███╗ ██╗ ██████╗ ███████╗ ██████╗ ██╗ ██╗ ██████╗ ██╗ ██╗ ███████╗ ██████╗ ██╗ ██╗ ██████╗
████╗ ██║ ██╔═══██╗ ██╔════╝ ██╔═══██╗ ██║ ██║ ██╔════╝ ██║ ██║ ██╔════╝ ██╔════╝ ██║ ██╔╝ ██╔══██╗
██╔██╗ ██║ ██║ ██║ ███████╗ ██║ ██║ ██║ ██║ ██║ ███████║ █████╗ ██║ █████╔╝ ██████╔╝
██║╚██╗██║ ██║ ██║ ╚════██║ ██║▄▄ ██║ ██║ ██║ ██║ ██╔══██║ ██╔══╝ ██║ ██╔═██╗ ██╔══██╗
██║ ╚████║ ╚██████╔╝ ███████║ ╚██████╔╝ ███████╗ ██║ ╚██████╗ ██║ ██║ ███████╗ ╚██████╗ ██║ ██╗ ██║ ██║
╚═╝ ╚═══╝ ╚═════╝ ╚══════╝ ╚══▀▀═╝ ╚══════╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝ ╚══════╝ ╚═════╝ ╚═╝ ╚═╝ ╚═╝ ╚═╝
The easy way to test NoSQLi in REST APIs
nosqli-checkr scan --host="https://nosql-checkr-test.herokuapp.com/api/v1/login" --data='{ "user": "wubba", "pass": "" }' --method="post" --params="pass" --error-message='{"success":false,"result":"user/pass not found"}'
-h or --host: Route URL. Ex: https://nosql-checkr-test.herokuapp.com/api/v1/login-hr or --headers: Request headers. Ex: token:val or token:val;token2:val2-d or --data: Request data: Ex: { "user": "wubba", "pass": "" }-m or --method: Request method: Ex: post or POST-p or --params: Request params which will be exploited: Ex: pass or user,pass-e or --error-message: The default error message of request. Ex: {"success":false,"result":"user/pass not found"}
Payload: Is the string used to exploit the requestEvil data: The request data with the payload 😈Data stoled: The result from the request
nosqli-checkr scan --host="https://api.com/login" --headers='x-api-key:123;authorization:321' --method="POST" --params="id" --data='{"id":"_test-id_"}' --error-message='{"valid":false,"messsage":"error"}'
