:::info
💘渗透全流程：
信息收集 – 漏洞发现 – 漏洞👣利用 – 权限提升 – 隧道搭建 – 内网渗透 – 横向移动 – 后渗透
:::

MongoDB 未授权扫描

MongoDB

V1.0

#! /usr/bin/env python
 
from pymongo import MongoClient
import socket
from http import client
 
ip = '192.168.225.135'
port_mongo = 27017
port_redis = 6379
 
def port_scan(ip):
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.settimeout(0.3)
    try:
        s.connect((ip, port_mongo))
        print('[+] port %s is opend' % port_mongo)
        s.close()
    except:
        ...
 
def check_mongo_connect():
    print('[*] try to connect... ')
    try:
        client = MongoClient(ip, port_mongo, socketTimeoutMS=3000)
        dbname = client.list_database_names()
        if dbname and bool(dbname) and len(dbname):
            print("\033[31m [+] %s 存在 mongodb 未授权访问漏洞！！！ \033[0m" % ip)
    except:
        print('[-] completed ')