stampery / mongoaudit Goto Github PK
View Code? Open in Web Editor NEWπ₯ A powerful MongoDB auditing and pentesting tool π₯
Home Page: https://mongoaud.it
License: MIT License
mongoaudit's People
Contributors
Stargazers
Watchers
Forkers
waalt aesedepece kronolynx trailbot bigrayhicks lucaswerkmeister kartikeyap yelhamer wflk luanjampa andersonsantos hax0rg1rl rubythonode lakevilladom hhy5277 p3t3rp4rk3r olivierh59500 minkione nirio69510 brammittendorff-dd magicknight songofhack codedevloper mbuffet techscientist ekultek kaicastledine menzenski rinodung sukelluskello amorb xcpep zeeshansultan awesome-security dicksonchow tantantut ngendlio ra4king splat tardummy01 ovens krodyx signedbytes sergs2003 chenliang100 kbahaxor kai5263499 harendranathvegi9 zminjiao gsdu8g9 buglloc anonimus0 security-geeks gdunghi ll2b dung3on sh1nu11bi drorasaf team-firebugs smrk3r syzxlyx machinesaac cybort artemii235 lzy11332211 cs24 puppycodes r3p3r webshell520 subzeroking violentfork swpflow byte4sec opt9 ro9ueadmin qsdj c0dak chouaibhm seabreg wolfwhoami ibet7o hadeshacker acetolyne ezgisu mmg1 mdand2000 tim1512 romainvaadata vishnurajkv cvfdej sasqwatch icechen1219 bbhunter mrlynn hxl1987 himmatong paitha28 tommytrg modulexcite developerstimongoaudit's Issues
Single-server setups
In reading the description the key phrase I missed was "MongoDB instances." I have a single-server setup. Naturally the tests didn't make much sense then, as only a few ports are open on my server, and MongoDB isn't one of them.
However, I did note a few things: When it scanned hostname:27017 it congratulated me for listening on a non-obvious port. Actually, this is the default port. The fact that it's not open shouldn't make a difference to the audit given that the second test checks that it "only accepts connections from whitelisted hosts / networks."
The advanced mode doesn't make much sense for my setup either. I would suggest making it a little more obvious the use-case this is intended for.
Perhaps there could also be some notes about which of these might apply to setups where MongoDB is on the same server as the application? I imagine quite a few of these issues apply (e.g. server-side JavaScript).
Now if I may digress momentarily:
- The "Mongo apocalypse" could have been greatly mitigated with proper backups. While this isn't security per se, and data would still be compromised, I think it would be worth adding a small reminder to the results page, given the context of this tool.
- Very nice design. This is the prettiest console UI I've seen.
The functions implementing security checks currently return several possible types
As pointed out by @elecay in #28:
There is inconsistency on method responds. For example, some methods return magic numbers, like enabled() and some methods return boolean, like available().
Currently, possible return values are:
Falseor0, standing for failure (did not pass)Trueor1, standing for success (did pass)[2, "some message"], standing for partial success (a warning message is thrown)3, standing for omission because of unmet precondition (likely: previous check did not pass)
Exception handling in tests is inconsistent.
I ran into this while debugging #9.
The connection exception, which gives valuable information, is silently swallowed in testers.py#Tester#get_connection. In contrast, tester exceptions themselves aren't caught at all and cause mongoaudit to crash.
Expected behavior:
The connection exception is surfaced and testing does not continue
If an exception is encountered in a particular test, it is logged and the rest of the tests continue as normal. This allows a user to see the results of the non-crashed tests.
App cannot handle non-ASCII chars
After running mongoaudit > click on Advanced, and as I type URI, I touched "ΓΌ" - and client crashed, as follows:
Traceback (most recent call last):
File "mongoaudit", line 31, in
File "src/main.py", line 61, in main
File "src/main.py", line 21, in init
File "src/main.py", line 56, in main
File "urwid/main_loop.py", line 278, in run
File "urwid/main_loop.py", line 376, in _run
File "urwid/main_loop.py", line 682, in run
File "urwid/main_loop.py", line 719, in _loop
File "urwid/raw_display.py", line 393, in
File "urwid/raw_display.py", line 493, in parse_input
File "urwid/main_loop.py", line 403, in _update
File "urwid/main_loop.py", line 503, in process_input
File "urwid/container.py", line 592, in keypress
File "urwid/container.py", line 1587, in keypress
File "src/widgets.py", line 213, in keypress
File "urwid/container.py", line 1587, in keypress
File "urwid/decoration.py", line 621, in keypress
File "urwid/container.py", line 1587, in keypress
File "urwid/container.py", line 1587, in keypress
File "src/widgets.py", line 149, in keypress
File "urwid/container.py", line 2269, in keypress
File "urwid/container.py", line 1587, in keypress
File "urwid/container.py", line 2269, in keypress
File "urwid/decoration.py", line 621, in keypress
File "urwid/widget.py", line 1474, in keypress
File "urwid/widget.py", line 1398, in insert_text
File "urwid/widget.py", line 1415, in _normalize_to_caption
UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 0: ordinal not in range(128)
Failed to execute script mongoaudit
Test ticket from Code Climate
crash on test 7
Traceback (most recent call last):
File "/usr/local/bin/mongoaudit", line 11, in <module>
sys.exit(main())
File "/usr/local/lib/python3.6/dist-packages/mongoaudit/__main__.py", line 64, in main
App().main()
File "/usr/local/lib/python3.6/dist-packages/mongoaudit/__main__.py", line 23, in __init__
self.main()
File "/usr/local/lib/python3.6/dist-packages/mongoaudit/__main__.py", line 58, in main
self.loop.run()
File "/usr/local/lib/python3.6/dist-packages/urwid/main_loop.py", line 287, in run
self._run()
File "/usr/local/lib/python3.6/dist-packages/urwid/main_loop.py", line 385, in _run
self.event_loop.run()
File "/usr/local/lib/python3.6/dist-packages/urwid/main_loop.py", line 790, in run
self._loop()
File "/usr/local/lib/python3.6/dist-packages/urwid/main_loop.py", line 827, in _loop
self._watch_files[fd]()
File "/usr/local/lib/python3.6/dist-packages/urwid/raw_display.py", line 417, in <lambda>
event_loop, callback, self.get_available_raw_input())
File "/usr/local/lib/python3.6/dist-packages/urwid/raw_display.py", line 515, in parse_input
callback(processed, processed_codes)
File "/usr/local/lib/python3.6/dist-packages/urwid/main_loop.py", line 412, in _update
self.process_input(keys)
File "/usr/local/lib/python3.6/dist-packages/urwid/main_loop.py", line 513, in process_input
k = self._topmost_widget.keypress(self.screen_size, k)
File "/usr/local/lib/python3.6/dist-packages/urwid/container.py", line 599, in keypress
*self.calculate_padding_filler(size, True)), key)
File "/usr/local/lib/python3.6/dist-packages/urwid/container.py", line 1626, in keypress
key = self.focus.keypress(tsize, key)
File "/usr/local/lib/python3.6/dist-packages/mongoaudit/widgets.py", line 220, in keypress
return self.__super.keypress(size, key)
File "/usr/local/lib/python3.6/dist-packages/urwid/container.py", line 1626, in keypress
key = self.focus.keypress(tsize, key)
File "/usr/local/lib/python3.6/dist-packages/urwid/decoration.py", line 622, in keypress
return self._original_widget.keypress(maxvals, key)
File "/usr/local/lib/python3.6/dist-packages/urwid/container.py", line 1626, in keypress
key = self.focus.keypress(tsize, key)
File "/usr/local/lib/python3.6/dist-packages/urwid/container.py", line 1626, in keypress
key = self.focus.keypress(tsize, key)
File "/usr/local/lib/python3.6/dist-packages/mongoaudit/widgets.py", line 145, in keypress
self.next_callback()
File "/usr/local/lib/python3.6/dist-packages/mongoaudit/widgets.py", line 184, in next
self.callbacks['next'](form=self, **(self.get_field_values()))
File "/usr/local/lib/python3.6/dist-packages/mongoaudit/cards.py", line 101, in _next
self.run_test(cred, title, tester, tests)
File "/usr/local/lib/python3.6/dist-packages/mongoaudit/cards.py", line 129, in run_test
test_runner.run(self.app)
File "/usr/local/lib/python3.6/dist-packages/mongoaudit/widgets.py", line 271, in run
self.tester.run(self.each, self.end)
File "/usr/local/lib/python3.6/dist-packages/mongoaudit/testers/testers.py", line 45, in run
res = test.run()
File "/usr/local/lib/python3.6/dist-packages/mongoaudit/testers/testers.py", line 161, in run
test_result = TEST_FUNCTIONS[self.test_name](self)
File "/usr/local/lib/python3.6/dist-packages/mongoaudit/testers/decorators.py", line 6, in userinfo_available
return func(test) if test.tester.info else 3
File "/usr/local/lib/python3.6/dist-packages/mongoaudit/testers/tls.py", line 25, in enabled
with test.tester.conn._socket_for_writes() as socket_info:
TypeError: _socket_for_writes() missing 1 required positional argument: 'session'
root@vagrant:/etc/apt/sources.list.d# python --version
Python 3.6.9
root@vagrant:/etc/apt/sources.list.d# cat /etc/*release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=18.04
DISTRIB_CODENAME=bionic
DISTRIB_DESCRIPTION="Ubuntu 18.04.4 LTS"
NAME="Ubuntu"
VERSION="18.04.4 LTS (Bionic Beaver)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 18.04.4 LTS"
VERSION_ID="18.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=bionic
UBUNTU_CODENAME=bionic
root@vagrant:/etc/apt/sources.list.d#```
Unknown ssl cer error
/usr/local/lib/python3.10/dist-packages/mongoaudit-0.1.1-py3.10.egg/mongoaudit/widgets.py:144: SyntaxWarning: "is" with a literal. Did you mean "=="?
