Nmap Development mailing list archives

Re: MongoDB scripts

From: Martin Holst Swende <martin () swende se>
Date: Tue, 26 Jan 2010 08:56:57 +0100

David Fifield wrote:

On Tue, Jan 19, 2010 at 09:15:00PM +0100, Martin Holst Swende wrote:

I have put together some scripts for gathering info from MongoDB.
MongoDB is a NOSQL database (http://www.mongodb.org/display/DOCS/Home )

From the home-page :

"MongoDB (from "humongous") is a scalable, high-performance, open
source, schema-free, document-oriented database. "

It runs normally over port 27017, but has no probe or matchline (no
existing probe triggers any response).

The scripts I have written are :
- bson.lua library for handling BSon (binary json) - not complete (some
data types not implemented)
- mongodb.lua library for speaking mongodb's binary protocol
- mongodb-query.nse - script which does some basic info-getting, build
info, uptime and version information.
- mongodb-get-tables.nse - script which gets tables info from the db.


Thanks, these scripts have nice output. Here are my thoughts from
looking over your code.

Is BSON used in anything besides MongoDB? If not, I think the BSON
functions should be moved into mongodb.lua so that only one new library
is added.


It is only used by MongoDB afaik. I put it in a separate library since I
thought it would be 'cleaner' that way, and perhaps other services use
it in the future. But I will move it into mongodb.lua - noone else uses
bson as of yet.

The name mongodb-query, to me, sounds like it's a script that will run a
general database query. The script really retrieves the server status
and build info. (Even though it does this, if I understand the code
correctly, by sending a couple of special queries.) I suggest renaming
this script to mongodb-info.


Ok, that is better.


And what about renaming mongodb-get-tables to mongodb-databases? It is
using the listDatabases command after all. That would fit with my
proposed name mysql-databases for a script by Patrik Karlsson.


Sure, that makes more sense.


David Fifield

P.S. For anyone else reading, this is what I did to retrieve Martin's
scripts:

hg clone http://martin.swende.se/hgwebdir.cgi/nsescripts/


(It is also possible to browse files as :
http://martin.swende.se/hgwebdir.cgi/nsescripts/file/tip/scripts/mongodb-get-tables.nse
or download raw files with :
http://martin.swende.se/hgwebdir.cgi/nsescripts/raw-file/tip/scripts/mongodb-get-tables.nse)

I have added some other scripts to that repository, that are not quite
finished yet. So if you clone it, disregard those. I am working on a
library for couchdb (couchdb lib and json lib) and some scripts for
couchdb (get info and get databases).

I will fix your comments and also fix a bit with error handling to
conform to how you usually do it (status, result = foo()).

/Martin


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

MongoDB scripts Martin Holst Swende (Jan 19)
- Re: MongoDB scripts David Fifield (Jan 25)
  - Re: MongoDB scripts Martin Holst Swende (Jan 25)
    - Re: MongoDB scripts Martin Holst Swende (Jan 27)
    - Re: MongoDB scripts David Fifield (Jan 29)
    - Re: CouchDB scripts David Fifield (Jan 29)
    - Re: CouchDB scripts Martin Holst Swende (Jan 31)
    - Re: CouchDB scripts David Fifield (Feb 01)
    - Re: CouchDB scripts David Fifield (Feb 01)
    - CouchDB and MongoDB Martin Holst Swende (Feb 03)
    - Re: CouchDB and MongoDB David Fifield (Feb 15)
    - Re: CouchDB and MongoDB Martin Holst Swende (Feb 22)
    - Re: CouchDB and MongoDB David Fifield (Feb 23)

(Thread continues...)