MongoDB Credentials
#
Description#
GeneralDocumentation: https://docs.mongodb.com/manual/reference/connection-string/
Summary: MongoDB is a document-oriented database. This detector aims at finding MongoDB credentials in the form of URI connection strings, variable assignments or used when calling its CLIs.
IPs allowlist: This can be implemented directly on the server running Mongo.
Scopes: MongoDB employs role-based access control to govern access to the system. Various roles can be attributed to users. Read this documentation for more details.
#
Revoke the secretUser's permissions can be managed by database administrators. Users with appropriate privileges can also change their own passwords. Read this documentation on changing passwords for more details.
#
Check for suspicious activityDatabase access logs can be stored and audited on the server side to investigate suspicious activities.
Mongo assignment
#
Details for Family: Database
Category: Data storage
High recall: False
Validity check available: True
On-premise instances exist: True
Only valid secrets raise an alert: False
Minimum number of matches: 5
Occurrences found for one million commits: 5.07
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator banlist_extensions: [] banlist_filenames: [] check_binaries: false include_default_banlist_extensions: true ban_markup: true- type: ContentWhitelistPreValidator patterns: - mongo
#
Examples- text: > docker run --name mongo -d -p 8080:8080 DB_HOST=mongo.com DB_PORT=5434 DB_username=root DB_password=m42ploz2wd DB_NAME=paul host: mongo.com port: "5434" username: root password: m42ploz2wd database: paul
- text: > docker run --name mongo -d -p 8080:8080 DB-HOST=mongo.com DB-PORT=5434 DB-username=root DB-password=m42ploz2wd DB-NAME=paul host: mongo.com port: "5434" username: root password: m42ploz2wd database: paul
- text: >- +spring.data.mongodb.username=root +spring.data.mongodb.password=m42ploz2wd
+spring.data.mongodb.database=mydb +spring.data.mongodb.port=27017 +spring.data.mongodb.host=some_host.mongodb.net host: some_host.mongodb.net port: "27017" username: root password: m42ploz2wd database: mydb
Mongo cli
#
Details for Family: Database
Category: Data storage
High recall: False
Validity check available: True
On-premise instances exist: True
Only valid secrets raise an alert: False
Minimum number of matches: 3
Occurrences found for one million commits: 1.12
Prefixed: False
PreValidators:
- type: FilenameBanlistPreValidator banlist_extensions: [] banlist_filenames: [] check_binaries: false include_default_banlist_extensions: true ban_markup: true- type: ContentWhitelistPreValidator patterns: - mongo
#
Examples- text: mongodb --user randomman --password w@ri0rors0methIn@G03 --host mongodb.mywebsite.com username: randomman password: w@ri0rors0methIn@G03 host: mongodb.mywebsite.com
Mongo uri
#
Details for Family: Database
Category: Data storage
High recall: True
Validity check available: True
On-premise instances exist: True
Only valid secrets raise an alert: False
Minimum number of matches: 8
Occurrences found for one million commits: 912.32
Prefixed: True
PreValidators:
- type: FilenameBanlistPreValidator banlist_extensions: [] banlist_filenames: [] check_binaries: false include_default_banlist_extensions: true ban_markup: false- type: ContentWhitelistPreValidator patterns: - mongo
#
Examples- text: > CONECTION_URI="mongodb://root:m42ploz2wd@google.com:5434/thegift" host: google.com port: "5434" username: root password: m42ploz2wd scheme: mongodb connection_uri: mongodb://root:m42ploz2wd@google.com:5434/thegift database: thegift
- text: > const MongoClient = require('mongodb').MongoClient; const uri = "mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority"; const client = new MongoClient(uri, { useNewUrlParser: true }); client.connect(err => { const collection = client.db("test").collection("devices"); // perform actions on the collection object client.close(); }); host: gg-is-awesome-xm273.mongodb.net username: testuser password: hub24aoeu scheme: mongodb+srv connection_uri: "mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority" query: "retryWrites=true&w=majority" database: test
- text: > client = mongoc_client_new ("mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority"); db = mongoc_client_get_database (client, "test"); host: gg-is-awesome-xm273.mongodb.net username: testuser password: hub24aoeu scheme: mongodb+srv connection_uri: "mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority" query: "retryWrites=true&w=majority" database: test
- text: > #include <mongocxx/client.hpp> ##include <mongocxx/instance.hpp> //... mongocxx::instance inst; mongocxx::client conn{mongocxx::uri{"mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority"}} mongocxx::database db = conn["test"]; host: gg-is-awesome-xm273.mongodb.net username: testuser password: hub24aoeu scheme: mongodb+srv connection_uri: "mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority" query: "retryWrites=true&w=majority" database: test
