not want to use a CLI to differentiate from
SQLMap. I'll think it over.
On Monday, January 11, 2016, g0tmi1k notifications@github.com wrote:
If it is possible, could the following settings be put into an command
line arguments so it doesn't need to be interactive in order to use the
program:1-Set target host/IP (Current: 10.11.1.xxx)
2-Set web app port (Current: 443)
3-Set App Path (Current: /app)
4-Toggle HTTPS (Current: ON)
5-Set MongoDB Port (Current : 27017)
6-Set HTTP Request Method (GET/POST) (Current: GET)
7-Set my local MongoDB/Shell IP (Current: Not Set)
8-Set shell listener port (Current: Not Set)
9-Toggle Verbose Mode: (Current: ON)e.g.
python nosqlmap.py --url 10.11.1.xxx --port 443 --path "/path/db"
—
Reply to this email directly or view it on GitHub
#31.
I believe that you should NOT limit the user experience because of another project. Your project should be the best possible that you (and the community can make it).
I find the the current menu/navigation to be very long winded (e.g. having to navigate through the interactive menus) and slows down the use of the tool.
Add on the fact it will make automating tasks with it that much harder (looking into future releases, will the saved files always be that structure?).
With that being said, how it is setup currently I find confusing.
Having B for "save options to file" - but in my eyes "B is for Back"... Looking down the list theres also "Burp" before you get "back to menu menu" (which is x).
If you do choose to not to go with the command line options, please add some colour in as it would make it easier to find the information on the screen.
All right let me think on it a little bit. The color might be a good idea.
Feature request under consideration for 0.6 release.
If its under consideration, why close it?
It's on my project board to think about as an enhancement but it's not an
issue per se.
On Friday, January 22, 2016, g0tmi1k notifications@github.com wrote:
If its under consideration, why close it?
—
Reply to this email directly or view it on GitHub
#31 (comment).
g0tmi1k have point. Its super bad idea to not use like SQLMAP. Please consider what g0tmilk suggested
+1 to g0tmi1k. I was very surprised when I did not found CLI options.
Besides, when scanner crashes (very often) i need manually choose settings from file, not just relaunch cli command
I've been added as a maintainer of this project today and believe this to have value. I'm going to be refactoring the HTTP module and other areas of the code as a first priority but feel this to be the next item on the chopping block afterwards - so I've reopened this issue. I think it's also important to emphasize that @tcstool and I were e-mailing and he was the first one to raise this, not I, and I believe were his free time more available that he would have made this available in a future release.
The main challenge as I see it is that the existing menu has been outlined in videos and the web application hackers handbook so it's very important to retain it. Additionally, @tcstool approached the problem like that, and I want to respect his work by keeping it available. Ideally once I've worked on this you will be able to either use the menu, or command line arguments, depending on your preference.
With this in mind I'll create a project for this once refactoring is completed and make it a tagged release of its own (and the new master). @g0tmi1k @sandeepl337 @getupandgo feel free to reply here if you don't see an update by the end of the year. Hoping to have it well ahead of that.
Also I want to apologize for the delays in responding to and addressing these issue requests. I have had several life changes which resulted in me being completely neglectful of NoSQLMap. I should have reached out to find a new maintainer long ago, but never got around to it. gotm1lk, I appreciate very much you opening an issue in Kali to have the tool added. That's a great honor! I saw you closed it and I don't blame you at all because I just haven't been responsible with the maintenance of the tool. I know @codingo is going to really do a great job improving and adding to the tool and I'm happy he's taking over.
Further to the above I've opened a dialog with Bernado and Microslav from the SQLMap project and they have no issues with NoSQLMap taking a near identical approach as it's in the best interests for the community at large.
We have a custom web application that we wrote for running tests against our software. I would like to use this tool but without the ability to run in batch mode from the command line it's not possible. We presently are calling sqlmap from Java in batch mode to test for SQL. I would like to do the same for MongoDB with this tool. I would certainly appreciate it if this tool could be run without requiring user input during execution.
I would love to use this tool with an interface compatible with SQLmap - API mode included - Where I have automated tests for SQLmap it would be excellent to simply specify NoSQLmap instead to target a different application and change little else.
+1 vote for non-interactive.
@g0tmi1k oops. oscp spoiler here. haha. you should change it to
python nosqlmap.py --url 10.11.1.xxx --port 443 --path <spoiler>
@Kyle-Kyle Good point. I've edited @g0tmi1k's post to remove this.
Since I'm already in this thread I should point out that this hasn't been actioned as I'm slowly working on a re-write for this project (currently in GO). Adding this and other functionality to the project whilst also trying to add some modern attacks meant that a rewrite would have high value and I wanted to put my efforts there. Once this is in protoduction I'll publish it in a branch here, or as a new project.
I've had a few talks recently so this hasn't been my main priority but I'm hoping to finish and release something at a security conference next year.
@codingo The line 3-Set App Path should also be edited. BTW, thank you for the awesome project.
Done! Thank-you.
Stale issue message