reddit hackernews mail facebook facebook linkedin
NoSQL Injector

NoSQL Injector

NoSql Injection CLI tool for finding vulnerable websites using MongoDB.

Nosqli currently supports nosql injection detection for Mongodb. It runs the following tests:

- Error based: inject a variety of characters and payloads, searching responses for known Mongo errors
- Boolean Blind injection: inject parameters with true/false payloads and attempt to determine if an injection exists
- Timing injection: attempt to inject timing delays in the server, to measure the response.