/usr/local/lib/python3.10/dist-packages/mongoaudit-0.1.1-py3.10.egg/mongoaudit/widgets.py:394: SyntaxWarning: "is" with a literal. Did you mean "=="?
/usr/local/lib/python3.10/dist-packages/mongoaudit-0.1.1-py3.10.egg/mongoaudit/widgets.py:400: SyntaxWarning: "is" with a literal. Did you mean "=="?
/usr/local/lib/python3.10/dist-packages/mongoaudit-0.1.1-py3.10.egg/mongoaudit/widgets.py:144: SyntaxWarning: "is" with a literal. Did you mean "=="?
/usr/local/lib/python3.10/dist-packages/mongoaudit-0.1.1-py3.10.egg/mongoaudit/widgets.py:394: SyntaxWarning: "is" with a literal. Did you mean "=="?
/usr/local/lib/python3.10/dist-packages/mongoaudit-0.1.1-py3.10.egg/mongoaudit/widgets.py:400: SyntaxWarning: "is" with a literal. Did you mean "=="?
Traceback (most recent call last):
File "/usr/local/bin/mongoaudit", line 33, in
sys.exit(load_entry_point('mongoaudit==0.1.1', 'console_scripts', 'mongoaudit')())
File "/usr/local/lib/python3.10/dist-packages/mongoaudit-0.1.1-py3.10.egg/mongoaudit/main.py", line 64, in main
File "/usr/local/lib/python3.10/dist-packages/mongoaudit-0.1.1-py3.10.egg/mongoaudit/main.py", line 23, in init
File "/usr/local/lib/python3.10/dist-packages/mongoaudit-0.1.1-py3.10.egg/mongoaudit/main.py", line 58, in main
File "/usr/local/lib/python3.10/dist-packages/urwid-2.1.2-py3.10-linux-x86_64.egg/urwid/main_loop.py", line 287, in run
self._run()
File "/usr/local/lib/python3.10/dist-packages/urwid-2.1.2-py3.10-linux-x86_64.egg/urwid/main_loop.py", line 385, in _run
self.event_loop.run()
File "/usr/local/lib/python3.10/dist-packages/urwid-2.1.2-py3.10-linux-x86_64.egg/urwid/main_loop.py", line 790, in run
self._loop()
File "/usr/local/lib/python3.10/dist-packages/urwid-2.1.2-py3.10-linux-x86_64.egg/urwid/main_loop.py", line 827, in _loop
self._watch_filesfd
File "/usr/local/lib/python3.10/dist-packages/urwid-2.1.2-py3.10-linux-x86_64.egg/urwid/raw_display.py", line 416, in
wrapper = lambda: self.parse_input(
File "/usr/local/lib/python3.10/dist-packages/urwid-2.1.2-py3.10-linux-x86_64.egg/urwid/raw_display.py", line 515, in parse_input
callback(processed, processed_codes)
File "/usr/local/lib/python3.10/dist-packages/urwid-2.1.2-py3.10-linux-x86_64.egg/urwid/main_loop.py", line 412, in _update
self.process_input(keys)
File "/usr/local/lib/python3.10/dist-packages/urwid-2.1.2-py3.10-linux-x86_64.egg/urwid/main_loop.py", line 513, in process_input
k = self._topmost_widget.keypress(self.screen_size, k)
File "/usr/local/lib/python3.10/dist-packages/urwid-2.1.2-py3.10-linux-x86_64.egg/urwid/container.py", line 598, in keypress
return self.top_w.keypress(self.top_w_size(size,
File "/usr/local/lib/python3.10/dist-packages/urwid-2.1.2-py3.10-linux-x86_64.egg/urwid/container.py", line 1626, in keypress
key = self.focus.keypress(tsize, key)
File "/usr/local/lib/python3.10/dist-packages/mongoaudit-0.1.1-py3.10.egg/mongoaudit/widgets.py", line 220, in keypress
File "/usr/local/lib/python3.10/dist-packages/urwid-2.1.2-py3.10-linux-x86_64.egg/urwid/container.py", line 1626, in keypress
key = self.focus.keypress(tsize, key)
File "/usr/local/lib/python3.10/dist-packages/urwid-2.1.2-py3.10-linux-x86_64.egg/urwid/decoration.py", line 622, in keypress
return self._original_widget.keypress(maxvals, key)
File "/usr/local/lib/python3.10/dist-packages/urwid-2.1.2-py3.10-linux-x86_64.egg/urwid/container.py", line 1626, in keypress
key = self.focus.keypress(tsize, key)
File "/usr/local/lib/python3.10/dist-packages/urwid-2.1.2-py3.10-linux-x86_64.egg/urwid/container.py", line 1626, in keypress
key = self.focus.keypress(tsize, key)
File "/usr/local/lib/python3.10/dist-packages/mongoaudit-0.1.1-py3.10.egg/mongoaudit/widgets.py", line 145, in keypress
File "/usr/local/lib/python3.10/dist-packages/mongoaudit-0.1.1-py3.10.egg/mongoaudit/widgets.py", line 184, in next
File "/usr/local/lib/python3.10/dist-packages/mongoaudit-0.1.1-py3.10.egg/mongoaudit/cards.py", line 99, in _next
File "/usr/local/lib/python3.10/dist-packages/mongoaudit-0.1.1-py3.10.egg/mongoaudit/testers/testers.py", line 32, in init
File "/usr/local/lib/python3.10/dist-packages/mongoaudit-0.1.1-py3.10.egg/mongoaudit/testers/testers.py", line 77, in get_connection
File "/usr/local/lib/python3.10/dist-packages/mongoaudit-0.1.1-py3.10.egg/mongoaudit/testers/testers.py", line 86, in get_tls_connection
File "/home/satya/.local/lib/python3.10/site-packages/pymongo/mongo_client.py", line 771, in init
dict(common.validate(keyword_opts.cased_key(k), v) for k, v in keyword_opts.items())
File "/home/satya/.local/lib/python3.10/site-packages/pymongo/mongo_client.py", line 771, in
dict(common.validate(keyword_opts.cased_key(k), v) for k, v in keyword_opts.items())
File "/home/satya/.local/lib/python3.10/site-packages/pymongo/common.py", line 780, in validate
value = validator(option, value)
File "/home/satya/.local/lib/python3.10/site-packages/pymongo/common.py", line 159, in raise_config_error
raise ConfigurationError("Unknown option %s" % (key,))
pymongo.errors.ConfigurationError: Unknown option ssl_cert_reqs
Please provide the solution for the same issue.