- text: > var client = new MongoClient("mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority"); var database = client.GetDatabase("test"); host: gg-is-awesome-xm273.mongodb.net username: testuser password: hub24aoeu scheme: mongodb+srv connection_uri: "mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority" query: "retryWrites=true&w=majority" database: test
- text: > MongoClientURI uri = new MongoClientURI( "mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority"); MongoClient mongoClient = new MongoClient(uri); MongoDatabase database = mongoClient.getDatabase("test"); host: gg-is-awesome-xm273.mongodb.net username: testuser password: hub24aoeu scheme: mongodb+srv connection_uri: "mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority" query: "retryWrites=true&w=majority" database: test
- text: > my $client = MongoDB->connect('mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority'); my $db = $client->get_database( 'test' ); host: gg-is-awesome-xm273.mongodb.net username: testuser password: hub24aoeu scheme: mongodb+srv connection_uri: "mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority" query: "retryWrites=true&w=majority" database: test
- text: > $client = new MongoDB\Client( 'mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority'); $db = $client->test; host: gg-is-awesome-xm273.mongodb.net username: testuser password: hub24aoeu scheme: mongodb+srv connection_uri: "mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority" query: "retryWrites=true&w=majority" database: test
- text: > client = pymongo.MongoClient("mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority") db = client.test host: gg-is-awesome-xm273.mongodb.net username: testuser password: hub24aoeu scheme: mongodb+srv connection_uri: "mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority" query: "retryWrites=true&w=majority" database: test
- text: > val uri: String = "mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority" System.setProperty("org.mongodb.async.type", "netty") val client: MongoClient = MongoClient(uri) val db: MongoDatabase = client.getDatabase("test") host: gg-is-awesome-xm273.mongodb.net username: testuser password: hub24aoeu scheme: mongodb+srv connection_uri: "mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority" query: "retryWrites=true&w=majority" database: test
- text: > val uri: String = "mongodb+srv://myuser:" + urllib.quote('realp@ssword') + "@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority" host: gg-is-awesome-xm273.mongodb.net username: myuser password: '" + urllib.quote(''realp@ssword'') + "' scheme: mongodb+srv connection_uri: 'mongodb+srv://myuser:" + urllib.quote(''realp@ssword'') + "@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority' query: "retryWrites=true&w=majority" database: test
- text: > val uri: String = "mongodb+srv://myuser:${encodeURI(realp@ssword)}@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority" host: gg-is-awesome-xm273.mongodb.net username: myuser password: "${encodeURI(realp@ssword)}" scheme: mongodb+srv connection_uri: "mongodb+srv://myuser:${encodeURI(realp@ssword)}@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority" query: "retryWrites=true&w=majority" database: test
- text: > mongodb://localhost:27017" || mongodb://heroku_cwf2cqqq:8vpi8pekalrvhlae96mahc4qqq@ds153494.mlab.com:53494/heroku_cwf2cqqq host: ds153494.mlab.com username: heroku_cwf2cqqq password: 8vpi8pekalrvhlae96mahc4qqq scheme: mongodb port: "53494" connection_uri: "mongodb://heroku_cwf2cqqq:8vpi8pekalrvhlae96mahc4qqq@ds153494.mlab.com:53494/heroku_cwf2cqqq" database: heroku_cwf2cqqq
- text: > mongodb://admin:truepwd695++@120.79.10.159:27017 host: 120.79.10.159 username: admin password: truepwd695++ scheme: mongodb port: "27017" connection_uri: "mongodb://admin:truepwd695++@120.79.10.159:27017"
# Test for collisions between mongo uri and microsoft_azure_storage- text: > Azure context mongodb://admin:ir0EuCMlWqb6UxaeBRlRlqpPnEmvCstYqvwPN3AWAMSNjPnjv7Ul8X6CHKlmtuDYgTlrVkSPzhHb8jFFHHzeeg==@120.79.10.159:27017 host: 120.79.10.159 username: admin password: ir0EuCMlWqb6UxaeBRlRlqpPnEmvCstYqvwPN3AWAMSNjPnjv7Ul8X6CHKlmtuDYgTlrVkSPzhHb8jFFHHzeeg== scheme: mongodb port: "27017" connection_uri: "mongodb://admin:ir0EuCMlWqb6UxaeBRlRlqpPnEmvCstYqvwPN3AWAMSNjPnjv7Ul8X6CHKlmtuDYgTlrVkSPzhHb8jFFHHzeeg==@120.79.10.159:27017"
# Test detection in md files- text: > CONECTION_URI="mongodb://root:m42ploz2wd@google.com:5434/thegift" host: google.com port: "5434" username: root password: m42ploz2wd scheme: mongodb connection_uri: mongodb://root:m42ploz2wd@google.com:5434/thegift database: thegift filename: some_file.md