MongoDB Credentials

Description#

General#

Documentation: https://docs.mongodb.com/manual/reference/connection-string/
Summary: MongoDB is a document-oriented database. This detector aims at finding MongoDB credentials in the form of URI connection strings, variable assignments or used when calling its CLIs.
IPs allowlist: This can be implemented directly on the server running Mongo.
Scopes: MongoDB employs role-based access control to govern access to the system. Various roles can be attributed to users. Read this documentation for more details.

Revoke the secret#

User's permissions can be managed by database administrators. Users with appropriate privileges can also change their own passwords. Read this documentation on changing passwords for more details.

Check for suspicious activity#

Database access logs can be stored and audited on the server side to investigate suspicious activities.

Details for `Mongo assignment`#

Family: Database
Category: Data storage
High recall: False
Validity check available: True
On-premise instances exist: True
Only valid secrets raise an alert: False
Minimum number of matches: 5
Occurrences found for one million commits: 5.07
Prefixed: False
PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions: []  banlist_filenames: []  check_binaries: false  include_default_banlist_extensions: true  ban_markup: true- type: ContentWhitelistPreValidator  patterns:  - mongo

Examples#

- text: >    docker run --name mongo -d -p 8080:8080    DB_HOST=mongo.com    DB_PORT=5434    DB_username=root    DB_password=m42ploz2wd    DB_NAME=paul  host: mongo.com  port: "5434"  username: root  password: m42ploz2wd  database: paul
- text: >    docker run --name mongo -d -p 8080:8080    DB-HOST=mongo.com    DB-PORT=5434    DB-username=root    DB-password=m42ploz2wd    DB-NAME=paul  host: mongo.com  port: "5434"  username: root  password: m42ploz2wd  database: paul
- text: >-    +spring.data.mongodb.username=root    +spring.data.mongodb.password=m42ploz2wd
    +spring.data.mongodb.database=mydb    +spring.data.mongodb.port=27017    +spring.data.mongodb.host=some_host.mongodb.net  host: some_host.mongodb.net  port: "27017"  username: root  password: m42ploz2wd  database: mydb

Details for `Mongo cli`#

Family: Database
Category: Data storage
High recall: False
Validity check available: True
On-premise instances exist: True
Only valid secrets raise an alert: False
Minimum number of matches: 3
Occurrences found for one million commits: 1.12
Prefixed: False
PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions: []  banlist_filenames: []  check_binaries: false  include_default_banlist_extensions: true  ban_markup: true- type: ContentWhitelistPreValidator  patterns:  - mongo

Examples#

- text: mongodb --user randomman --password w@ri0rors0methIn@G03 --host mongodb.mywebsite.com  username: randomman  password: w@ri0rors0methIn@G03  host: mongodb.mywebsite.com

Details for `Mongo uri`#

Family: Database
Category: Data storage
High recall: True
Validity check available: True
On-premise instances exist: True
Only valid secrets raise an alert: False
Minimum number of matches: 8
Occurrences found for one million commits: 912.32
Prefixed: True
PreValidators:

- type: FilenameBanlistPreValidator  banlist_extensions: []  banlist_filenames: []  check_binaries: false  include_default_banlist_extensions: true  ban_markup: false- type: ContentWhitelistPreValidator  patterns:  - mongo

