Released version 0.1.7

Author: rohitcoder

connection.yml.sample

@@ -35,13 +35,20 @@ sources:
       user: YOUR_MYSQL_USERNAME
       password: YOUR_MYSQL_PASSWORD
       database: YOUR_MYSQL_DATABASE_NAME
-  postgresql: 
-    postgresql1:
+  postgresql:
+    postgresql_example:
       host: YOUR_POSTGRESQL_HOST
       port: YOUR_POSTGRESQL_PORT
       user: YOUR_POSTGRESQL_USERNAME
       password: YOUR_POSTGRESQL_PASSWORD
       database: YOUR_POSTGRESQL_DATABASE_NAME
+  mongodb:  # New MongoDB configuration
+    mongodb_example:
+      host: YOUR_MONGODB_HOST
+      port: YOUR_MONGODB_PORT
+      username: YOUR_MONGODB_USERNAME
+      password: YOUR_MONGODB_PASSWORD
+      database: YOUR_MONGODB_DATABASE_NAME
   fs:
     fs_example:
       path: /path/to/your/filesystem/directory

hawk_scanner/commands/mongodb.py

@@ -0,0 +1,88 @@
+import pymongo
+from hawk_scanner.internals import system
+import re
+from rich.console import Console
+from rich.table import Table
+
+console = Console()
+
+def connect_mongodb(host, port, username, password, database, uri=None):
+    try:
+        if uri:
+            client = pymongo.MongoClient(uri)
+        else:
+            client = pymongo.MongoClient(host=host, port=port, username=username, password=password)
+
+        if database not in client.list_database_names():
+            system.print_error(f"Database {database} not found on MongoDB server.")
+            return None
+
+        db = client[database]
+        system.print_info(f"Connected to MongoDB database")
+        return db
+    except Exception as e:
+        system.print_error(f"Failed to connect to MongoDB database with error: {e}")
+        return None
+
+
+def check_data_patterns(db, patterns, profile_name, database_name):
+    results = []
+    for collection_name in db.list_collection_names():
+        collection = db[collection_name]
+        for document in collection.find():
+            for field_name, field_value in document.items():
+                if field_value:
+                    value_str = str(field_value)
+                    matches = system.match_strings(value_str)
+                    if matches:
+                        for match in matches:
+                            results.append({
+                                'host': db.client.address[0],
+                                'database': database_name,
+                                'collection': collection_name,
+                                'field': field_name,
+                                'pattern_name': match['pattern_name'],
+                                'matches': match['matches'],
+                                'sample_text': match['sample_text'],
+                                'profile': profile_name,
+                                'data_source': 'mongodb'
+                            })
+
+    return results
+
+def execute(args):
+    results = []
+    system.print_info(f"Running Checks for MongoDB Sources")
+    connections = system.get_connection()
+
+    if 'sources' in connections:
+        sources_config = connections['sources']
+        mongodb_config = sources_config.get('mongodb')
+
+        if mongodb_config:
+            patterns = system.get_fingerprint_file()
+
+            for key, config in mongodb_config.items():
+                host = config.get('host')
+                port = config.get('port', 27017)  # default MongoDB port
+                username = config.get('username')
+                password = config.get('password')
+                database = config.get('database')
+                uri = config.get('uri')  # Added support for URI
+
+                if uri:
+                    system.print_info(f"Checking MongoDB Profile {key} using URI")
+                elif host and username and password and database:
+                    system.print_info(f"Checking MongoDB Profile {key} with host and authentication")
+                else:
+                    system.print_error(f"Incomplete MongoDB configuration for key: {key}")
+                    continue
+
+                db = connect_mongodb(host, port, username, password, database, uri)
+                if db:
+                    results += check_data_patterns(db, patterns, key, database)
+        else:
+            system.print_error("No MongoDB connection details found in connection.yml")
+    else:
+        system.print_error("No 'sources' section found in connection.yml")
+    return results

hawk_scanner/internals/system.py

@@ -8,7 +8,7 @@
 import json
 
 console = Console()
-parser = argparse.ArgumentParser(description='🦅 A powerful scanner to scan your Filesystem, S3, MySQL, Redis, Google Cloud Storage and Firebase storage for PII and sensitive data.')
+parser = argparse.ArgumentParser(description='🦅 A powerful scanner to scan your Filesystem, S3, MySQL, PostgreSQL, MongoDB, Redis, Google Cloud Storage and Firebase storage for PII and sensitive data.')
 parser.add_argument('--connection', action='store', help='YAML Connection file path')
 parser.add_argument('--fingerprint', action='store', help='Override YAML fingerprint file path')
 parser.add_argument('--debug', action='store_true', help='Enable debug mode')

hawk_scanner/main.py

@@ -21,7 +21,7 @@ def clear_screen():
 console = Console()
 
