Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

problem about mongodb brute #1565

Shad0wpf opened this issue Apr 20, 2019 · 0 comments

problem about mongodb brute #1565

Shad0wpf opened this issue Apr 20, 2019 · 0 comments


Copy link

Shad0wpf commented Apr 20, 2019

When I used mongodb-brute script to check if MongoDB services have any authentication problerm, I found that if the MongoDB service run as default port 27017, this script could run and found "No authentication needed". but when MongoDB service run as other port, like 27018, this script didn't run and couldn't find any problerm.

I checked the script, and found on line 37,
portrule = shortport.port_or_service({27017}, {"mongodb"})
in script code the service name is mongodb, but nmap port check result service name is mongod, so the script didn't run.

After I changed this line to:
portrule = shortport.port_or_service({27017}, {"mongodb","mongod"})
then the script can check MongoDB service run as non-default port.

C:\Users\Shadow>nmap -n -Pn -p 27018 --script mongodb-brute
Starting Nmap 7.70 ( ) at 2019-04-20 21:30 ?D1ú±ê×?ê±??
Nmap scan report for
Host is up (0.00s latency).

27018/tcp open  mongod
|_mongodb-brute: No authentication needed

Nmap done: 1 IP address (1 host up) scanned in 7.89 seconds

Maybe the same problem also on other scripts like mongodb-info and mongodb-databases.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet

No branches or pull requests

2 participants