MongoBuster

What is it?

With the increasing popularity of technologies like NoSQL, a lot of developers are lured to try it out, the problem occurs when they don't understand the security implications of these technologies and leave them vulnerable to hacks.

MongoBuster hunts such misconfigured instances of a popular NoSQL database called MongoDB.

How does it work?

MongoBuster uses masscan at its core ( because, c'mon who can compete with this tool in terms of performance and reliability ! :D ) to generate random IPs and make sure that some service is listening on port 27017.

Next, these IPs are passed on to Go-Routines in parallel, which are a lighter version of traditional 'threads' in C++ , java and other languages.

These Go routines actually connect to IPs and try to list all the databases stored on that MongoDB instance, if tool is able to list them then that host is vulnerable.

Masscan for searching live hosts along with Go-routines for checking services makes this tool highly efficient and capable of scanning entire internet for vulnerable instance, that is if your bandwidth allows it ;)

tldr; Gimme CODE!

Head on to git repo here and start hunting :)

Some Tips :

  • Don't use ridiculous packet rates, this will DOS your own network as Masscan is a really powerful tool and uses multiple threads to generate and listen for sockets.
  • Be responsible and try to contact and report to the owner of MongoDB instance when you find the vulnerable server and believe me, you will!