nosqli v0.5.4 releases: NoSql Injection CLI tool
NoSQL scanner and injector.
It aims to be fast, accurate, and highly usable, with an easy to understand command-line interface.
Nosqli currently supports nosql injection detection for Mongodb. It runs the following tests:
- Error based – inject a variety of characters and payloads, searching responses for known Mongo errors
- Boolean Blind injection – inject parameters with true/false payloads and attempt to determine if an injection exists
- Timing injection – attempt to inject timing delays in the server, to measure the response.
- Includes bug fix for open file error.
If you prefer to build from source, or there isn’t a compiled binary for your platform, you can do so by cloning the repository, installing dependencies, and building the project manually. This will require a recent Go version and the appropriate GOPATH environment variable.
$ git clone https://github.com/Charlie-belmer/nosqli
$ cd nosqli
$ go get ./..
$ go install
Download the latest binary version for your OS, and install it in your path, or run from a local folder.
Copyright (C) 2020 Charlie-belmer