Skip to main content

MongoDB Credentials

Description

General

  • Documentation: https://docs.mongodb.com/manual/reference/connection-string/

  • Summary: MongoDB is a document-oriented database. This detector aims at finding MongoDB credentials in the form of URI connection strings, variable assignments or used when calling its CLIs.

  • IPs allowlist: This can be implemented directly on the server running Mongo.

  • Scopes: MongoDB employs role-based access control to govern access to the system. Various roles can be attributed to users. Read this documentation for more details.

Revoke the secret

User's permissions can be managed by database administrators. Users with appropriate privileges can also change their own passwords. Read this documentation on changing passwords for more details.

Check for suspicious activity

Database access logs can be stored and audited on the server side to investigate suspicious activities.

Details for Mongo assignment

  • Family: Database

  • Category: Data storage

  • High recall: False

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 5

  • Occurrences found for one million commits: 5.12

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator
banlist_extensions: []
banlist_filenames: []
check_binaries: false
include_default_banlist_extensions: true
ban_markup: true
- type: ContentWhitelistPreValidator
patterns:
- mongo

Examples

- text: |
docker run --name mongo -d -p 8080:8080
DB_HOST=mongo.com
DB_PORT=5434
DB_username=root
DB_password=m42ploz2wd
DB_NAME=paul
host: mongo.com
port: '5434'
username: root
password: m42ploz2wd
database: paul

- text: |
docker run --name mongo -d -p 8080:8080
DB-HOST=mongo.com
DB-PORT=5434
DB-username=root
DB-password=m42ploz2wd
DB-NAME=paul
host: mongo.com
port: '5434'
username: root
password: m42ploz2wd
database: paul

- text: |-
+spring.data.mongodb.username=root
+spring.data.mongodb.password=m42ploz2wd

+spring.data.mongodb.database=mydb
+spring.data.mongodb.port=27017
+spring.data.mongodb.host=some_host.mongodb.net
host: some_host.mongodb.net
port: '27017'
username: root
password: m42ploz2wd
database: mydb

Details for Mongo cli

  • Family: Database

  • Category: Data storage

  • Company: MongoDB

  • High recall: False

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 3

  • Occurrences found for one million commits: 1.12

  • Prefixed: False

  • PreValidators:

- type: FilenameBanlistPreValidator
banlist_extensions: []
banlist_filenames: []
check_binaries: false
include_default_banlist_extensions: true
ban_markup: true
- type: ContentWhitelistPreValidator
patterns:
- mongo

Examples

- text: mongodb --user randomman --password w@ri0rors0methIn@G03 --host mongodb.mywebsite.com
username: randomman
password: w@ri0rors0methIn@G03
host: mongodb.mywebsite.com

Details for Mongo uri

  • Family: Database

  • Category: Data storage

  • Company: MongoDB

  • High recall: True

  • Validity check available: True

  • On-premise instances exist: False

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 5

  • Occurrences found for one million commits: 1236.02

  • Prefixed: True

  • PreValidators:

- type: FilenameBanlistPreValidator
banlist_extensions: []
banlist_filenames: []
check_binaries: false
include_default_banlist_extensions: true
ban_markup: false
- type: ContentWhitelistPreValidator
patterns:
- mongo

Examples

- text: |
CONECTION_URI="mongodb://root:m42ploz2wd@google.com:5434/thegift"
host: google.com
port: '5434'
username: root
password: m42ploz2wd
scheme: mongodb
connection_uri: mongodb://root:m42ploz2wd@google.com:5434/thegift
database: thegift

- text: |
const MongoClient = require('mongodb').MongoClient;
const uri = "mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority";
const client = new MongoClient(uri, { useNewUrlParser: true });
client.connect(err => {
const collection = client.db("test").collection("devices");
// perform actions on the collection object
client.close();
});
host: gg-is-awesome-xm273.mongodb.net
username: testuser
password: hub24aoeu
scheme: mongodb+srv
connection_uri: 'mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority'
query: 'retryWrites=true&w=majority'
database: test

- text: |
client = mongoc_client_new ("mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority");
db = mongoc_client_get_database (client, "test");
host: gg-is-awesome-xm273.mongodb.net
username: testuser
password: hub24aoeu
scheme: mongodb+srv
connection_uri: 'mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority'
query: 'retryWrites=true&w=majority'
database: test

- text: |
#include <mongocxx/client.hpp>
##include <mongocxx/instance.hpp>
//...
mongocxx::instance inst;
mongocxx::client conn{mongocxx::uri{"mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority"}}
mongocxx::database db = conn["test"];
host: gg-is-awesome-xm273.mongodb.net
username: testuser
password: hub24aoeu
scheme: mongodb+srv
connection_uri: 'mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority'
query: 'retryWrites=true&w=majority'
database: test

- text: |
var client = new MongoClient("mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority");
var database = client.GetDatabase("test");
host: gg-is-awesome-xm273.mongodb.net
username: testuser
password: hub24aoeu
scheme: mongodb+srv
connection_uri: 'mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority'
query: 'retryWrites=true&w=majority'
database: test

