MongoSmash is a Python tool designed to scan a list of IP addresses, attempt to authenticate with MongoDB instances, and recursively download their databases if access is granted without authentication.
- IP Address Scanning: Efficiently scans a list of provided IP addresses.
- MongoDB Authentication Attempts: Tries to authenticate with each IP address.
- Recursive Database Download: Downloads databases recursively upon successful authentication.
- Logging: Detailed logging with Rich for better readability.
- Multithreading: Uses multiple threads to speed up the scanning process.
-
Clone the Repository:
git clone https://github.com/kathuluman/mongosmash.git cd mongosmash -
Install Dependencies:
pip install -r requirements.txt
-
Prepare the IP List: Create a text file containing the list of IP addresses, one per line.
-
Run the Tool:
python3 mongosmash.py
You will be prompted to enter the path to the file containing IP addresses and the number of threads to use.
$ python mongosmash.py
Enter the path to the file containing IP addresses: ips.txt
Enter the number of threads to use: 10- Logging: Logs are displayed in the console using Rich.
- Directories: Data is stored in the
.mongosmash/collectionsdirectory.