Skip to content

README.md

Latest commit

 

History

History
56 lines (36 loc) · 1.25 KB

README.md

File metadata and controls

56 lines (36 loc) · 1.25 KB

NoSQL Injection Project

Security project focused on proving that NoSQL databases are not inherently safe from injection attacks.

Core Objective

This project demonstrates that applications using NoSQL backends can still be vulnerable when input is not validated and query construction is unsafe.

CLI Scanner

  1. Accepting a target URL.
  2. Crawling in-scope pages.
  3. Discovering input forms.
  4. Injecting NoSQL payload patterns.
  5. Detecting suspicious authentication/search behavior.
  6. Producing a vulnerability report suitable for the final submission.

CLI module location: cli/

Demo Website

The website is intentionally a target. It is used to:

  1. Host a real MongoDB Atlas-connected application.
  2. Expose vulnerable endpoints for controlled testing.
  3. Provide secure endpoints that show mitigation effectiveness.

Website module location: website/

Quick Start

1) Website (Demo Target)

cd website
npm install
npm run seed
npm run dev

2) CLI (Main Tool)

See detailed setup and usage in cli/README.md.

Environment

Root .env:

PORT=3000
MONGO_URI=mongodb+srv://<username>:<password>@<cluster-host>/<database>?retryWrites=true&w=majority

License

This repository is distributed under the license defined in LICENSE.