- text: |
MongoClientURI uri = new MongoClientURI(
"mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority");
MongoClient mongoClient = new MongoClient(uri);
MongoDatabase database = mongoClient.getDatabase("test");
host: gg-is-awesome-xm273.mongodb.net
username: testuser
password: hub24aoeu
scheme: mongodb+srv
connection_uri: 'mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority'
query: 'retryWrites=true&w=majority'
database: test

- text: |
my $client = MongoDB->connect('mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority');
my $db = $client->get_database( 'test' );
host: gg-is-awesome-xm273.mongodb.net
username: testuser
password: hub24aoeu
scheme: mongodb+srv
connection_uri: 'mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority'
query: 'retryWrites=true&w=majority'
database: test

- text: |
$client = new MongoDB\Client(
'mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority');
$db = $client->test;
host: gg-is-awesome-xm273.mongodb.net
username: testuser
password: hub24aoeu
scheme: mongodb+srv
connection_uri: 'mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority'
query: 'retryWrites=true&w=majority'
database: test

- text: |
client = pymongo.MongoClient("mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority")
db = client.test
host: gg-is-awesome-xm273.mongodb.net
username: testuser
password: hub24aoeu
scheme: mongodb+srv
connection_uri: 'mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority'
query: 'retryWrites=true&w=majority'
database: test

- text: |
val uri: String = "mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority"
System.setProperty("org.mongodb.async.type", "netty")
val client: MongoClient = MongoClient(uri)
val db: MongoDatabase = client.getDatabase("test")
host: gg-is-awesome-xm273.mongodb.net
username: testuser
password: hub24aoeu
scheme: mongodb+srv
connection_uri: 'mongodb+srv://testuser:hub24aoeu@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority'
query: 'retryWrites=true&w=majority'
database: test

- text: |
val uri: String = "mongodb+srv://myuser:" + urllib.quote('realp@ssword') + "@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority"
host: gg-is-awesome-xm273.mongodb.net
username: myuser
password: '" + urllib.quote(''realp@ssword'') + "'
scheme: mongodb+srv
connection_uri: 'mongodb+srv://myuser:" + urllib.quote(''realp@ssword'') + "@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority'
query: 'retryWrites=true&w=majority'
database: test

- text: |
val uri: String = "mongodb+srv://myuser:${encodeURI(realp@ssword)}@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority"
host: gg-is-awesome-xm273.mongodb.net
username: myuser
password: '${encodeURI(realp@ssword)}'
scheme: mongodb+srv
connection_uri: 'mongodb+srv://myuser:${encodeURI(realp@ssword)}@gg-is-awesome-xm273.mongodb.net/test?retryWrites=true&w=majority'
query: 'retryWrites=true&w=majority'
database: test

- text: |
mongodb://localhost:27017" || mongodb://heroku_cwf2cqqq:8vpi8pekalrvhlae96mahc4qqq@ds153494.mlab.com:53494/heroku_cwf2cqqq
host: ds153494.mlab.com
username: heroku_cwf2cqqq
password: 8vpi8pekalrvhlae96mahc4qqq
scheme: mongodb
port: '53494'
connection_uri: 'mongodb://heroku_cwf2cqqq:8vpi8pekalrvhlae96mahc4qqq@ds153494.mlab.com:53494/heroku_cwf2cqqq'
database: heroku_cwf2cqqq

- text: |
mongodb://admin:truepwd695++@120.79.10.159:27017
host: 120.79.10.159
username: admin
password: truepwd695++
scheme: mongodb
port: '27017'
connection_uri: 'mongodb://admin:truepwd695++@120.79.10.159:27017'

# Test for collisions between mongo uri and microsoft_azure_storage
- text: |
Azure context
mongodb://admin:ir0EuCMlWqb6UxaeBRlRlqpPnEmvCstYqvwPN3AWAMSNjPnjv7Ul8X6CHKlmtuDYgTlrVkSPzhHb8jFFHHzeeg==@120.79.10.159:27017
host: 120.79.10.159
username: admin
password: ir0EuCMlWqb6UxaeBRlRlqpPnEmvCstYqvwPN3AWAMSNjPnjv7Ul8X6CHKlmtuDYgTlrVkSPzhHb8jFFHHzeeg==
scheme: mongodb
port: '27017'
connection_uri: 'mongodb://admin:ir0EuCMlWqb6UxaeBRlRlqpPnEmvCstYqvwPN3AWAMSNjPnjv7Ul8X6CHKlmtuDYgTlrVkSPzhHb8jFFHHzeeg==@120.79.10.159:27017'

# Test detection in md files
- text: |
CONECTION_URI="mongodb://root:m42ploz2wd@google.com:5434/thegift"
host: google.com
port: '5434'
username: root
password: m42ploz2wd
scheme: mongodb
connection_uri: mongodb://root:m42ploz2wd@google.com:5434/thegift
database: thegift

How can I help you ?