Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/matrix/Burp-NoSQLiScanner

This extension provides a way to discover NoSQL injection vulnerabilities.
https://github.com/matrix/Burp-NoSQLiScanner

Last synced: 2 months ago
JSON representation

This extension provides a way to discover NoSQL injection vulnerabilities.

Host: GitHub
URL: https://github.com/matrix/Burp-NoSQLiScanner
Owner: matrix
License: gpl-3.0
Created: 2021-01-16T10:54:19.000Z (about 4 years ago)
Default Branch: main
Last Pushed: 2023-03-29T14:12:22.000Z (almost 2 years ago)
Last Synced: 2024-11-14T15:39:22.779Z (2 months ago)
Language: Java
Size: 23.4 KB
Stars: 23
Watchers: 2
Forks: 7
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-burp-extensions - Burp NoSQLi Scanner - NoSQL Injection scans for Burp (Vulnerability Specific Extensions / SQL/NoSQL Injection)

README

# Burp NoSQLi Scanner
Currently Burp doesn't have an engine that detects NoSQL Injection, so I created this plugin to add support

using my preferred language, Java (it's a joke, it's a trap) :D

Happy pentest :)

## Limitations

1 - Parallel scanning of multiple parameter at once is not supported for now.

Consequently, at the moment the plugin does not detect derived problems, such as authentication bypass.

2 - No tab in the Burp UI for now.

I'm lazy, but sooner or later I will resolve all two :)

3 - Exploiting is not supported, do it manually if needed.

## Building

Refer to [BUILD.md](BUILD.md) for instructions on how to build it from source.