Documentation
¶
Overview ¶
Package mongodb provides MongoDB penetration testing functionality
Index ¶
- func PerformAuth(ctx context.Context, target string, config *mongodbfern.PentestMongodbConfig) (*pentestfern.AuthResult, error)
- func PerformProbe(ctx context.Context, target string, config *mongodbfern.PentestMongodbConfig) (*mongodbfern.ProbeResult, error)
- func PerformQuery(ctx context.Context, target string, client *mongo.Client, ...) (*mongodbfern.QueryResult, error)
- func RunPentest(ctx context.Context, config *mongodbfern.PentestMongodbConfig) (*mongodbfern.PentestMongodbReport, error)
- type Target
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func PerformAuth ¶
func PerformAuth(ctx context.Context, target string, config *mongodbfern.PentestMongodbConfig) (*pentestfern.AuthResult, error)
PerformAuth tests each username+password combination against MongoDB and returns an AuthResult. On the first successful authentication (when StopFirstSuccess is set), it stops early.
func PerformProbe ¶
func PerformProbe(ctx context.Context, target string, config *mongodbfern.PentestMongodbConfig) (*mongodbfern.ProbeResult, error)
PerformProbe connects anonymously to a MongoDB server, retrieves build information, and checks whether unauthenticated access to databases is permitted.
func PerformQuery ¶
func PerformQuery(ctx context.Context, target string, client *mongo.Client, config *mongodbfern.PentestMongodbConfig) (*mongodbfern.QueryResult, error)
PerformQuery executes find() queries on each database/collection accessible via the provided client. Only read operations are supported. Documents are serialized as JSON strings.
func RunPentest ¶
func RunPentest(ctx context.Context, config *mongodbfern.PentestMongodbConfig) (*mongodbfern.PentestMongodbReport, error)
RunPentest performs MongoDB pentest operations using a phased approach: PROBE (always) -> AUTH -> QUERY based on requested actions.
Source Files