mongoaudit unattended (not interactive)
thanks for mongoaudit. Gave me some nice inputs for our config.
Is it possible to run mongoaudit unattended?
Crashes with "SSL handshake failed" if you choose the authenticated option
It works fine for the basic test (no authentication), but when I tried the authenticated one the program crashed with the message below. Note that I'm connecting directly to an IP address with no SSL.
Traceback (most recent call last):
File "/home/user/.local/bin/mongoaudit", line 11, in <module>
sys.exit(main())
File "/home/user/.local/lib/python2.7/site-packages/mongoaudit/__main__.py", line 64, in main
App().main()
File "/home/user/.local/lib/python2.7/site-packages/mongoaudit/__main__.py", line 23, in __init__
self.main()
File "/home/user/.local/lib/python2.7/site-packages/mongoaudit/__main__.py", line 58, in main
self.loop.run()
File "/home/user/.local/lib/python2.7/site-packages/urwid/main_loop.py", line 286, in run
self._run()
File "/home/user/.local/lib/python2.7/site-packages/urwid/main_loop.py", line 384, in _run
self.event_loop.run()
File "/home/user/.local/lib/python2.7/site-packages/urwid/main_loop.py", line 788, in run
self._loop()
File "/home/user/.local/lib/python2.7/site-packages/urwid/main_loop.py", line 825, in _loop
self._watch_files[fd]()
File "/home/user/.local/lib/python2.7/site-packages/urwid/raw_display.py", line 404, in <lambda>
event_loop, callback, self.get_available_raw_input())
File "/home/user/.local/lib/python2.7/site-packages/urwid/raw_display.py", line 502, in parse_input
callback(processed, processed_codes)
File "/home/user/.local/lib/python2.7/site-packages/urwid/main_loop.py", line 411, in _update
self.process_input(keys)
File "/home/user/.local/lib/python2.7/site-packages/urwid/main_loop.py", line 511, in process_input
k = self._topmost_widget.keypress(self.screen_size, k)
File "/home/user/.local/lib/python2.7/site-packages/urwid/container.py", line 595, in keypress
*self.calculate_padding_filler(size, True)), key)
File "/home/user/.local/lib/python2.7/site-packages/urwid/container.py", line 1590, in keypress
key = self.focus.keypress(tsize, key)
File "/home/user/.local/lib/python2.7/site-packages/mongoaudit/widgets.py", line 220, in keypress
return self.__super.keypress(size, key)
File "/home/user/.local/lib/python2.7/site-packages/urwid/container.py", line 1590, in keypress
key = self.focus.keypress(tsize, key)
File "/home/user/.local/lib/python2.7/site-packages/urwid/decoration.py", line 622, in keypress
return self._original_widget.keypress(maxvals, key)
File "/home/user/.local/lib/python2.7/site-packages/urwid/container.py", line 1590, in keypress
key = self.focus.keypress(tsize, key)
File "/home/user/.local/lib/python2.7/site-packages/urwid/container.py", line 1590, in keypress
key = self.focus.keypress(tsize, key)
File "/home/user/.local/lib/python2.7/site-packages/mongoaudit/widgets.py", line 145, in keypress
self.next_callback()
File "/home/user/.local/lib/python2.7/site-packages/mongoaudit/widgets.py", line 184, in next
self.callbacks['next'](form=self, **(self.get_field_values()))
File "/home/user/.local/lib/python2.7/site-packages/mongoaudit/cards.py", line 101, in _next
self.run_test(cred, title, tester, tests)
File "/home/user/.local/lib/python2.7/site-packages/mongoaudit/cards.py", line 129, in run_test
test_runner.run(self.app)
File "/home/user/.local/lib/python2.7/site-packages/mongoaudit/widgets.py", line 271, in run
self.tester.run(self.each, self.end)
File "/home/user/.local/lib/python2.7/site-packages/mongoaudit/testers/testers.py", line 45, in run
res = test.run()
File "/home/user/.local/lib/python2.7/site-packages/mongoaudit/testers/testers.py", line 161, in run
test_result = TEST_FUNCTIONS[self.test_name](self)
File "/home/user/.local/lib/python2.7/site-packages/mongoaudit/testers/testers.py", line 242, in try_scram
mechanism='SCRAM-SHA-1'))
File "/home/user/.local/lib/python2.7/site-packages/pymongo/database.py", line 1274, in authenticate
connect=True)
File "/home/user/.local/lib/python2.7/site-packages/pymongo/mongo_client.py", line 609, in _cache_credentials
writable_preferred_server_selector)
File "/home/user/.local/lib/python2.7/site-packages/pymongo/topology.py", line 224, in select_server
address))
File "/home/user/.local/lib/python2.7/site-packages/pymongo/topology.py", line 183, in select_servers
selector, server_timeout, address)
File "/home/user/.local/lib/python2.7/site-packages/pymongo/topology.py", line 199, in _select_servers_loop
self._error_message(selector))
pymongo.errors.ServerSelectionTimeoutError: SSL handshake failed: my.server.ip.addr:port: EOF occurred in violation of protocol (_ssl.c:590)
installing with curl inside docker ubuntu container
I installed and ran mongoaudit inside a new docker container today and found the provided curl installation instructions incomplete.
Per the instructions, curl -s https://mongoaud.it/install | bash and mongoaudit should be enough, but I found that it needed to be made executable first. I needed to do curl -s https://mongoaud.it/install | bash, chmod +x mongoaudit, and ./mongoaudit.
Cannot email results
emailing results fail with a 503 error :(
Check progress card
Make installation flow more pythonesque
This includes publishing the tool on pypi and offer a wheel.
