Hunt Open MongoDB instances!
- Worlds fastest and most efficient scanner ( Uses Masscan ).
- Scans entire internet by default, So fire the tool and chill.
- Hyper efficient - Uses Go-routines which are even lighter than threads.
- Go language ( sudo apt install golang )
- Masscan ( sudo apt install masscan )
- Tested on Ubuntu & Kali linux
How to install and run -
git clone https://github.com/yashpl/mongoBuster.git cd mongoBuster go build mongobuster.go utils.go sudo ./mongobuster
Note: Run it with sudo as Masscan requires sudo access.
|--max-rate= (int)||Defines maximum rate at which packets are generated and sent. Default is 100.|
|--out-file= (string)||Name of file to which vulnerable IPs will be exported.|
|-v||Display error msgs from non-vulnerable servers|
Using ridiculous values for
max-rate flag like 10000+ will most likely bring down your own network infrastructure.
Recommended value is to start with
--max-rate 500 for consumer Gigabit routers.
Happy Hunting ;)
Final Note :- If you find bunch of insecure insances, ( which you will! ) You might wanna explore them with GUI tools like - Robo 3t
Please report these insecure instances to their respective owners, Lets make a safer internet together <3.