Sandcat Pro v4.2.8 adds NoSQL Injection detection

Sandcat combines Syhunt’s state-of-the-art, multi-process scanning technologies with the incredibly fast Lua language to perform remote web application security scans. While spidering a web site and hunting vulnerabilities, Sandcat emulates a modern, HTML 5-aware web browser, making sure every web application gets fully tested.

Changelog v4.2.8

  • This version adds techniques for detecting vulnerabilities in web applications using NoSQL database engines and web systems supporting server-side JavaScript execution. This includes NoSQL injection, blind NoSQL injection & Denial-of-Service vulnerabilities.
  • Also the enhanced versions of the Sandcat Code scanner with source code checks for these specific vulnerability classes, and publishing an article (Time-Based NoSQL Injection, available here) that highlights additional risks involving server-side JavaScript execution not restricted to NoSQL database engines.

Download Sandcat Pro v4.2.8 (Free Edition)

MaxiSoler @maxisoler