Crashed on advanced run step 22
Hi, I've ran the script in a Amazon Linux machine, targeting mongodb installed in ubuntu 14.04. The UI crashed with the following trace:
Traceback (most recent call last):
File "mongoaudit/__main__.py", line 66, in <module>
File "mongoaudit/__main__.py", line 63, in main
File "mongoaudit/__main__.py", line 23, in __init__
File "mongoaudit/__main__.py", line 58, in main
File "site-packages/urwid/main_loop.py", line 278, in run
File "site-packages/urwid/main_loop.py", line 376, in _run
File "site-packages/urwid/main_loop.py", line 682, in run
File "site-packages/urwid/main_loop.py", line 719, in _loop
File "site-packages/urwid/raw_display.py", line 393, in <lambda>
File "site-packages/urwid/raw_display.py", line 493, in parse_input
File "site-packages/urwid/main_loop.py", line 403, in _update
File "site-packages/urwid/main_loop.py", line 503, in process_input
File "site-packages/urwid/container.py", line 592, in keypress
File "site-packages/urwid/container.py", line 1587, in keypress
File "mongoaudit/widgets.py", line 220, in keypress
File "site-packages/urwid/container.py", line 1587, in keypress
File "site-packages/urwid/decoration.py", line 621, in keypress
File "site-packages/urwid/container.py", line 2269, in keypress
File "site-packages/urwid/wimp.py", line 535, in keypress
File "site-packages/urwid/widget.py", line 464, in _emit
File "site-packages/urwid/signals.py", line 264, in emit
File "site-packages/urwid/signals.py", line 294, in _call_callback
File "mongoaudit/widgets.py", line 184, in next
File "mongoaudit/cards.py", line 99, in _next
File "mongoaudit/cards.py", line 127, in run_test
File "mongoaudit/widgets.py", line 271, in run
File "mongoaudit/testers/testers.py", line 45, in run
File "mongoaudit/testers/testers.py", line 159, in run
File "mongoaudit/testers/testers.py", line 236, in try_scram
File "site-packages/pymongo/database.py", line 1018, in authenticate
File "site-packages/pymongo/mongo_client.py", line 439, in _cache_credentials
File "site-packages/pymongo/topology.py", line 210, in select_server
File "site-packages/pymongo/topology.py", line 186, in select_servers
pymongo.errors.ServerSelectionTimeoutError: connection closed
Failed to execute script __main__
The mongodb instance is using SSL and auth as expected.
Thanks,
mongoaudit aborts during step 7
mongoaudit run from Kali / Debian OS to target on CentOS.
the below error message occurs on step 7 of 20:
Traceback (most recent call last):
File "/usr/local/bin/mongoaudit", line 11, in
sys.exit(main())
File "/usr/local/lib/python2.7/dist-packages/mongoaudit/main.py", line 63, in main
App().main()
File "/usr/local/lib/python2.7/dist-packages/mongoaudit/main.py", line 23, in init
self.main()
File "/usr/local/lib/python2.7/dist-packages/mongoaudit/main.py", line 58, in main
self.loop.run()
File "/usr/lib/python2.7/dist-packages/urwid/main_loop.py", line 278, in run
self._run()
File "/usr/lib/python2.7/dist-packages/urwid/main_loop.py", line 376, in _run
self.event_loop.run()
File "/usr/lib/python2.7/dist-packages/urwid/main_loop.py", line 682, in run
self._loop()
File "/usr/lib/python2.7/dist-packages/urwid/main_loop.py", line 719, in _loop
self._watch_filesfd
File "/usr/lib/python2.7/dist-packages/urwid/raw_display.py", line 393, in
event_loop, callback, self.get_available_raw_input())
File "/usr/lib/python2.7/dist-packages/urwid/raw_display.py", line 493, in parse_input
callback(processed, processed_codes)
File "/usr/lib/python2.7/dist-packages/urwid/main_loop.py", line 403, in _update
self.process_input(keys)
File "/usr/lib/python2.7/dist-packages/urwid/main_loop.py", line 503, in process_input
k = self._topmost_widget.keypress(self.screen_size, k)
File "/usr/lib/python2.7/dist-packages/urwid/container.py", line 592, in keypress
*self.calculate_padding_filler(size, True)), key)
File "/usr/lib/python2.7/dist-packages/urwid/container.py", line 1587, in keypress
key = self.focus.keypress(tsize, key)
File "/usr/local/lib/python2.7/dist-packages/mongoaudit/widgets.py", line 220, in keypress
return self.__super.keypress(size, key)
File "/usr/lib/python2.7/dist-packages/urwid/container.py", line 1587, in keypress
key = self.focus.keypress(tsize, key)
File "/usr/lib/python2.7/dist-packages/urwid/decoration.py", line 621, in keypress
return self._original_widget.keypress(maxvals, key)
File "/usr/lib/python2.7/dist-packages/urwid/container.py", line 1587, in keypress
key = self.focus.keypress(tsize, key)
File "/usr/lib/python2.7/dist-packages/urwid/container.py", line 1587, in keypress
key = self.focus.keypress(tsize, key)
File "/usr/local/lib/python2.7/dist-packages/mongoaudit/widgets.py", line 145, in keypress
self.next_callback()
File "/usr/local/lib/python2.7/dist-packages/mongoaudit/widgets.py", line 184, in next
self.callbacks['next'](form=self, **(self.get_field_values()))
File "/usr/local/lib/python2.7/dist-packages/mongoaudit/cards.py", line 99, in _next
self.run_test(cred, title, tester, tests)
File "/usr/local/lib/python2.7/dist-packages/mongoaudit/cards.py", line 127, in run_test
test_runner.run(self.app)
File "/usr/local/lib/python2.7/dist-packages/mongoaudit/widgets.py", line 271, in run
self.tester.run(self.each, self.end)
File "/usr/local/lib/python2.7/dist-packages/mongoaudit/testers/testers.py", line 45, in run
res = test.run()
File "/usr/local/lib/python2.7/dist-packages/mongoaudit/testers/testers.py", line 159, in run
result = TEST_FUNCTIONSself.name
File "/usr/local/lib/python2.7/dist-packages/mongoaudit/testers/tls.py", line 40, in valid
cert = socket_info.sock.getpeercert()
AttributeError: '_socketobject' object has no attribute 'getpeercert'
error
kali2016 + python2.7
Traceback (most recent call last):
File "/usr/local/bin/mongoaudit", line 11, in
sys.exit(main())
File "/usr/local/lib/python2.7/dist-packages/mongoaudit/main.py", line 63, in main
App().main()
File "/usr/local/lib/python2.7/dist-packages/mongoaudit/main.py", line 23, in init
self.main()
File "/usr/local/lib/python2.7/dist-packages/mongoaudit/main.py", line 58, in main
self.loop.run()
File "/usr/lib/python2.7/dist-packages/urwid/main_loop.py", line 278, in run
self._run()
File "/usr/lib/python2.7/dist-packages/urwid/main_loop.py", line 376, in _run
self.event_loop.run()
File "/usr/lib/python2.7/dist-packages/urwid/main_loop.py", line 682, in run
self._loop()
File "/usr/lib/python2.7/dist-packages/urwid/main_loop.py", line 719, in _loop
self._watch_filesfd
File "/usr/lib/python2.7/dist-packages/urwid/raw_display.py", line 393, in
event_loop, callback, self.get_available_raw_input())
File "/usr/lib/python2.7/dist-packages/urwid/raw_display.py", line 493, in parse_input
callback(processed, processed_codes)
File "/usr/lib/python2.7/dist-packages/urwid/main_loop.py", line 403, in _update
self.process_input(keys)
File "/usr/lib/python2.7/dist-packages/urwid/main_loop.py", line 503, in process_input
k = self._topmost_widget.keypress(self.screen_size, k)
File "/usr/lib/python2.7/dist-packages/urwid/container.py", line 592, in keypress
*self.calculate_padding_filler(size, True)), key)
File "/usr/lib/python2.7/dist-packages/urwid/container.py", line 1587, in keypress
key = self.focus.keypress(tsize, key)
File "/usr/local/lib/python2.7/dist-packages/mongoaudit/widgets.py", line 220, in keypress
return self.__super.keypress(size, key)
File "/usr/lib/python2.7/dist-packages/urwid/container.py", line 1587, in keypress
key = self.focus.keypress(tsize, key)
File "/usr/lib/python2.7/dist-packages/urwid/decoration.py", line 621, in keypress
return self._original_widget.keypress(maxvals, key)
File "/usr/lib/python2.7/dist-packages/urwid/container.py", line 1587, in keypress
key = self.focus.keypress(tsize, key)
File "/usr/lib/python2.7/dist-packages/urwid/container.py", line 1587, in keypress
key = self.focus.keypress(tsize, key)
File "/usr/local/lib/python2.7/dist-packages/mongoaudit/widgets.py", line 145, in keypress
self.next_callback()
File "/usr/local/lib/python2.7/dist-packages/mongoaudit/widgets.py", line 184, in next
self.callbacks['next'](form=self, **(self.get_field_values()))
File "/usr/local/lib/python2.7/dist-packages/mongoaudit/cards.py", line 99, in _next
self.run_test(cred, title, tester, tests)
File "/usr/local/lib/python2.7/dist-packages/mongoaudit/cards.py", line 127, in run_test
test_runner.run(self.app)
File "/usr/local/lib/python2.7/dist-packages/mongoaudit/widgets.py", line 271, in run
self.tester.run(self.each, self.end)
File "/usr/local/lib/python2.7/dist-packages/mongoaudit/testers/testers.py", line 45, in run
res = test.run()
File "/usr/local/lib/python2.7/dist-packages/mongoaudit/testers/testers.py", line 159, in run
result = TEST_FUNCTIONSself.name
File "/usr/local/lib/python2.7/dist-packages/mongoaudit/testers/tls.py", line 40, in valid
cert = socket_info.sock.getpeercert()
AttributeError: '_socketobject' object has no attribute 'getpeercert'
Add x86 / 32bits support
Some users are locked to legacy x86 platforms. Let's support them!
