From ee0ba1899597819c46a56e73c86ba94f366f4dc1 Mon Sep 17 00:00:00 2001 From: Steven Danneman Date: Tue, 26 Sep 2017 15:57:28 -0700 Subject: [PATCH] Add support for MongoDB service detection MongoDB listens on port 27017 and will respond to a direct TLS ClientHello without the need for STARTTLS. Thus, testssl.sh already mostly works to scan a MongoDB server. The problem is that MongoDB will also reply to an HTTP GET request with a mocked up HTTP response, which was tricking the tool into believing it was dealing with an HTTP server. The response looks like this: --- HTTP/1.0 200 OK Connection: close Content-Type: text/plain Content-Length: 84 It looks like you are trying to access MongoDB over HTTP on the native driver port. --- Thus, the detection algorith must first look for HTTP, then dig deeper into the body looking for "MongoDB". The tool output now says: Service detected: MongoDB, thus skipping HTTP specific checks --- testssl.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/testssl.sh b/testssl.sh index 7025436..e82ad3b 100755 --- a/testssl.sh +++ b/testssl.sh @@ -1398,6 +1398,8 @@ service_detection() { [[ -z "$SERVICE" ]] && head $TMPFILE | grep -aq FTP && SERVICE=FTP [[ -z "$SERVICE" ]] && head $TMPFILE | egrep -aqi "jabber|xmpp" && SERVICE=XMPP [[ -z "$SERVICE" ]] && head $TMPFILE | egrep -aqw "Jive News|InterNetNews|NNRP|INN" && SERVICE=NNTP + # MongoDB port 27017 will respond to a GET request with a mocked HTTP response + [[ "$SERVICE" == HTTP ]] && head $TMPFILE | egrep -aqw "MongoDB" && SERVICE=MongoDB debugme head -50 $TMPFILE | sed -e '//,$d' -e '//,$d' -e '/