Keep door closed at all times
MongoDB is a NoSQL database and it's very handful when you don't want the constrains of a fixed schema.
Sadly it comes with very unsecure default settings: if left untouched, MongoDB will allow connections without any username and password.
Accordingly to Shodan, there are more than 60k MongoDB instances freely accessible over the Internet. What if we start to crawl them all?
The MongoDB Scraper script can do exactly this: given a list of target IPs, it will connect to each one and, if any password field is found, the contents will be dumped.
Requirements are pretty light: you only need
pymongo (for obvious reasons) and
colorlog (to output some nice log messages):
pip install pymongo pip install colorlog
Then you have to put all our targets inside the
data.json file, creating a JSON encoded array:
If you exported a search result from Shodan, name it
data_raw.json and run the
parse_data.py script: it will extract the IP address and dump it in the
Finally you're ready to go:
Get an alert on large collections
You can instruct MongoDB Scraper to send you an email when it finds a very large collection (by default larger than 1M of rows). You simply have to rename the
settings-dist.json file into
settings.json and fill all the fields (please note: you have to use a SMTP server to send the emails)