❄️ Master the "Snowy ARMageddon" challenge with this detailed walkthrough, designed for attackers using Kali/BlackArch on TryHackMe.

Zen protects your Node app against attacks with one line of code. Get peace of mind— at runtime.

Multi-database NoSQL injection scanner supporting MongoDB, Redis, Cassandra, and Elasticsearch with 150+ attack payloads and database cloning.

F-14 Tomcat: An advanced, high-speed NoSQL injection framework. Features WAF evasion (JA3/TLS impersonation), binary search extraction, and auto-authentication.

NoSQL Lab Specifically Designed for Cyber Security Learners (Only for Education Purposes)

PyBurp is a Burp Suite extension that provides predefined Python functions for HTTP/WebSocket traffic modification, context menu registration, Intruder payload processing, passive/active scanning, and Collaborator interaction. You can also directly access Montoya API in your Python scripts.

In this challenge, I hack a target machine by first scanning it, then exploiting an ARM-based IP camera to get in. Break out of a restricted environment and use a NoSQL injection to take over a web dashboard using Nmap, FFUF, Burp Suite, and a Python exploit script.

NoSQLInsanity: Tool for Security Assesment NoSQL (Linear Search VS Binary Search)

BuggyBuy: Deliberately Vulnerable MERN Stack Web Application for Security Testing

Check your WAF before an attacker does

A comprehensive Fastify plugin designed to protect your No(n)SQL queries from injection attacks by sanitizing request data. This plugin provides flexible sanitization options for request bodies, parameters, and query strings.

Manipulate a hidden API endpoint to change product pricing using HTTP method tampering and JSON injection, exposing a critical authorization flaw.

This is my final project for the Web Security and Application course at my university with a team 4 members.

A Python Framework For NoSQL Scanning and Exploitation

A robust and secure Express.js boilerplate with TypeScript, featuring advanced security middleware, MongoDB integration, and tools for building production-ready Node.js apps.

StealthNoSQL : The Ultimate NoSQL Injection Tool - Unleash the power of advanced NoSQL injection techniques with this comprehensive command-line tool! Whether you’re pentesting MongoDB, CouchDB, or any other NoSQL database, StealthNoSQL has you covered. 🚀💻

The Backend Storage 🏬 Repository is a collection of resources and solutions for managing and storing data on the backend. This repository covers a range of storage solutions, including Relational databases, NoSQL databases, object storage, file storage, and cache storage.

GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)

Public/protected APIs for a movie database, built with Node.js, express and mongoDb.

This repository contains a web app that helps to understand NoSQL injection and how to protect websites against it