Tutorial
5 min read
How to Find Exposed MongoDB Databases on the Internet
Discover unprotected MongoDB instances that may be leaking sensitive data.
1
Search for MongoDB instances
MongoDB runs on port 27017 by default. Search for all indexed instances.
2
Find MongoDB without authentication
Many MongoDB instances are deployed without authentication enabled.
lightbulb
Look for instances showing database names in the banner — a sign of no auth.
3
Check for ransomware indicators
MongoDB ransom attacks are common. Look for databases with ransom notes.
4
Filter by version
Find outdated MongoDB versions with known vulnerabilities.
lightbulb
MongoDB 3.x reached end of life. Upgrade to 6.x or 7.x.
shield Remediation & Hardening
- check_circle Enable authentication (--auth flag or security.authorization in config)
- check_circle Bind to localhost or specific IPs with bindIp
- check_circle Enable TLS/SSL for all connections
- check_circle Use role-based access control (RBAC)
- check_circle Enable audit logging
- check_circle Keep MongoDB updated and patched
Try It Now
Search for MongoDB across 85M+ indexed hosts — free, no registration required.
search Search MongoDBlink Related Resources
More How-To Guides
school
How to Find Exposed Redis Servers
school
How to Find Exposed Elasticsearch Clusters
school
How to Find Exposed Jenkins Servers
school
How to Find Exposed Docker APIs
school
How to Find Exposed RDP Servers
school
How to Find Exposed MySQL Databases
school
How to Find Exposed Kubernetes Clusters