Installation
I am not able to install in my local machine, I am using python 3.9.2 on my windows 10 desktop, any help?
NameError: global name 'urllib2' is not defined
While exporting basic or advanced report through email getting
NameError: global name 'urllib2' is not defined error
Python 2.7
MongoDB shell version v3.6.3
"enryption" β "encryption"
In "TLS/SSL encryption is enabled" test, inside the "passed" string.
Python 3 support
It currently declares it support python 3 although it is not
Mongoaudit on arch linux using black arch
Hi, when launching I get the following error:
Traceback (most recent call last):
File "mongoaudit/main.py", line 66, in
File "mongoaudit/main.py", line 63, in main
File "mongoaudit/main.py", line 23, in init
File "mongoaudit/main.py", line 58, in main
File "site-packages/urwid/main_loop.py", line 278, in run
File "site-packages/urwid/main_loop.py", line 376, in _run
File "site-packages/urwid/main_loop.py", line 682, in run
File "site-packages/urwid/main_loop.py", line 710, in _loop
File "site-packages/urwid/main_loop.py", line 671, in _entering_idle
File "site-packages/urwid/main_loop.py", line 564, in entering_idle
File "site-packages/urwid/main_loop.py", line 578, in draw_screen
File "site-packages/urwid/widget.py", line 141, in cached_render
File "site-packages/urwid/decoration.py", line 225, in render
File "site-packages/urwid/widget.py", line 141, in cached_render
File "site-packages/urwid/container.py", line 787, in render
File "site-packages/urwid/canvas.py", line 1147, in CanvasOverlay
File "site-packages/urwid/canvas.py", line 743, in overlay
AssertionError: top canvas of overlay not the size expected!(21, 0, -2, 21)
Failed to execute script main
Tried with pip, same error.
[Basic] Test 2 fails on 127.0.0.1
I run the basic test suite on my local instance which is run with the option --bind_ip 127.0.0.1
And the test fails and says my instance acept connections from unauthorized hosts ...
It should be Successful since it only accept connections from localhost.
Crash on Ubuntu with default mongodb installation
Can't view the 9th/10th assessment report, it crashes
# ./mongoaudit
Traceback (most recent call last):
File "./mongoaudit", line 31, in <module>
main()
File "/root//mongoaudit/src/main.py", line 61, in main
App().main()
File "/root//mongoaudit/src/main.py", line 21, in __init__
self.main()
File "/root//mongoaudit/src/main.py", line 56, in main
self.loop.run()
File "/usr/local/lib/python2.7/dist-packages/urwid/main_loop.py", line 278, in run
self._run()
File "/usr/local/lib/python2.7/dist-packages/urwid/main_loop.py", line 376, in _run
self.event_loop.run()
File "/usr/local/lib/python2.7/dist-packages/urwid/main_loop.py", line 682, in run
self._loop()
File "/usr/local/lib/python2.7/dist-packages/urwid/main_loop.py", line 719, in _loop
self._watch_files[fd]()
File "/usr/local/lib/python2.7/dist-packages/urwid/raw_display.py", line 393, in <lambda>
event_loop, callback, self.get_available_raw_input())
File "/usr/local/lib/python2.7/dist-packages/urwid/raw_display.py", line 493, in parse_input
callback(processed, processed_codes)
File "/usr/local/lib/python2.7/dist-packages/urwid/main_loop.py", line 403, in _update
self.process_input(keys)
File "/usr/local/lib/python2.7/dist-packages/urwid/main_loop.py", line 503, in process_input
k = self._topmost_widget.keypress(self.screen_size, k)
File "/usr/local/lib/python2.7/dist-packages/urwid/container.py", line 592, in keypress
*self.calculate_padding_filler(size, True)), key)
File "/usr/local/lib/python2.7/dist-packages/urwid/container.py", line 1587, in keypress
key = self.focus.keypress(tsize, key)
File "/usr/local/lib/python2.7/dist-packages/urwid/container.py", line 1587, in keypress
key = self.focus.keypress(tsize, key)
File "/usr/local/lib/python2.7/dist-packages/urwid/decoration.py", line 621, in keypress
return self._original_widget.keypress(maxvals, key)
File "/usr/local/lib/python2.7/dist-packages/urwid/decoration.py", line 385, in keypress
return self._original_widget.keypress((maxcol, self.height), key)
File "/usr/local/lib/python2.7/dist-packages/urwid/listbox.py", line 999, in keypress
key = focus_widget.keypress((maxcol,),key)
File "/usr/local/lib/python2.7/dist-packages/urwid/decoration.py", line 621, in keypress
return self._original_widget.keypress(maxvals, key)
File "/usr/local/lib/python2.7/dist-packages/urwid/container.py", line 2269, in keypress
key = w.keypress((mc,) + size[1:], key)
File "/usr/local/lib/python2.7/dist-packages/urwid/wimp.py", line 535, in keypress
self._emit('click')
File "/usr/local/lib/python2.7/dist-packages/urwid/widget.py", line 464, in _emit
signals.emit_signal(self, name, self, *args)
File "/usr/local/lib/python2.7/dist-packages/urwid/signals.py", line 264, in emit
result |= self._call_callback(callback, user_arg, user_args, args)
File "/usr/local/lib/python2.7/dist-packages/urwid/signals.py", line 294, in _call_callback
return bool(callback(*args_to_pass))
File "/root//mongoaudit/src/widgets.py", line 374, in <lambda>
lambda _: self.update_view(text))), 'button')
File "/root//mongoaudit/src/widgets.py", line 405, in update_view
self.result[self.currently_displayed - 1], self.test_result.options)
File "/root//mongoaudit/src/widgets.py", line 355, in test_display
test['extra_data'] + test['message'][1]
TypeError: coercing to Unicode: need string or buffer, NoneType found
TypeError: argument of type 'NoneType' is not iterable
Traceback (most recent call last):
File "./mongoaudit", line 31, in <module>
main()
File "/home/adansdpc/Stampery/Desarrollo/mongoaudit/src/main.py", line 62, in main
App().main()
File "/home/adansdpc/Stampery/Desarrollo/mongoaudit/src/main.py", line 22, in __init__
self.main()
File "/home/adansdpc/Stampery/Desarrollo/mongoaudit/src/main.py", line 57, in main
self.loop.run()
File "/home/adansdpc/anaconda2/lib/python2.7/site-packages/urwid/main_loop.py", line 278, in run
self._run()
File "/home/adansdpc/anaconda2/lib/python2.7/site-packages/urwid/main_loop.py", line 376, in _run
self.event_loop.run()
File "/home/adansdpc/anaconda2/lib/python2.7/site-packages/urwid/main_loop.py", line 682, in run
self._loop()
File "/home/adansdpc/anaconda2/lib/python2.7/site-packages/urwid/main_loop.py", line 719, in _loop
self._watch_files[fd]()
File "/home/adansdpc/anaconda2/lib/python2.7/site-packages/urwid/raw_display.py", line 393, in <lambda>
event_loop, callback, self.get_available_raw_input())
File "/home/adansdpc/anaconda2/lib/python2.7/site-packages/urwid/raw_display.py", line 493, in parse_input
callback(processed, processed_codes)
File "/home/adansdpc/anaconda2/lib/python2.7/site-packages/urwid/main_loop.py", line 403, in _update
self.process_input(keys)
