Auditing Tool for MongoDB Servers (Check you're vulnerable or not ?)

MongoDB is a famous, open-source NOSQL database.Recently cyber criminals hijacking and wiping out unsecured MongoDB databases,but keeping a copy or those databases for asking administrators a ransom of some bitcoins to return the lost data.

So, as a Defender we need to secure the Public faced MongoDB instances. we need to audit those MongoDB servers and find the bugs in those instances.

Shodan -Top 5 MongoDB Versions: (Vulnerable Version 2.5 found in Top 5 )

Mongoaudit: (mongoaudit_tool)

Mongoaudit is an automated command-line testing tool for MongoDB. It looks for bad security configurations, checks version information, and determines if the instance running is vulnerable to published CVEs.

While running this mongoaudit, It can provide basic and advanced level security tests different depth. In Basic tests, we can analyze server perimeter security. In Advanced Tests, Authenticate to a MongoDB server and analyze security from inside(Authenticated Scan). After completion of security auditing it will give fantastic high-level scorecard & Detailed report of particular MongoDB instance.

Thanks Adán Sánchez de Pedro ..!!! (Building such a awesome tool)