Sandcat Pro v4.2.8 adds NoSQL Injection detection

Sandcat combines Syhunt’s state-of-the-art, multi-process scanning technologies with the incredibly fast Lua language to perform remote web application security scans. While spidering a web site and hunting vulnerabilities, Sandcat emulates a modern, HTML 5-aware web browser, making sure every web application gets fully tested.

Changelog v4.2.8

  • This version adds techniques for detecting vulnerabilities in web applications using NoSQL database engines and web systems supporting server-side JavaScript execution. This includes NoSQL injection, blind NoSQL injection & Denial-of-Service vulnerabilities.
  • Also the enhanced versions of the Sandcat Code scanner with source code checks for these specific vulnerability classes, and publishing an article (Time-Based NoSQL Injection, available here) that highlights additional risks involving server-side JavaScript execution not restricted to NoSQL database engines.

Download Sandcat Pro v4.2.8 (Free Edition)

MaxiSoler

www.artssec.com @maxisoler
Black Hat Arsenal 2024 Next Stop Singapore !

Black Hat Arsenal 2024 Next Stop Singapore !

ToolsWatch Armory at GISEC 2024 in Dubai: A New Arena for Cybersecurity Open Source Tools Announced

ToolsWatch Armory at GISEC 2024 in Dubai: A New Arena for Cybersecurity Open Source Tools Announced

Unveiling the Awesome Lineup for Black Hat MEA Arsenal 2023 in Riyadh, KSA

Unveiling the Awesome Lineup for Black Hat MEA Arsenal 2023 in Riyadh, KSA

Announcing the First Black Hat / ToolsWatch SecTor Toronto 2023 Arsenal Tools and Their Impact on the Community

Announcing the First Black Hat / ToolsWatch SecTor Toronto 2023 Arsenal Tools and Their Impact on the Community

Top 10 Most Used MITRE ATT&CK Tactics & Techniques In 2020

Top 10 Most Used MITRE ATT&CK Tactics & Techniques In 2020

Top 10 Most Exploited Vulnerabilities in 2020

Top 10 Most Exploited Vulnerabilities in 2020