File "/home/adansdpc/anaconda2/lib/python2.7/site-packages/urwid/main_loop.py", line 503, in process_input
k = self._topmost_widget.keypress(self.screen_size, k)
File "/home/adansdpc/anaconda2/lib/python2.7/site-packages/urwid/container.py", line 592, in keypress
*self.calculate_padding_filler(size, True)), key)
File "/home/adansdpc/anaconda2/lib/python2.7/site-packages/urwid/container.py", line 1587, in keypress
key = self.focus.keypress(tsize, key)
File "/home/adansdpc/Stampery/Desarrollo/mongoaudit/src/widgets.py", line 213, in keypress
return self.__super.keypress(size, key)
File "/home/adansdpc/anaconda2/lib/python2.7/site-packages/urwid/container.py", line 1587, in keypress
key = self.focus.keypress(tsize, key)
File "/home/adansdpc/anaconda2/lib/python2.7/site-packages/urwid/decoration.py", line 621, in keypress
return self._original_widget.keypress(maxvals, key)
File "/home/adansdpc/anaconda2/lib/python2.7/site-packages/urwid/container.py", line 1587, in keypress
key = self.focus.keypress(tsize, key)
File "/home/adansdpc/anaconda2/lib/python2.7/site-packages/urwid/container.py", line 1587, in keypress
key = self.focus.keypress(tsize, key)
File "/home/adansdpc/Stampery/Desarrollo/mongoaudit/src/widgets.py", line 147, in keypress
self.next_callback()
File "/home/adansdpc/Stampery/Desarrollo/mongoaudit/src/widgets.py", line 183, in next
self.callbacks['next'](form=self, **(self.get_field_values()))
File "/home/adansdpc/Stampery/Desarrollo/mongoaudit/src/cards.py", line 90, in <lambda>
uri, form, lambda cred: self.run_test(cred, title, tests))
File "/home/adansdpc/Stampery/Desarrollo/mongoaudit/src/tools.py", line 41, in validate_uri
callback(parsed)
File "/home/adansdpc/Stampery/Desarrollo/mongoaudit/src/cards.py", line 90, in <lambda>
uri, form, lambda cred: self.run_test(cred, title, tests))
File "/home/adansdpc/Stampery/Desarrollo/mongoaudit/src/cards.py", line 110, in run_test
test_runner.run(self.app)
File "/home/adansdpc/Stampery/Desarrollo/mongoaudit/src/widgets.py", line 264, in run
self.tester.run(self.each, self.end)
File "/home/adansdpc/Stampery/Desarrollo/mongoaudit/src/testers/testers.py", line 38, in run
res = test.run()
File "/home/adansdpc/Stampery/Desarrollo/mongoaudit/src/testers/testers.py", line 143, in run
result = TEST_FUNCTIONS[self.name](self)
File "/home/adansdpc/Stampery/Desarrollo/mongoaudit/src/testers/testers.py", line 226, in <lambda>
"4": lambda test: "version" not in test.tester.info,
TypeError: argument of type 'NoneType' is not iterableNot compatible with MongoDB Version 5.0
Hi guys,
your tool looks very amazing however it is not working with MongoDB Version 5.0 and pymongo pymongo-4.3.2 or higher.
I get error "pymongo.errors.ConfigurationError: Unknown option ssl_cert_reqs" which is a deprecated parameter.
I would appreaciate an update of your tool!
Matthias
Back button in FormCards is not activable by pressing Enter
Reproduction steps
- Navigate to a FormCard (e.g.: Basic test)
- Move cursor to Back
- Press Enter
Expected behavior
App navigates back to previous screen.
Current behavior
Nothing happens.
Options to use CMD line options or ENV variables to connect to MongoDB instances
Currently there is only one option to use the Connection String URI to connect to MongoDB instances. Because Connection String URI doesn't support tlsCAFile and tlsCertificateKeyFile, it wouldn't be possible to connect to MongoDB instances that requires these value in the connection string. It would be very nice if mongoaudit allows users to use Command line options or Environment Variables (like Mongo Drivers) instead.
Error when emailing results - NameError: global name 'urllib2' is not defined
Hello,
After scanning when I choose to email the report I get the following error:
Traceback (most recent call last):
File "/bin/mongoaudit", line 11, in
load_entry_point('mongoaudit==0.1.0', 'console_scripts', 'mongoaudit')()
File "/usr/lib/python2.7/site-packages/mongoaudit/__main__.py", line 64, in main
App().main()
File "/usr/lib/python2.7/site-packages/mongoaudit/__main__.py", line 23, in __init__
self.main()
File "/usr/lib/python2.7/site-packages/mongoaudit/__main__.py", line 58, in main
self.loop.run()
File "/usr/lib/python2.7/site-packages/urwid/main_loop.py", line 286, in run
self._run()
File "/usr/lib/python2.7/site-packages/urwid/main_loop.py", line 384, in _run
self.event_loop.run()
File "/usr/lib/python2.7/site-packages/urwid/main_loop.py", line 788, in run
self._loop()
File "/usr/lib/python2.7/site-packages/urwid/main_loop.py", line 825, in _loop
self._watch_files[fd]()
File "/usr/lib/python2.7/site-packages/urwid/raw_display.py", line 404, in
event_loop, callback, self.get_available_raw_input())
File "/usr/lib/python2.7/site-packages/urwid/raw_display.py", line 502, in parse_input
callback(processed, processed_codes)
File "/usr/lib/python2.7/site-packages/urwid/main_loop.py", line 411, in _update
self.process_input(keys)
File "/usr/lib/python2.7/site-packages/urwid/main_loop.py", line 511, in process_input
k = self._topmost_widget.keypress(self.screen_size, k)
File "/usr/lib/python2.7/site-packages/urwid/container.py", line 595, in keypress
*self.calculate_padding_filler(size, True)), key)
File "/usr/lib/python2.7/site-packages/urwid/container.py", line 1590, in keypress
key = self.focus.keypress(tsize, key)
File "/usr/lib/python2.7/site-packages/mongoaudit/widgets.py", line 220, in keypress
return self.__super.keypress(size, key)
File "/usr/lib/python2.7/site-packages/urwid/container.py", line 1590, in keypress
key = self.focus.keypress(tsize, key)
File "/usr/lib/python2.7/site-packages/urwid/decoration.py", line 622, in keypress
return self._original_widget.keypress(maxvals, key)
File "/usr/lib/python2.7/site-packages/urwid/container.py", line 1590, in keypress
key = self.focus.keypress(tsize, key)
File "/usr/lib/python2.7/site-packages/urwid/container.py", line 1590, in keypress
key = self.focus.keypress(tsize, key)
File "/usr/lib/python2.7/site-packages/mongoaudit/widgets.py", line 145, in keypress
self.next_callback()
File "/usr/lib/python2.7/site-packages/mongoaudit/widgets.py", line 184, in next
self.callbacks['next'](form=self, **(self.get_field_values()))
File "/usr/lib/python2.7/site-packages/mongoaudit/cards.py", line 198, in
if validate_email(email) else form.set_message("Invalid email address", True),
File "/usr/lib/python2.7/site-packages/mongoaudit/cards.py", line 208, in send_email
response = send_result(email, email_result, title, urn)
File "/usr/lib/python2.7/site-packages/mongoaudit/tools.py", line 91, in send_result
except (urllib2.HTTPError, urllib2.URLError) as exc:
NameError: global name 'urllib2' is not defined
Please let me know if you need anything else. Thank you.
