MAD-CAT (Meow Attack Data Corruption Automation Tool) is a comprehensive security tool designed to simulate data corruption attacks against multiple database systems. The tool supports both single-target attacks and bulk CSV-based attack campaigns, with support for both credentialed and non-credentialed attack scenarios.
The tool currently supports the following database services:
- MongoDB (port 27017)
- Elasticsearch (port 9200)
- Cassandra (port 9042)
- Redis (port 6379)
- CouchDB (port 5984)
- Hadoop HDFS (port 9870)
# Clone the repository
git clone https://github.com/karlvbiron/MAD-CAT.git
# Navigate to the tool directory
cd MAD-CAT
# Set up the virtual environment
python3 -m venv venv
source venv/bin/activate
# Install dependencies
pip install -r requirements.txt| Argument | Description |
|---|---|
-l, --list |
List supported database services |
-c, --csv |
CSV file containing target list (format: ip,service,port,username,password) |
-t, --target |
Target host IP address (for single target mode) |
-s, --service |
Database service to attack (e.g., mongodb, elasticsearch, cassandra, redis, couchdb, hadoop) |
-p, --port |
Port number (if not default) |
-u, --username |
Username for authentication |
-pw, --password |
Password for authentication |
-v, --verbose |
Enable verbose output |
python mad_cat.py -lpython mad_cat.py -t 192.168.1.11 -s mongodb -u root -pw examplepython mad_cat.py -t 192.168.1.12 -s elasticsearchpython mad_cat.py -t 192.168.1.13 -s cassandrapython mad_cat.py -t 192.168.1.14 -s redispython mad_cat.py -t 192.168.1.15 -s couchdb -u admin -pw passwordpython mad_cat.py -t 192.168.1.16 -s hadoopAttack multiple targets using a CSV file:
python mad_cat.py -c list.csvThe CSV file should contain one target per line with the following format:
192.168.1.11,mongodb,27017,"root","example"
192.168.1.12,elasticsearch,9200,"",""
192.168.1.13,cassandra,9042,"",""
192.168.1.14,redis,6379,"",""
192.168.1.15,couchdb,5984,"admin","password"
192.168.1.16,hadoop,9870,"",""
Format: ip,service,port,username,password
- Leave username/password as empty strings (
"") for non-credentialed attacks
MAD-CAT/
├── __init__.py
├── core/
│ ├── __init__.py
│ ├── base_attacker.py # Abstract base class for all attackers
│ └── attack_factory.py # Factory pattern for attacker creation
├── attackers/
│ ├── __init__.py # Attacker registration
│ ├── mongodb.py # MongoDB attacker implementation
│ ├── elasticsearch.py # Elasticsearch attacker implementation
│ ├── cassandra.py # Cassandra attacker implementation
│ ├── redis.py # Redis attacker implementation
│ ├── couchdb.py # CouchDB attacker implementation
│ └── hadoop.py # Hadoop HDFS attacker implementation
├── utils/
│ ├── __init__.py
│ └── logging.py # Logging configuration
├── dockerized-database-infrastructure/
│ ├── docker-compose.yml # Docker Compose configuration
│ └── init-scripts/
│ ├── mongodb/
│ │ └── mongodb-init.js
│ ├── elasticsearch/
│ │ ├── es-custom-entrypoint.sh
│ │ └── es-bulk_data.json
│ ├── cassandra/
│ │ ├── cassandra-entrypoint.sh
│ │ └── cassandra-init.cql
│ ├── couchdb/
│ │ ├── couchdb-entrypoint.sh
│ │ └── couchdb-init.sh
│ ├── hadoop/
│ │ ├── hadoop-entrypoint.sh
│ │ └── hadoop-init.sh
│ └── redis/
│ ├── redis-entrypoint.sh
│ └── redis-init.sh
├── mad_cat.py # Main entry point
├── fetch_data.py # Utility to fetch and verify database data
├── list.csv # Example CSV file for bulk attacks
├── requirements.txt # Python dependencies
└── README.md # This file
- ✅ 6 Database Services: MongoDB, Elasticsearch, Cassandra, Redis, CouchDB, Hadoop HDFS
- ✅ Credentialed & Non-Credentialed Attacks: Supports both authentication modes
- ✅ Single Target Mode: Attack individual database instances
- ✅ CSV Bulk Attack Mode: Attack multiple targets from a CSV file
- ✅ Factory Pattern Architecture: Easy to extend with new database attackers
- ✅ Comprehensive Logging: Timestamped logs saved to
logs/directory - ✅ User Confirmation: Requires explicit confirmation before executing attacks
- ✅ Attack Statistics: Detailed reporting of databases, collections, and records affected
- ✅ Default Port Support: Automatically uses standard ports if not specified
MAD-CAT simulates a data corruption attack by:
- Connecting to the target database using provided credentials (or attempting anonymous access)
- Enumerating all databases and collections/tables (excluding system databases)
- Corrupting data by replacing string/numeric values with random alphanumeric strings followed by "-MEOW"
- Reporting statistics on databases processed, collections affected, and records modified
Target → Connect → List Databases → For Each Database:
├─ List Collections
└─ For Each Collection:
├─ Fetch All Records
├─ Replace Values with {random}-MEOW
└─ Update Records
| Service | Default Port |
|---|---|
| MongoDB | 27017 |
| Elasticsearch | 9200 |
| Cassandra | 9042 |
| Redis | 6379 |
| CouchDB | 5984 |
| Hadoop HDFS | 9870 |
A utility script to fetch and display data from all supported databases:
# Fetch from all databases and verify consistency
python fetch_data.py all
# Fetch from specific database
python fetch_data.py mongo
python fetch_data.py elasticsearch
python fetch_data.py cassandra
python fetch_data.py redis
python fetch_data.py couchdb
python fetch_data.py hadoopThis tool is provided for EDUCATIONAL PURPOSES ONLY. It is designed to demonstrate a type of cyber attack in a controlled environment to help improve security awareness and defensive measures. Using this tool against systems without proper authorization is illegal and unethical. The authors and contributors are not responsible for any misuse of this software.
This project is licensed under the MIT License - see the LICENSE file for details.
Created by Karl Biron