 ## Now separate the results by data_source
-data_sources = ['s3', 'mysql', 'redis', 'firebase', 'gcs', 'fs', 'postgresql']
+data_sources = ['s3', 'mysql', 'redis', 'firebase', 'gcs', 'fs', 'postgresql', 'mongodb']
 
 def load_command_module(command):
     try:
@@ -85,14 +85,16 @@ def main():
         table.add_column("Vulnerable Profile")
         if group == 's3':
             table.add_column("Bucket > File Path")
-        elif group == 'mysql':
+        elif group == 'mysql' or group == 'postgresql':
             table.add_column("Host > Database > Table.Column")
         elif group == 'redis':
             table.add_column("Host > Key")
         elif group == 'firebase' or group == 'gcs':
             table.add_column("Bucket > File Path")
         elif group == 'fs':
             table.add_column("File Path")
+        elif group == 'mongodb':
+            table.add_column("Host > Database > Collection > Field")
 
         table.add_column("Pattern Name")
         table.add_column("Total Exposed")
@@ -162,7 +164,41 @@ def main():
                 )
 
                 system.SlackNotify(AlertMsg)
-                
+           
+            elif group == 'mongodb':
+                table.add_row(
+                    str(i),
+                    result['profile'],
+                    f"{result['host']} > {result['database']} > {result['collection']} > {result['field']}",
+                    result['pattern_name'],
+                    str(len(result['matches'])),
+                    str(', '.join(result['matches'])),
+                    result['sample_text'],
+                )
+
+                # Slack notification for MongoDB
+                AlertMsg = """
+                *** PII Or Secret Found ***
+                Data Source: MongoDB
+                Host: {host}
+                Database: {database}
+                Collection: {collection}
+                Field: {field}
+                Pattern Name: {pattern_name}
+                Total Exposed: {total_exposed}
+                Exposed Values: {exposed_values}
+                """.format(
+                    host=result['host'],
+                    database=result['database'],
+                    collection=result['collection'],
+                    field=result['field'],
+                    pattern_name=result['pattern_name'],
+                    total_exposed=str(len(result['matches'])),
+                    exposed_values=', '.join(result['matches'])
+                )
+
+                system.SlackNotify(AlertMsg)
+
             elif group == 'postgresql':
                 table.add_row(
                     str(i),

readme.md

@@ -17,7 +17,7 @@
 
 ### 🦅 HAWK Eye - Highly Advanced Watchful Keeper Eye
 
-HAWK Eye is a powerful and versatile CLI (Command-Line Interface) tool designed to be your vigilant watchkeeper, guarding against potential data breaches and cyber threats across various platforms. Inspired by the precision and vision of majestic birds of prey, HAWK Eye swiftly scans multiple data sources, including S3, MySQL, PostgreSQL, Redis, Firebase, filesystem, and Google Cloud buckets (GCS), for Personally Identifiable Information (PII) and secrets.
+HAWK Eye is a powerful and versatile CLI (Command-Line Interface) tool designed to be your vigilant watchkeeper, guarding against potential data breaches and cyber threats across various platforms. Inspired by the precision and vision of majestic birds of prey, HAWK Eye swiftly scans multiple data sources, including S3, MySQL, PostgreSQL, MongoDB, Redis, Firebase, filesystem, and Google Cloud buckets (GCS), for Personally Identifiable Information (PII) and secrets.
 
 
 ### Why "HAWK Eye"?
@@ -113,6 +113,11 @@ Note: If you don't provide any command, it will run all commands (firebase, fs,
             mysql
          <td>Scan MySQL profiles for PII and secrets data.</td>
       </tr>
+      <tr>
+         <td>
+            mongodb
+         <td>Scan MongoDB profiles for PII and secrets data.</td>
+      </tr>
       <tr>
          <td>
             postgresql

requirements.txt

@@ -6,4 +6,5 @@ redis
 firebase-admin
 google-cloud-core
 google-cloud-storage
-psycopg2-binary
+psycopg2-binary
+pymongo==3.13.0

setup.py

@@ -1,4 +1,4 @@
-VERSION = "0.1.6"
+VERSION = "0.1.7"
 
 from setuptools import setup, find_packages
 
@@ -11,7 +11,7 @@
 setup(
     name='hawk_scanner',
     version=VERSION,   
-    description='A powerful scanner to scan your Filesystem, S3, MySQL, PostgreSQL, Redis, Google Cloud Storage and Firebase storage for PII and sensitive data.',
+    description='A powerful scanner to scan your Filesystem, S3, MongoDB, MySQL, PostgreSQL, Redis, Google Cloud Storage and Firebase storage for PII and sensitive data.',
     long_description=long_description,
     long_description_content_type="text/markdown",
     url='https://github.com/rohitcoder/hawk-eye',