There are missing CVEs
The latest security:
CVE-2016-6494
CVE-2016-3104
any plans to add them? or should I in a pull request?
Authentication failed
Cannot go past the 20th test on the advanced test suite as it complains about authentication when providing proper credentials, any hints on how to diagnose?
urwid crash
urwid crashes in the result screen if the terminal height is less than 24
top canvas of overlay not the size expected!(23, 0, -1, 23)
Authenticated Option Crashes When Testing CVEs (Test #18 or #19)
Traceback (most recent call last):
File "./mongoaudit", line 11, in <module>
sys.exit(main())
File "/home/rtrade/.local/lib/python2.7/site-packages/mongoaudit/__main__.py", line 64, in main
App().main()
File "/home/rtrade/.local/lib/python2.7/site-packages/mongoaudit/__main__.py", line 23, in __init__
self.main()
File "/home/rtrade/.local/lib/python2.7/site-packages/mongoaudit/__main__.py", line 58, in main
self.loop.run()
File "/home/rtrade/.local/lib/python2.7/site-packages/urwid/main_loop.py", line 286, in run
self._run()
File "/home/rtrade/.local/lib/python2.7/site-packages/urwid/main_loop.py", line 384, in _run
self.event_loop.run()
File "/home/rtrade/.local/lib/python2.7/site-packages/urwid/main_loop.py", line 788, in run
self._loop()
File "/home/rtrade/.local/lib/python2.7/site-packages/urwid/main_loop.py", line 825, in _loop
self._watch_files[fd]()
File "/home/rtrade/.local/lib/python2.7/site-packages/urwid/raw_display.py", line 404, in <lambda>
event_loop, callback, self.get_available_raw_input())
File "/home/rtrade/.local/lib/python2.7/site-packages/urwid/raw_display.py", line 502, in parse_input
callback(processed, processed_codes)
File "/home/rtrade/.local/lib/python2.7/site-packages/urwid/main_loop.py", line 411, in _update
self.process_input(keys)
File "/home/rtrade/.local/lib/python2.7/site-packages/urwid/main_loop.py", line 511, in process_input
k = self._topmost_widget.keypress(self.screen_size, k)
File "/home/rtrade/.local/lib/python2.7/site-packages/urwid/container.py", line 595, in keypress
*self.calculate_padding_filler(size, True)), key)
File "/home/rtrade/.local/lib/python2.7/site-packages/urwid/container.py", line 1590, in keypress
key = self.focus.keypress(tsize, key)
File "/home/rtrade/.local/lib/python2.7/site-packages/mongoaudit/widgets.py", line 220, in keypress
return self.__super.keypress(size, key)
File "/home/rtrade/.local/lib/python2.7/site-packages/urwid/container.py", line 1590, in keypress
key = self.focus.keypress(tsize, key)
File "/home/rtrade/.local/lib/python2.7/site-packages/urwid/decoration.py", line 622, in keypress
return self._original_widget.keypress(maxvals, key)
File "/home/rtrade/.local/lib/python2.7/site-packages/urwid/container.py", line 2271, in keypress
key = w.keypress((mc,) + size[1:], key)
File "/home/rtrade/.local/lib/python2.7/site-packages/urwid/wimp.py", line 540, in keypress
self._emit('click')
File "/home/rtrade/.local/lib/python2.7/site-packages/urwid/widget.py", line 460, in _emit
signals.emit_signal(self, name, self, *args)
File "/home/rtrade/.local/lib/python2.7/site-packages/urwid/signals.py", line 265, in emit
result |= self._call_callback(callback, user_arg, user_args, args)
File "/home/rtrade/.local/lib/python2.7/site-packages/urwid/signals.py", line 295, in _call_callback
return bool(callback(*args_to_pass))
File "/home/rtrade/.local/lib/python2.7/site-packages/mongoaudit/widgets.py", line 184, in next
self.callbacks['next'](form=self, **(self.get_field_values()))
File "/home/rtrade/.local/lib/python2.7/site-packages/mongoaudit/cards.py", line 101, in _next
self.run_test(cred, title, tester, tests)
File "/home/rtrade/.local/lib/python2.7/site-packages/mongoaudit/cards.py", line 129, in run_test
test_runner.run(self.app)
File "/home/rtrade/.local/lib/python2.7/site-packages/mongoaudit/widgets.py", line 271, in run
self.tester.run(self.each, self.end)
File "/home/rtrade/.local/lib/python2.7/site-packages/mongoaudit/testers/testers.py", line 45, in run
res = test.run()
File "/home/rtrade/.local/lib/python2.7/site-packages/mongoaudit/testers/testers.py", line 161, in run
test_result = TEST_FUNCTIONS[self.test_name](self)
File "/home/rtrade/.local/lib/python2.7/site-packages/mongoaudit/testers/testers.py", line 276, in <lambda>
"8": lambda test: TestResult(success=bool(test.tester.get_db())),
File "/home/rtrade/.local/lib/python2.7/site-packages/mongoaudit/testers/testers.py", line 130, in get_db
database.authenticate(self.cred['username'], self.cred['password'])
File "/home/rtrade/.local/lib/python2.7/site-packages/pymongo/database.py", line 1269, in authenticate
self.name)
File "/home/rtrade/.local/lib/python2.7/site-packages/pymongo/auth.py", line 107, in _build_credentials_tuple
raise ConfigurationError("%s requires a username." % (mech,))
pymongo.errors.ConfigurationError: DEFAULT requires a username.
OS:
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=18.04
DISTRIB_CODENAME=bionic
DISTRIB_DESCRIPTION="Ubuntu 18.04.1 LTS"
Mongo Version:
db version v3.6.3
git version: 9586e557d54ef70f9ca4b43c26892cd55257e1a5
OpenSSL version: OpenSSL 1.1.0g 2 Nov 2017
allocator: tcmalloc
modules: none
build environment:
distarch: x86_64
target_arch: x86_64
mongoaudit was installed with pip
Test results are not being shown in real time
Reproduction steps
Run basic test.
Expected behavior
App should navigate to results page immediately, print results asynchronously and finally let the user take actions (save/send results).
Current behavior
App does nothing for a few seconds, then navigates to results.
Add Footer to website regarding relationship with MongoDB Inc.
https://github.com/stampery/mongoaudit currently contains a footer that clarifies the tool's owner/maintainer and relationship w/ MongoDB Inc.
