stampery / Mongoaudit
Licence: mit
🔥 A powerful MongoDB auditing and pentesting tool 🔥
Stars: ✭ 1,174
Programming Languages
python
139335 projects - #7 most used programming language
Projects that are alternatives of or similar to Mongoaudit
Securing Restful Apis With Jwt
How to secure a Nodejs RESTful CRUD API using JSON web tokens?
Stars: ✭ 301 (-74.36%)
Mutual labels: database, mongodb, authentication
Autoserver
Create a full-featured REST/GraphQL API from a configuration file
Stars: ✭ 188 (-83.99%)
Mutual labels: cli, database, mongodb
Mongo Seeding
The ultimate solution for populating your MongoDB database.
Stars: ✭ 375 (-68.06%)
Mutual labels: cli, database, mongodb
Ronin
Ronin is a Ruby platform for vulnerability research and exploit development. Ronin allows for the rapid development and distribution of code, Exploits or Payloads, Scanners, etc, via Repositories.
Stars: ✭ 220 (-81.26%)
Mutual labels: cli, database, infosec
Backup
Easy full stack backup operations on UNIX-like systems.
Stars: ✭ 4,682 (+298.81%)
Mutual labels: database, mongodb, encryption
Curriculum
Overview of the different modules and learning goals of the program.
Stars: ✭ 40 (-96.59%)
Mutual labels: cli, mongodb
Mssql Cli
A command-line client for SQL Server with auto-completion and syntax highlighting
Stars: ✭ 1,061 (-9.63%)
Mutual labels: cli, database
Wertik Js
💪 A library that powers your app with GraphQL + Rest API
Stars: ✭ 56 (-95.23%)
Mutual labels: database, mongodb
Restfeel
RESTFeel: 一个企业级的API管理&测试平台。RESTFeel帮助你设计、开发、测试您的API。
Stars: ✭ 59 (-94.97%)
Mutual labels: database, mongodb
Trousseau
File based encrypted key-value store
Stars: ✭ 915 (-22.06%)
Mutual labels: database, encryption
Mern Stack Authentication
Secure MERN Stack CRUD Web Application using Passport.js Authentication
Stars: ✭ 60 (-94.89%)
Mutual labels: mongodb, authentication
Mongodb Interview Questions
MongoDB Interview Questions
Stars: ✭ 31 (-97.36%)
Mutual labels: database, mongodb
Siodb
The simplicity of REST and the power of SQL combined in a database that automatized security and performance. Forget the database, develop faster and safer!
Stars: ✭ 31 (-97.36%)
Mutual labels: database, encryption
Docker Backup Database
Docker image to periodically backup your database (MySQL, Postgres, or MongoDB) to S3 or local disk.
Stars: ✭ 57 (-95.14%)
Mutual labels: database, mongodb
Flask Restful Authentication
An example for RESTful authentication using nginx, uWSGI, Flask, MongoDB and JSON Web Token(JWT).
Stars: ✭ 63 (-94.63%)
Mutual labels: mongodb, authentication
Resources
A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.
Stars: ✭ 62 (-94.72%)
Mutual labels: pentesting, infosec
Cloakify
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Stars: ✭ 1,136 (-3.24%)
Mutual labels: pentesting, infosec
mongoaudit is a CLI tool for auditing MongoDB servers, detecting poor security settings and performing automated penetration testing.
Installing
Clone this repository and run the setup:
> git clone https://github.com/stampery/mongoaudit.git
> cd mongoaudit
> python setup.py install
> mongoaudit
Introduction
It is widely known that there are quite a few holes in MongoDB's default configuration settings. This fact, combined with abundant lazy system administrators and developers, has led to what the press has called the MongoDB apocalypse.
mongoaudit not only detects misconfigurations, known vulnerabilities and bugs but also gives you advice on how to fix them, recommends best practices and teaches you how to DevOp like a pro!
This is how the actual app looks like:
Yep, that's material design on a console line interface. (Powered by urwid)
Supported tests
- MongoDB listens on a port different to default one
- Server only accepts connections from whitelisted hosts / networks
- MongoDB HTTP status interface is not accessible on port 28017
- MongoDB is not exposing its version number
- MongoDB version is newer than 2.4
- TLS/SSL encryption is enabled
- Authentication is enabled
- SCRAM-SHA-1 authentication method is enabled
- Server-side Javascript is forbidden *
- Roles granted to the user only permit CRUD operations *
- The user has permissions over a single database *
- Security bug CVE-2015-7882
- Security bug CVE-2015-2705
- Security bug CVE-2014-8964
- Security bug CVE-2015-1609
- Security bug CVE-2014-3971
- Security bug CVE-2014-2917
- Security bug CVE-2013-4650
- Security bug CVE-2013-3969
- Security bug CVE-2012-6619
- Security bug CVE-2013-1892
- Security bug CVE-2013-2132
Tests marked with an asterisk (*) require valid authentication credentials.
How can I best secure my MongoDB?
Once you run any of the test suites provided by mongoaudit, it will offer you to receive a fully detailed report via email. This personalized report links to a series of useful guides on how to fix every specific issue and how to harden your MongoDB deployments.
For your convenience, we have also published the mongoaudit guides in our Medium publication.
Contributing
We're happy you want to contribute! You can help us in different ways:
- Open an issue with suggestions for improvements and errors you're facing.
- Fork this repository and submit a pull request.
- Improve the documentation.
To submit a pull request, fork the mongoaudit repository and then clone your fork:
git clone [email protected]:<your-name>/mongoaudit.git
Make your suggested changes, git push and then submit a pull request.
Legal
License
mongoaudit is released under the [MIT License](https://github.com/stampery/mongoaudit/blob/master/LICENSE).Disclaimer
"With great power comes great responsibility"
- Never use this tool on servers you don't own. Unauthorized access to strangers' computer systems is a crime in many countries.
- Please use this tool is at your own risk. We will accept no liability for any loss or damage which you may incur no matter how caused.
- Don't be evil!
Suport and trademarks
This software is not supported or endorsed in any way by MongoDB Inc., Compose Inc., ObjectsLab Corporation nor other products or services providers it interoperates with. It neither tries to mimic or replace any software originally conceived by the owners of those products and services. In the same manner, any third party's trademark or intellectual property that may appear in this software must be understood as a strictly illustrative reference to the service provider it represents, and is never used in any way that may lead to confusion, so no abuse is intended.
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].