Re: MongoDB scripts

[Martin Holst Swende <martin () swende se>]

Martin Holst Swende wrote:
> David Fifield wrote:
>   
> > On Tue, Jan 19, 2010 at 09:15:00PM +0100, Martin Holst Swende wrote:
> >     
> > > I have put together some scripts for gathering info from MongoDB.
> > > MongoDB is a NOSQL database (http://www.mongodb.org/display/DOCS/Home )
> > >
> > > > From the home-page :
> > > "MongoDB (from "humongous") is a scalable, high-performance, open
> > > source, schema-free, document-oriented database. "
> > >
> > > It runs normally over port 27017, but has no probe or matchline (no
> > > existing probe triggers any response).
> > >
> > > The scripts I have written are :
> > > - bson.lua library for handling BSon (binary json) - not complete (some
> > > data types not implemented)
> > > - mongodb.lua library for speaking mongodb's binary protocol
> > > - mongodb-query.nse - script which does some basic info-getting, build
> > > info, uptime and version information.
> > > - mongodb-get-tables.nse - script which gets tables info from the db.
> > >       
> > Thanks, these scripts have nice output. Here are my thoughts from
> > looking over your code.
> >
> > Is BSON used in anything besides MongoDB? If not, I think the BSON
> > functions should be moved into mongodb.lua so that only one new library
> > is added.
> >     
>
> It is only used by MongoDB afaik. I put it in a separate library since I
> thought it would be 'cleaner' that way, and perhaps other services use
> it in the future. But I will move it into mongodb.lua - noone else uses
> bson as of yet.
>   
I have put the Bson library code inside the mongodb library now. It
makes a pretty large file....

> > The name mongodb-query, to me, sounds like it's a script that will run a
> > general database query. The script really retrieves the server status
> > and build info. (Even though it does this, if I understand the code
> > correctly, by sending a couple of special queries.) I suggest renaming
> > this script to mongodb-info.
> >     
Done.
>   
> > And what about renaming mongodb-get-tables to mongodb-databases? It is
> > using the listDatabases command after all. That would fit with my
> > proposed name mysql-databases for a script by Patrik Karlsson.
> >     
Done. I also made error handling a bit more robust, I hope .
>   
> > David Fifield
> >
> > P.S. For anyone else reading, busis is what I did to retrieve Martin's
> > scripts:
> >
> > hg clone http://martin.swende.se/hgwebdir.cgi/nsescripts/
> >     
>
> (It is also possible to browse files as :
> http://martin.swende.se/hgwebdir.cgi/nsescripts/file/tip/scripts/mongodb-get-tables.nse
> or download raw files with :
> http://martin.swende.se/hgwebdir.cgi/nsescripts/raw-file/tip/scripts/mongodb-get-tables.nse)
>
> I have added some other scripts to that repository, that are not quite
> finished yet. So if you clone it, disregard those. I am working on a
> library for couchdb (couchdb lib and json lib) and some scripts for
> couchdb (get info and get databases).
>   
A Couchdb library and scripts is now finished(at least in alpha). It
consists of :
* json.lua - library for parsing json
* couchdb-databases.nse - script which get database info
* couchdb-get-stats.nse - script which get some runtime statistics from
the database.

Sample output is below (the bottom one may be a bit verbose - perhaps I
should compact that a bit.

The scripts can be found at the same place (or via hg pull ; hg update).
For future reference : would you rather I send files via email ?

//Martin

PORT     STATE SERVICE REASON
5984/tcp open  unknown syn-ack
| couchdb-databases: 
|   1 = test_suite_db
|   2 = test_suite_db_a
|   3 = test_suite_db/with_slashes
|   4 = moneyz
|   5 = creditcards
|   6 = test_suite_users
|_  7 = test_suite_db_b

PORT     STATE SERVICE REASON
5984/tcp open  unknown syn-ack
| couchdb-get-stats: 
|   httpd_request_methods
|     PUT
|       current = 138
|       description = number of HTTP PUT requests
|     COPY
|       current = 1
|       description = number of HTTP COPY requests
|     POST
|       current = 142
|       description = number of HTTP POST requests
|     GET
|       current = 172
|       description = number of HTTP GET requests
|     DELETE
|       current = 60
|       description = number of HTTP DELETE requests
|   couchdb
|     database_reads
|       current = 244
|       description = number of times a document was read from a database
|     request_time
|       current = 1
|       description = length of a request inside CouchDB without MochiWeb
|     database_writes
|       current = 113
|       description = number of times a database was changed
|     open_databases
|       current = 7
|       description = number of open databases
|     open_os_files
|       current = 10
|       description = number of file descriptors CouchDB has open
|   httpd_status_codes
|     500
|       current = 2
|       description = number of HTTP 500 Internal Server Error responses
|     304
|       current = 15
|       description = number of HTTP 304 Not Modified responses
|     400
|       current = 13
|       description = number of HTTP 400 Bad Request responses
|     404
|       current = 10
|       description = number of HTTP 404 Not Found responses
|     200
|       current = 310
|       description = number of HTTP 200 OK responses
|     201
|       current = 152
|       description = number of HTTP 201 Created responses
|     202
|       current = 1
|       description = number of HTTP 202 Accepted responses
|     405
|       current = 4
|       description = number of HTTP 405 Method Not Allowed responses
|   httpd
|     bulk_requests
|       current = 22
|       description = number of bulk requests
|     view_reads
|       current = 75
|       description = number of view reads
|     temporary_view_reads
|       current = 80
|       description = number of temporary view reads
|     requests
|       current = 514
|_      description = number of HTTP requests



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/