|
25 | 25 | import subprocess |
26 | 26 | import json |
27 | 27 | import gridfs |
| 28 | +import ipcalc |
28 | 29 | from hashlib import md5 |
29 | 30 |
|
30 | 31 | #Set a list so we can track whether options are set or not to avoid resetting them in subsequent cals to the options menu. |
@@ -879,37 +880,62 @@ def stealDBs(myDB): |
879 | 880 |
|
880 | 881 | def massMongo(): |
881 | 882 | global victim |
| 883 | + optCheck = True |
882 | 884 | loadCheck = False |
883 | 885 | success = [] |
| 886 | + ipList = [] |
884 | 887 | print "\n" |
885 | 888 | print "MongoDB Default Access Scanner" |
886 | 889 | print "==============================" |
| 890 | + print "1-Scan a subnet for default MongoDB access" |
| 891 | + print "2-Loads IPs to scan from a file" |
887 | 892 |
|
888 | | - while loadCheck == False: |
889 | | - loadPath = raw_input("Enter file name with IP list to scan: ") |
| 893 | + while optCheck: |
| 894 | + loadOpt = raw_input("Select a scan method: ") |
| 895 | + |
| 896 | + |
| 897 | + if loadOpt == "1": |
| 898 | + subnet = raw_input("Enter subnet to scan: ") |
| 899 | + |
| 900 | + try: |
| 901 | + for ip in ipcalc.Network(subnet): |
| 902 | + ipList.append(str(ip)) |
| 903 | + optCheck = False |
| 904 | + except: |
| 905 | + raw_input("Not a valid subnet. Press enter to return to main menu.") |
| 906 | + mainMenu() |
| 907 | + |
| 908 | + |
| 909 | + print "Debug:" |
| 910 | + print ipList |
| 911 | + |
| 912 | + if loadOpt == "2": |
| 913 | + while loadCheck == False: |
| 914 | + loadPath = raw_input("Enter file name with IP list to scan: ") |
890 | 915 |
|
891 | | - try: |
892 | | - with open (loadPath) as f: |
893 | | - ipList = f.readlines() |
894 | | - loadCheck = True |
895 | | - except: |
896 | | - print "Couldn't open file." |
| 916 | + try: |
| 917 | + with open (loadPath) as f: |
| 918 | + ipList = f.readlines() |
| 919 | + loadCheck = True |
| 920 | + optCheck = False |
| 921 | + except: |
| 922 | + print "Couldn't open file." |
897 | 923 |
|
898 | 924 |
|
899 | 925 | print "\n" |
900 | 926 | for target in ipList: |
901 | 927 | try: |
902 | 928 | conn = pymongo.MongoClient(target,27017) |
903 | | - print "Connected to " + target[:-1] + "!" |
| 929 | + print "Connected to " + target |
904 | 930 | dbList = conn.database_names() |
905 | 931 |
|
906 | | - print "Successful admin access on " + target[:-1] + ".\n" |
| 932 | + print "Successful default access on " + target |
907 | 933 | target = target[:-1] |
908 | 934 | success.append(target) |
909 | 935 | conn.disconnect() |
910 | 936 |
|
911 | 937 | except: |
912 | | - print "Failed to connect to " + target[:-1] + " or credentials required." |
| 938 | + print "Failed to connect to or need credentials for " + target |
913 | 939 |
|
914 | 940 | print "\n\n" |
915 | 941 | print "Discovered MongoDB Servers:" |
|
0 commit comments