mongoaudit is a CLI tool for auditing MongoDB servers, detecting poor security settings and performing automated penetration testing. It is widely known that there are quite a few holes in MongoDB's default configuration settings. This fact, combined with abundant lazy system administrators and developers, has led to what the press has called the MongoDB apocalypse. mongoaudit not only detects misconfigurations, known vulnerabilities and bugs but also gives you advice on how to fix them, recommends best practices and teaches you how to DevOp like a pro! MongoDB listens on a port different to default one. Server only accepts connections from whitelisted hosts / networks. MongoDB HTTP status interface is not accessible on port 28017. MongoDB is not exposing its version number. MongoDB version is newer than 2.4. TLS/SSL encryption is enabled. Authentication is enabled. SCRAM-SHA-1 authentication method is enabled.

Features

  • Server-side Javascript is forbidden
  • Roles granted to the user only permit CRUD operations
  • The user has permissions over a single database
  • Authentication is enabled
  • TLS/SSL encryption is enabled
  • MongoDB is not exposing its version number

Project Samples

mongoaudit Screenshot 1

Project Activity

See All Activity >

Categories

Database, Penetration Testing

License

MIT License

Follow mongoaudit

mongoaudit Web Site

Other Useful Business Software
Custom VMs From 1 to 96 vCPUs With 99.95% Uptime Icon
Custom VMs From 1 to 96 vCPUs With 99.95% Uptime

General-purpose, compute-optimized, or GPU/TPU-accelerated. Built to your exact specs.

Live migration and automatic failover keep workloads online through maintenance. One free e2-micro VM every month.
Try Free
Rate This Project
Login To Rate This Project

User Reviews

Be the first to post a review of mongoaudit!

Additional Project Details

Programming Language

Python

Related Categories

Python Database Software, Python Penetration Testing Tool

Registered

2022-07-25
Report inappropriate content