Tutorial5 min read

How to Find Exposed MongoDB Databases on the Internet

Discover unprotected MongoDB instances that may be leaking sensitive data.

1

Search for MongoDB instances

MongoDB runs on port 27017 by default. Search for all indexed instances.

product:mongodb port:27017
2

Find MongoDB without authentication

Many MongoDB instances are deployed without authentication enabled.

product:mongodb port:27017
Look for instances showing database names in the banner — a sign of no auth.
3

Check for ransomware indicators

MongoDB ransom attacks are common. Look for databases with ransom notes.

product:mongodb "READ_ME_TO_RECOVER"
4

Filter by version

Find outdated MongoDB versions with known vulnerabilities.

product:mongodb version:3
MongoDB 3.x reached end of life. Upgrade to 6.x or 7.x.

Remediation & Hardening

  • Enable authentication (--auth flag or security.authorization in config)

  • Bind to localhost or specific IPs with bindIp

  • Enable TLS/SSL for all connections

  • Use role-based access control (RBAC)

  • Enable audit logging

  • Keep MongoDB updated and patched

Try It Now

Search for MongoDB across 85M+ indexed hosts — free, no registration required.

Search MongoDB

More How-To Guides

How to Find Exposed Redis ServersHow to Find Exposed Elasticsearch ClustersHow to Find Exposed Jenkins ServersHow to Find Exposed Docker APIsHow to Find Exposed RDP ServersHow to Find Exposed MySQL DatabasesHow to Find Exposed Kubernetes Clusters