NoSql Injection CLI tool for finding vulnerable websites using MongoDB.
Nosqli currently supports nosql injection detection for Mongodb. It runs the following tests:
- Error based: inject a variety of characters and payloads, searching responses for known Mongo errors
- Boolean Blind injection: inject parameters with true/false payloads and attempt to determine if an injection exists
- Timing injection: attempt to inject timing delays in the server, to measure the response.