@@ -380,7 +380,7 @@ def netAttacks(target):
380380 dbList = []
381381
382382 print "Checking to see if credentials are needed..."
383- needCreds = accessCheck (target ,dbPort )
383+ needCreds = accessCheck (target ,dbPort , False )
384384
385385 if needCreds == 0 :
386386 conn = pymongo .MongoClient (target ,dbPort )
@@ -1335,32 +1335,61 @@ def stealDBs(myDB):
13351335 raw_input ("Something went wrong. Are you sure your MongoDB is running and options are set? Press enter to return..." )
13361336 return
13371337
1338- def accessCheck (ip ,port ):
1339- try :
1340- conn = pymongo .MongoClient (ip ,port )
1338+ def accessCheck (ip ,port ,pingIt ):
1339+
1340+ if pingIt == True :
1341+ test = os .system ("ping -w 0.1 -c 1 " + ip + ">/dev/null" )
1342+
1343+ if test == 0 :
1344+ try :
1345+ conn = pymongo .MongoClient (ip ,port )
13411346
1347+ try :
1348+ dbList = conn .database_names ()
1349+ conn .disconnect ()
1350+ return 0
1351+
1352+ except :
1353+ if str (sys .exc_info ()).find ('need to login' ) != - 1 :
1354+ conn .disconnect ()
1355+ return 1
1356+
1357+ else :
1358+ conn .disconnect ()
1359+ return 2
1360+
1361+ except :
1362+ return 3
1363+
1364+ else :
1365+ return 4
1366+ else :
13421367 try :
1343- dbList = conn .database_names ()
1344- conn .disconnect ()
1345- return 0
1368+ conn = pymongo .MongoClient (ip ,port )
13461369
1347- except :
1348- if str ( sys . exc_info ()). find ( 'need to login' ) != - 1 :
1370+ try :
1371+ dbList = conn . database_names ()
13491372 conn .disconnect ()
1350- return 1
1373+ return 0
1374+
1375+ except :
1376+ if str (sys .exc_info ()).find ('need to login' ) != - 1 :
1377+ conn .disconnect ()
1378+ return 1
13511379
1352- else :
1353- conn .disconnect ()
1354- return 2
1380+ else :
1381+ conn .disconnect ()
1382+ return 2
13551383
1356- except :
1357- return 3
1358-
1384+ except :
1385+ return 3
13591386
1387+
13601388def massMongo ():
13611389 global victim
13621390 optCheck = True
13631391 loadCheck = False
1392+ ping = False
13641393 success = []
13651394 creds = []
13661395 ipList = []
@@ -1369,10 +1398,11 @@ def massMongo():
13691398 print "=============================="
13701399 print "1-Scan a subnet for default MongoDB access"
13711400 print "2-Loads IPs to scan from a file"
1401+ print "3-Enable/disable host pings before attempting connection"
13721402 print "x-Return to main menu"
13731403
13741404 while optCheck :
1375- loadOpt = raw_input ("Select a scan method : " )
1405+ loadOpt = raw_input ("Select an option : " )
13761406
13771407 if loadOpt == "1" :
13781408 subnet = raw_input ("Enter subnet to scan: " )
@@ -1396,14 +1426,23 @@ def massMongo():
13961426 optCheck = False
13971427 except :
13981428 print "Couldn't open file."
1429+
1430+ if loadOpt == "3" :
1431+ if ping == False :
1432+ ping = True
1433+ print "Scan will ping host before connection attempt."
1434+
1435+ elif ping == True :
1436+ ping = False
1437+ print "Scan will not ping host before connection attempt."
13991438
14001439 if loadOpt == "x" :
14011440 return
14021441
14031442
14041443 print "\n "
14051444 for target in ipList :
1406- result = accessCheck (target ,27017 )
1445+ result = accessCheck (target ,27017 , ping )
14071446
14081447 if result == 0 :
14091448 print "Successful default access on " + target + "."
@@ -1419,6 +1458,9 @@ def massMongo():
14191458
14201459 elif result == 3 :
14211460 print "Couldn't connect to " + target + "."
1461+
1462+ elif result == 4 :
1463+ print target + " didn't respond to ping."
14221464
14231465
14241466 print "\n \n "
0 commit comments