README.md 1.38 KB
Newer Older
yash paliwal's avatar
yash paliwal committed
1
# mongoBuster
Yash Paliwal's avatar
Yash Paliwal committed
2
Hunt Open MongoDB instances!
yash paliwal's avatar
yash paliwal committed
3

Yash Paliwal's avatar
Yash Paliwal committed
4
5
6
7
8
9
### Features

* Worlds fastest and most efficient scanner ( Uses Masscan ).
* Scans entire internet by default, So fire the tool and chill.
* Hyper efficient - Uses Go-routines which are even lighter than threads.

yash paliwal's avatar
yash paliwal committed
10
11
### Pre-Requisites - 

yash paliwal's avatar
yash paliwal committed
12
* Go language ( sudo apt install golang )
yash paliwal's avatar
yash paliwal committed
13
* Masscan ( sudo apt install masscan )
yash paliwal's avatar
yash paliwal committed
14
* Tested on Ubuntu & Kali linux
yash paliwal's avatar
yash paliwal committed
15
16
17
18

### How to install and run - 

```
Madhurendra's avatar
Madhurendra committed
19
git clone https://lab.tik.co/madhurendra/mongohunter.git
yash paliwal's avatar
yash paliwal committed
20
21
22

cd mongoBuster

yash paliwal's avatar
yash paliwal committed
23
go build mongobuster.go utils.go
yash paliwal's avatar
yash paliwal committed
24
25
26
27
28
29

sudo ./mongobuster
```

Note: Run it with sudo as Masscan requires sudo access.

Yash Paliwal's avatar
Yash Paliwal committed
30
### Flags - 
yash paliwal's avatar
yash paliwal committed
31

yash paliwal's avatar
yash paliwal committed
32
33
|Flag| Description |
|---|---|
Yash Paliwal's avatar
Yash Paliwal committed
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|--max-rate= (int)| Defines maximum rate at which packets are generated and sent. Default is 100.|
|--out-file= (string)| Name of file to which vulnerable IPs will be exported.|
|-v| Display error msgs from non-vulnerable servers| 

### NOTE - 

Using ridiculous values for ```max-rate``` flag like 10000+ will *most likely* bring down your own network infrastructure.

Recommended value is to start with ```--max-rate 500``` for consumer Gigabit routers.


#### Happy Hunting ;)

Final Note :- If you find bunch of insecure insances, ( which you will! ) You might wanna explore them with GUI tools like - [Robo 3t](https://robomongo.org/)


yash paliwal's avatar
yash paliwal committed
50
Please report these insecure instances to their respective owners, Lets make a safer internet together <3.