Everyone knows that SQL databases can be victims of SQL injection and have to work about query security. NoSQL database are vulnerable to many kinds of query injection—from the drivers used, to SQL interfaces like Drill, to drivers, to their native query languages. Often NoSQL stores have even less security then RDBMS and on many occassions will default to having no username and no password for authentication.
If you want to test your NoSQL datastore, try NoSQLMap. This tool will attempt to hack your datastore. You want to test your database for NoSQL injection, especially MongoDB. MongoDB being the most popular NoSQL engine has a lot attack vectors. Here is an example of a MongoDB attack. There are a few other frameworks to try. Check out the NoSQL Project and the NoSQL Exploitation Framework.
One popular attack utilizes a Rainbow Table. But, sometimes people can use a very easy attack since there's no username or default passwords!
A quick search on Shodan (the IoT search engine), will result in a ton of insecure Redis and MongoDB installations on the web. With IoT a lot of default device ports and settings are out there and a lot of connections to check. Be sure to pentest your server and devices before you put them on the public internet.