Create mongodb_scanner.go
Adding mongodb checks. Mongodb is often not password protected, leaving databases exposed. Additionally, mongodb can reveal identifying information about the host.
This commit is contained in:
parent
5b0e733da3
commit
4874bee930
|
@ -53,7 +53,11 @@ func (os *OnionScan) Scan(hiddenService string) (*report.OnionScanReport, error)
|
|||
smps := new(protocol.SMTPProtocolScanner)
|
||||
smps.ScanProtocol(hiddenService, os.Config, report)
|
||||
|
||||
if !report.WebDetected && !report.SSHDetected && !report.RicochetDetected && !report.BitcoinDetected && !report.IRCDetected && !report.FTPDetected && !report.SMTPDetected {
|
||||
//MongoDb
|
||||
mdbps := new(protocol.MongoDBProtocolScanner)
|
||||
mdbps.ScanProtocol(hiddenService, os.Config, report)
|
||||
|
||||
if !report.WebDetected && !report.SSHDetected && !report.RicochetDetected && !report.BitcoinDetected && !report.IRCDetected && !report.FTPDetected && !report.SMTPDetected && !report.MongoDBDetected {
|
||||
fmt.Printf("Unable to connect to this Tor Hidden Service on any known protocol.\n")
|
||||
return nil, errors.New("Unable to connect to this Tor Hidden Service on any known protocol.")
|
||||
}
|
||||
|
|
|
@ -0,0 +1,26 @@
|
|||
package protocol
|
||||
|
||||
import (
|
||||
"github.com/s-rah/onionscan/config"
|
||||
"github.com/s-rah/onionscan/report"
|
||||
"h12.me/socks"
|
||||
"log"
|
||||
)
|
||||
|
||||
type MongoDBProtocolScanner struct {
|
||||
}
|
||||
|
||||
func (rps *MongoDBProtocolScanner) ScanProtocol(hiddenService string, onionscanConfig *config.OnionscanConfig, report *report.OnionScanReport) {
|
||||
// MongoDB
|
||||
log.Printf("Checking %s MongoDB(27017)\n", hiddenService)
|
||||
_, err := socks.DialSocksProxy(socks.SOCKS5, onionscanConfig.TorProxyAddress)("", hiddenService+":27017")
|
||||
if err != nil {
|
||||
log.Printf("Failed to connect to service on port 27017\n")
|
||||
report.MongoDBDetected = false
|
||||
} else {
|
||||
log.Printf("Detected possible MongoDB instance\n")
|
||||
// TODO: Actual Analysis
|
||||
report.MongoDBDetected = true
|
||||
}
|
||||
|
||||
}
|
|
@ -25,6 +25,7 @@ type OnionScanReport struct {
|
|||
SMTPDetected bool `json:"smtpDetected"`
|
||||
|
||||
BitcoinDetected bool `json:"bitcoinDetected"`
|
||||
MongoDBDetected bool `json:"mongodbDetected"`
|
||||
|
||||
HiddenService string `json:"hiddenService"`
|
||||
ServerPoweredBy string `json:"serverPoweredBy"`
|
||||
|
|
Loading…
Reference in New Issue