- Author: Ettack
- Email : [email protected]
This projecgt is a scanner to find mongodb with remote connection enabled, which is the default setting, but risky as well.
Before running the script, make sure you have PyMongo (http://api.mongodb.org/python/current/) module installed.
There are two version of scanners:
- mongoScan.py
- mongoScan_multiThreads.py
mongoScan.py
Single threads scanner, with instant state output and recoding IPs into a file.
Usage: mongoScan.py [IpListFile] [OutputFile]
mongoScan_MultiThreads.py
Multiple threads scanner, with time estimation. Only output success IPs.
Usage: mongoScan_multiThreads.py [ThreadsNumber] [IpListFile]
-
Parameters:
- IpListFile
Could be any text file that contains some ip addresses.
There is no strict file format limit because I use regex to extract IPs. One of the best tools generating host list is nmap, here's how I used it: nmap -sL -oG -n ip.txt 192.168.1.1/16 ----Generate a list from a range of IP, without scanning. nmap -p27017 -n --open -T4 -sT -oG ip.txt 192.168.1.1/24 ----Find 27017(default port for mongoDB) opened IP
- ThreadsNumber
Decides the speed of the scan.
Generally, larger threads number gives faster performance, but setting it too high may cause instablity.
- IpListFile