NoSQLMap alternatives

Looking for an alternative tool to replace NoSQLMap? During the review of NoSQLMap we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.

Top 3

  1. jSQL Injection (automatic SQL database injection)
  2. Acra (database encryption proxy)
  3. evilredis (Redis security scanner)

These tools are ranked as the best alternatives to NoSQLMap.

Alternatives (by score)

64

jSQL Injection

Introduction

jSQL Injection is a security tool to test web applications. It can be used to discover if an application is vulnerable to SQL injection attacks.

Project details

jSQL Injection is written in Java.

Strengths and weaknesses

  • + The source code of this software is available
  • - Full name of author is unknown

Typical usage

  • Database security

jSQL Injection review

85

Acra

Introduction

Acra is a database encryption proxy that provides encryption and data leakage prevention to applications. It provides selective encryption, access control, database and data leak prevention, and even intrusion detection capabilities. It is focused on developers and supports most popular programming languages such as Go, PHP, Python, Ruby.

Project details

Acra is written in Golang, Node.js, Objective-C, PHP, Python, Ruby.

Strengths and weaknesses

  • + Commercial support available
  • + The source code of this software is available

    Typical usage

    • Data encryption
    • Data leak prevention
    • Data security
    • Vulnerability mitigation

    Acra review

    60

    evilredis

    Introduction

    Evilredis tool is an offensive security program for pentesting Redis databases. It can scan the target and perform different actions, like shutting down a Redis instance.

    Project details

    evilredis is written in Node.js.

    Strengths and weaknesses

    • + The source code of this software is available

      Typical usage

      • Security assessment
      • Vulnerability scanning

      evilredis review

      60

      MongoSanitizer (python-mongo-sanitizer)

      Introduction

      Typically this type of tool would be used as an additional defense layer to prevent injection attacks from reaching the database.

      Project details

      MongoSanitizer is written in Python.

      Strengths and weaknesses

      • + The source code of this software is available

        Typical usage

        • Application security
        • Database security

        MongoSanitizer review

        63

        Oscanner

        Introduction

        The tool has a plugin-based architecture for enumeration purposes of Oracle installations.

        • Sid enumeration
        • Passwords tests (common & dictionary)
        • Enumerate Oracle version
        • Enumerate account roles
        • Enumerate account privileges
        • Enumerate account hashes
        • Enumerate audit information
        • Enumerate password policies
        • Enumerate database links

        Project details

        Oscanner is written in Java.

        Strengths and weaknesses

        • + The source code of this software is available

          Oscanner review

          81

          sqlmap

          Introduction

          The sqlmap is a well-known tool with an amazing number of GitHub stars (10,000+). It is used by many security professionals around the world to test the security of both web applications and the database that stores the data.

          Project details

          60

          TheDoc

          Introduction

          TheDoc is a tool written in shell-script to automate the usage of sqlmap. It comes with a built-in admin finder and hash cracker, using the Hashcat tool.

          Project details

          TheDoc is written in shell script.

          Strengths and weaknesses

          • + Used language is shell script
          • + Very low number of dependencies
          • + The source code of this software is available
          • - Full name of author is unknown
          • - Unknown project license

          Typical usage

          • Penetration testing

          TheDoc review

          60

          DbDat

          Introduction

          This tool performs an assessment by running actual queries against the database engine or reading the configuration file for particular settings. The tool helps with finding any issues and possible improvements.

          Project details

          DbDat is written in Python.

          Strengths and weaknesses

          • + Screen output is colored
          • + The source code of this software is available
          • - Full name of author is unknown

          Typical usage

          • Security assessment
          • System hardening

          DbDat review

          74

          mongoaudit

          Introduction

          Databases typically store sensitive data or data that is important for the company. This data needs to be protected in different ways, like who has access, what level, and how it is stored. Mongoaudit helps to audit several technical aspects of running a MongoDB instance and get it properly secured.

          Project details

          mongoaudit is written in Python.

          Strengths and weaknesses

          • + More than 500 GitHub stars
          • + The source code of this software is available

            Typical usage

            • Application security
            • Database security

            mongoaudit review

            74

            DBShield

            Introduction

            This tool is typically used by developers and system administrators to protect their database against common database attacks. One of them is the SQL injection attack, that tries to bypass checks, resulting in data leakage. By using this tool, another level of security defense is implemented.

            Project details

            DBShield is written in Golang.

            Strengths and weaknesses

            • + The source code of this software is available

              Typical usage

              • Database security

              DBShield review

              Some relevant tool missing as an alternative to NoSQLMap? Please contact us with your suggestion.