mongoBuster – Hunt Open MongoDB Instances

Hunt Open MongoDB instances on the internet efficiently.

Features

  • Worlds fastest and most efficient scanner ( Uses Masscan ).
  • Scans entire internet by default, So fire the tool and chill.
  • Hyper efficient – Uses Go-routines which are even lighter than threads.

Pre-Requisites –

  • Go language ( sudo apt install golang )
  • Masscan ( sudo apt install masscan )
  • Tested on Ubuntu & Kali linux

How to install and run –

git clone https://github.com/yashpl/mongoBuster.git

cd mongoBuster

go build mongobuster.go utils.go

sudo ./mongobuster

Note: Run it with sudo as Masscan requires sudo access.

Flags –

FlagDescription
–max-rate= (int)Defines maximum rate at which packets are generated and sent. Default is 100.
–out-file= (string)Name of file to which vulnerable IPs will be exported.
-vDisplay error msgs from non-vulnerable servers

NOTE –

Using ridiculous values for max-rate flag like 10000+ will most likely bring down your own network infrastructure.

Recommended value is to start with --max-rate 500 for consumer Gigabit routers.

If you find bunch of insecure insances, ( which you will! ) You might wanna explore them with GUI tools like – Robo 3t

 

 

 

Leave a Reply

Pin It on Pinterest

Share This