charlie-belmer / nosqli Goto Github PK

put go.mod and go.sum file in it unable to build it locally no proper files keep it

zsh: exec format error: nosqli

I was checking this tool against some basic labs such as https://portswigger.net/web-security/nosql-injection/lab-nosql-injection-detection and it fails to detect the nosqli, I was wondering why and what cases could it detect. It seems to fail all the portswigger nosqli labs

Would love to see if you could add Cassandra/Scylla CQL injection testing. q.v., https://br3akp0int.blogspot.com/2019/11/cassandra-and-cql-injections.html

Currently there is no way to pass a cookie via a parameter.
It can be done via request file. However cookie isn't send on redirects (like 302 Found with forms) and as a result nosqli Is not able to find the injection.

I want to test for nosql injection for a delete method to a specific endpoint. Since the delete request has no payload, nosqli exits as 'unexpected EOF' when I load the request template using -r flag. Here is the template that I'm using,

DELETE /path/to/endpoint/id HTTP/1.1
Host: my.hostname.com
Cookie: token=some_token
Sec-Ch-Ua: "Chromium";v="91", " Not;A Brand";v="99"
Accept: application/json
Sec-Ch-Ua-Mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36
Origin: my.hostname.com
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: my.hostname.com
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Connection: close

I want to test for injection in /path/to/endpoint/payload.

Is this currently possible? If yes, how?

Hello - love your tool, only one that works well scanning for nosqli.

I am testing a POST request that eventually hits a mongoDB and checking for nosqli using your tool. The POST request is something like this and it seems to run for a long time and eventually comes up with an error from the Linux OS saying "2021/07/23 17:25:33 open nosqli_test_request.txt: too many open files". Is there something i am doing wrong or are there limitations to the number of nested arrays or number of parameters or something?

{ "tagId": "TAG_GUID", "userId": "USER_GUID", "metadata": { "cellSelection": { "columnId": "column_name", "taskId": "TASK_GUID", "rowIndex": 6 } } }

I'm trying to scan an endpoint that expects JSON data. Not quite sure on how to pass this to NoSQLi. Currently doing the following:

./nosqli_macos_v0.5.4 scan -t http://localhost:3000/readsWithoutJs -d "{"name": "Bram"}"

But this does not seem to work. Is this possible?

To understand the tool better, I want to proxy the traffic through burp suite. It'll help me follow the payload better. However, the tool terminates with an error x509: certificate signed by unknown authority. It's be great to add a flag like --SkipCertificateCheck to bypass this.

I've tried nosqli on several different routes where i found injection manually to get familiar with the tool.
I have a target with vulnerable params in request body. When i start nosqli against it - it hangs on boolean based scan .

I've tried using a file (request copied from Burp) and also run command with url and body params: result is same for both cases, so there should be no syntax problems .

Unfortunately, i cant share info about vulnerable app so you can try debug on your side but maybe u can help me with debugging: is there some kind of verbose mode so i can check details?

Also to add - I don't have the same problem on the same target for few other requests where noSQL injection exist - but for every of them GET method is used.

Hi,
When using the Burp request file there is no option to set force-SSL or something like that, so the connection will be initiated through HTTPS nor HTTP.

Any recommendation?

Thanks

Would love if you could add support for DynamoDB API injection. q.v., https://medium.com/appsecengineer/dynamodb-injection-1db99c2454ac

I copied and pasted an HTTP in a req packet obtained using Firefox network tools. Then, I ran this command:

$ nosqli scan -t https://<IP:PORT>/api/userinfo/dashboard?fc=1 -r req --insecure
2023/09/11 10:15:19 malformed HTTP version "HTTP/2"

It is a valid packet, it has not been modifed.

Any help?