Mongone is a comprehensive Python-based tool designed for security professionals to facilitate various MongoDB operations, including database enumeration, data exfiltration, data restoration, and bcrypt password brute-forcing. This tool leverages multiple libraries to ensure efficiency and effectiveness.
- Port Scanning with NMAP: Ensures MongoDB port availability and security.
- Database Enumeration: Identifies and lists all databases and collections, helping to identify potential security issues.
- Data Exfiltration: Securely dumps and removes databases, inserting a ransom message.
- Data Restoration: Restores databases from backups.
- Bcrypt Password Brute-Forcing: Tests the strength of bcrypt hashed passwords using the rockyou.txt wordlist.
- Security Assessment: Identify potential vulnerabilities in MongoDB deployments.
- Database Management: Perform essential database operations with ease.
- Ethical Hacking: Assist in penetration testing and ethical hacking activities.
- Password Security: Test the strength of bcrypt hashed passwords.
PORT: Default MongoDB port. (Value:27017)BACKUP_DIR: Directory for storing database backups. (Value:/home/dax21/Desktop/backup)WORD_LIST: Path to the wordlist file for brute-forcing passwords. (Value:rockyou.txt)
- Python and Required Libraries:
- Ensure Python is installed on your system.
- Install required libraries using pip:
pip install bcrypt pymongo nmap
- rockyou.txt Wordlist:
- Download the
rockyou.txtwordlist. - Place it in the specified path for the tool to access:
/path/to/rockyou.txt
- Download the
- Port Scanning: Verifies if the MongoDB port is open using nmap.
- User Menu Interactions: Presents options to the user for different database operations.
- Database Operations:
- Enumerate all databases.
- Exfiltrate database.
- Restore database.
- Enumerate databases based on user choice.
- Password Brute-Forcing: Detects bcrypt hashed passwords and attempts to crack them with user permission.
Command to execute:
python script.py <target_ip>