Please add a similar footer near the end of http://www.mongoaud.it so that both resources show the same message. Thanks!
root not recognized as an admin role
I provided mongoaudit a user that had the "root" role and, since it wasn't dbAdmin or dbOwner, it told me it was ok, but the root role contains those 2
Too many emojis in README
Error exit with "TypeError: _socket_for_writes() takes exactly 2 arguments (1 given)"
Whilst running either the basic (no-auth connection) or advanced (auth connection) tests I found mongoaudit error exit back to normal shell with this backtrace:
Traceback (most recent call last):
File ".local/bin/mongoaudit", line 10, in <module>
sys.exit(main())
File "/home/akira/.local/lib/python2.7/site-packages/mongoaudit/__main__.py", line 64, in main
App().main()
File "/home/akira/.local/lib/python2.7/site-packages/mongoaudit/__main__.py", line 23, in __init__
self.main()
File "/home/akira/.local/lib/python2.7/site-packages/mongoaudit/__main__.py", line 58, in main
self.loop.run()
File "/home/akira/.local/lib/python2.7/site-packages/urwid/main_loop.py", line 286, in run
self._run()
File "/home/akira/.local/lib/python2.7/site-packages/urwid/main_loop.py", line 384, in _run
self.event_loop.run()
File "/home/akira/.local/lib/python2.7/site-packages/urwid/main_loop.py", line 788, in run
self._loop()
File "/home/akira/.local/lib/python2.7/site-packages/urwid/main_loop.py", line 825, in _loop
self._watch_files[fd]()
File "/home/akira/.local/lib/python2.7/site-packages/urwid/raw_display.py", line 404, in <lambda>
event_loop, callback, self.get_available_raw_input())
File "/home/akira/.local/lib/python2.7/site-packages/urwid/raw_display.py", line 502, in parse_input
callback(processed, processed_codes)
File "/home/akira/.local/lib/python2.7/site-packages/urwid/main_loop.py", line 411, in _update
self.process_input(keys)
File "/home/akira/.local/lib/python2.7/site-packages/urwid/main_loop.py", line 511, in process_input
k = self._topmost_widget.keypress(self.screen_size, k)
File "/home/akira/.local/lib/python2.7/site-packages/urwid/container.py", line 595, in keypress
*self.calculate_padding_filler(size, True)), key)
File "/home/akira/.local/lib/python2.7/site-packages/urwid/container.py", line 1590, in keypress
key = self.focus.keypress(tsize, key)
File "/home/akira/.local/lib/python2.7/site-packages/mongoaudit/widgets.py", line 220, in keypress
return self.__super.keypress(size, key)
File "/home/akira/.local/lib/python2.7/site-packages/urwid/container.py", line 1590, in keypress
key = self.focus.keypress(tsize, key)
File "/home/akira/.local/lib/python2.7/site-packages/urwid/decoration.py", line 622, in keypress
return self._original_widget.keypress(maxvals, key)
File "/home/akira/.local/lib/python2.7/site-packages/urwid/container.py", line 1590, in keypress
key = self.focus.keypress(tsize, key)
File "/home/akira/.local/lib/python2.7/site-packages/urwid/container.py", line 1590, in keypress
key = self.focus.keypress(tsize, key)
File "/home/akira/.local/lib/python2.7/site-packages/mongoaudit/widgets.py", line 145, in keypress
self.next_callback()
File "/home/akira/.local/lib/python2.7/site-packages/mongoaudit/widgets.py", line 184, in next
self.callbacks['next'](form=self, **(self.get_field_values()))
File "/home/akira/.local/lib/python2.7/site-packages/mongoaudit/cards.py", line 101, in _next
self.run_test(cred, title, tester, tests)
File "/home/akira/.local/lib/python2.7/site-packages/mongoaudit/cards.py", line 129, in run_test
test_runner.run(self.app)
File "/home/akira/.local/lib/python2.7/site-packages/mongoaudit/widgets.py", line 271, in run
self.tester.run(self.each, self.end)
File "/home/akira/.local/lib/python2.7/site-packages/mongoaudit/testers/testers.py", line 45, in run
res = test.run()
File "/home/akira/.local/lib/python2.7/site-packages/mongoaudit/testers/testers.py", line 161, in run
test_result = TEST_FUNCTIONS[self.test_name](self)
File "/home/akira/.local/lib/python2.7/site-packages/mongoaudit/testers/decorators.py", line 6, in userinfo_available
return func(test) if test.tester.info else 3
File "/home/akira/.local/lib/python2.7/site-packages/mongoaudit/testers/tls.py", line 25, in enabled
with test.tester.conn._socket_for_writes() as socket_info:
TypeError: _socket_for_writes() takes exactly 2 arguments (1 given)
Environment is Ubuntu 19.10. Python 2.7.17rc1. mongoaudit installed via pip. Test connections were against a 4.2 MongoDB cluster of nodes all on localhost. Error occurs whether to a mongos or mongod. Authentication enabled but no TLS options on.
Main Overlay element crashes when it gets too high
Reproduction steps
Run basic test with header and footer being enabled.
Expected behavior
Mimic CSS' overflow: auto: clip the content, show a scroll bar and let the user scroll with up/down arrows.
Current behavior
App crashes
Fix "TODO" issue in src/testers.py
adding pyinstaller to requirements.txt
Can you add pyinstaller to requirements.txt?
It fails on default ubuntu installation, I had to run pip install pyinstaller manually
SCRAM-SHA-256 (and more)
Ready for SCRAM-SHA-256 (and more)?
Improve results page UI
Results page needs proper styling :)
Crash with KeyError: 'openssl'
Not sure if this is some dependency error or an application bug. I got this same error on Arch Linux and Debian 8.
$ ./mongoaudit-linux
Traceback (most recent call last):
File "mongoaudit", line 31, in <module>
File "src/main.py", line 62, in main
File "src/main.py", line 22, in __init__
File "src/main.py", line 57, in main
File "urwid/main_loop.py", line 278, in run
File "urwid/main_loop.py", line 376, in _run
File "urwid/main_loop.py", line 682, in run
File "urwid/main_loop.py", line 719, in _loop
File "urwid/raw_display.py", line 393, in <lambda>
File "urwid/raw_display.py", line 493, in parse_input
File "urwid/main_loop.py", line 403, in _update
File "urwid/main_loop.py", line 503, in process_input
File "urwid/container.py", line 592, in keypress
File "urwid/container.py", line 1587, in keypress
File "src/widgets.py", line 213, in keypress
File "urwid/container.py", line 1587, in keypress
File "urwid/decoration.py", line 621, in keypress
File "urwid/container.py", line 1587, in keypress
File "urwid/container.py", line 1587, in keypress
File "src/widgets.py", line 147, in keypress
File "src/widgets.py", line 183, in next
File "src/cards.py", line 90, in <lambda>
File "src/tools.py", line 41, in validate_uri
File "src/cards.py", line 90, in <lambda>
File "src/cards.py", line 110, in run_test
File "src/widgets.py", line 264, in run
File "src/testers/testers.py", line 38, in run
File "src/testers/testers.py", line 124, in run
File "src/testers/testers.py", line 211, in <lambda>
KeyError: 'openssl'
Failed to execute script mongoaudit
Bash script fails
>curl -s https://mongoaud.it/install | bash
The installation will start in a few seconds
Downloading binary...
curl: no URL specified!
curl: try 'curl --help' or 'curl --manual' for more information
Could you please fix it? Thanks
Support SSL and self-signed certs
First off, this is a great tool!
I had a couple of issues when running it, which I'll split up into two separate tickets. The first is that I was not able to connect to a DB that requires an SSL connection without making a change to testers.py#Tester#get_connection to
return pymongo.MongoClient(fqdn, port, serverSelectionTimeoutMS=1000, ssl=True, ssl_cert_reqs=ssl.CERT_NONE)
pymongo does support passing these params in the uri (see http://api.mongodb.com/python/current/examples/tls.html) but mongoaudit seems to be stripping them out.
I also found the serverSelectionTimeout of 1 ms to be too short. I'm happy to make these changes - let me know if you have a preferred approach - I would change the uri parsing so that the extra parameters are not stripped.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.