Examples#

- text: >    CONECTION_URI="mongodb://root:m42ploz2wd@google.com:5434/thegift"  host: google.com  port: "5434"  username: root  password: m42ploz2wd  scheme: mongodb  connection_uri: mongodb://root:m42ploz2wd@google.com:5434/thegift  database: thegift
- text: >    const MongoClient = require('mongodb').MongoClient;    const uri = "mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority";    const client = new MongoClient(uri, { useNewUrlParser: true });    client.connect(err => {      const collection = client.db("test").collection("devices");      // perform actions on the collection object      client.close();    });  host: gg-is-awesome-xm273.mongodb.net  username: testuser  password: hub24aoeu  scheme: mongodb+srv  connection_uri: "mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority"  query: "retryWrites=true&w=majority"  database: test
- text: >    client = mongoc_client_new ("mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority");    db = mongoc_client_get_database (client, "test");  host: gg-is-awesome-xm273.mongodb.net  username: testuser  password: hub24aoeu  scheme: mongodb+srv  connection_uri: "mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority"  query: "retryWrites=true&w=majority"  database: test
- text: >    #include <mongocxx/client.hpp>    ##include <mongocxx/instance.hpp>    //...    mongocxx::instance inst;    mongocxx::client conn{mongocxx::uri{"mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority"}}    mongocxx::database db = conn["test"];  host: gg-is-awesome-xm273.mongodb.net  username: testuser  password: hub24aoeu  scheme: mongodb+srv  connection_uri: "mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority"  query: "retryWrites=true&w=majority"  database: test
- text: >    var client = new MongoClient("mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority");    var database = client.GetDatabase("test");  host: gg-is-awesome-xm273.mongodb.net  username: testuser  password: hub24aoeu  scheme: mongodb+srv  connection_uri: "mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority"  query: "retryWrites=true&w=majority"  database: test
- text: >    MongoClientURI uri = new MongoClientURI(    "mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority");    MongoClient mongoClient = new MongoClient(uri);    MongoDatabase database = mongoClient.getDatabase("test");  host: gg-is-awesome-xm273.mongodb.net  username: testuser  password: hub24aoeu  scheme: mongodb+srv  connection_uri: "mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority"  query: "retryWrites=true&w=majority"  database: test
- text: >    my $client = MongoDB->connect('mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority');    my $db = $client->get_database( 'test' );  host: gg-is-awesome-xm273.mongodb.net  username: testuser  password: hub24aoeu  scheme: mongodb+srv  connection_uri: "mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority"  query: "retryWrites=true&w=majority"  database: test
- text: >    $client = new MongoDB\Client(    'mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority');    $db = $client->test;  host: gg-is-awesome-xm273.mongodb.net  username: testuser  password: hub24aoeu  scheme: mongodb+srv  connection_uri: "mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority"  query: "retryWrites=true&w=majority"  database: test
- text: >    client = pymongo.MongoClient("mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority")    db = client.test  host: gg-is-awesome-xm273.mongodb.net  username: testuser  password: hub24aoeu  scheme: mongodb+srv  connection_uri: "mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority"  query: "retryWrites=true&w=majority"  database: test
- text: >    val uri: String = "mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority"    System.setProperty("org.mongodb.async.type", "netty")    val client: MongoClient = MongoClient(uri)    val db: MongoDatabase = client.getDatabase("test")  host: gg-is-awesome-xm273.mongodb.net  username: testuser  password: hub24aoeu  scheme: mongodb+srv  connection_uri: "mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority"  query: "retryWrites=true&w=majority"  database: test
- text: >    val uri: String = "mongodb+srv://myuser:" + urllib.quote('realp@ssword') + "@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority"  host: gg-is-awesome-xm273.mongodb.net  username: myuser  password: '" + urllib.quote(''realp@ssword'') + "'  scheme: mongodb+srv  connection_uri: 'mongodb+srv://myuser:" + urllib.quote(''realp@ssword'') + "@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority'  query: "retryWrites=true&w=majority"  database: test
- text: >    val uri: String = "mongodb+srv://myuser:${encodeURI(realp@ssword)}@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority"  host: gg-is-awesome-xm273.mongodb.net  username: myuser  password: "${encodeURI(realp@ssword)}"  scheme: mongodb+srv  connection_uri: "mongodb+srv://myuser:${encodeURI(realp@ssword)}@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority"  query: "retryWrites=true&w=majority"  database: test
- text: >    mongodb://localhost:27017" || mongodb://heroku_cwf2cqqq:8vpi8pekalrvhlae96mahc4qqq@ds153494.mlab.com:53494/heroku_cwf2cqqq  host: ds153494.mlab.com  username: heroku_cwf2cqqq  password: 8vpi8pekalrvhlae96mahc4qqq  scheme: mongodb  port: "53494"  connection_uri: "mongodb://heroku_cwf2cqqq:8vpi8pekalrvhlae96mahc4qqq@ds153494.mlab.com:53494/heroku_cwf2cqqq"  database: heroku_cwf2cqqq
- text: >    mongodb://admin:truepwd695++@120.79.10.159:27017  host: 120.79.10.159  username: admin  password: truepwd695++  scheme: mongodb  port: "27017"  connection_uri: "mongodb://admin:truepwd695++@120.79.10.159:27017"
# Test for collisions between mongo uri and microsoft_azure_storage- text: >    Azure context    mongodb://admin:ir0EuCMlWqb6UxaeBRlRlqpPnEmvCstYqvwPN3AWAMSNjPnjv7Ul8X6CHKlmtuDYgTlrVkSPzhHb8jFFHHzeeg==@120.79.10.159:27017  host: 120.79.10.159  username: admin  password: ir0EuCMlWqb6UxaeBRlRlqpPnEmvCstYqvwPN3AWAMSNjPnjv7Ul8X6CHKlmtuDYgTlrVkSPzhHb8jFFHHzeeg==  scheme: mongodb  port: "27017"  connection_uri: "mongodb://admin:ir0EuCMlWqb6UxaeBRlRlqpPnEmvCstYqvwPN3AWAMSNjPnjv7Ul8X6CHKlmtuDYgTlrVkSPzhHb8jFFHHzeeg==@120.79.10.159:27017"
# Test detection in md files- text: >    CONECTION_URI="mongodb://root:m42ploz2wd@google.com:5434/thegift"  host: google.com  port: "5434"  username: root  password: m42ploz2wd  scheme: mongodb  connection_uri: mongodb://root:m42ploz2wd@google.com:5434/thegift  database: thegift  filename: some_file.md

Description#

General#

Revoke the secret#

Check for suspicious activity#

Details for Mongo assignment#

Examples#

Details for Mongo cli#

Examples#

Details for Mongo uri#

Examples#

Details for `Mongo assignment`#

Details for `Mongo cli`#

Details for `Mongo uri`#