/LeakLooker

Find open databases - Powered by Binaryedge.io

LeakLooker - Powered by Binaryedge.io

Find open databases/services

GUI https://www.offensiveosint.io/leaklooker-gui-discover-browse-and-monitor-database-source-code-leaks/ https://github.com/woj-ciech/LeakLooker-X

New version supports:

  • Elasticsearch
  • CouchDB
  • MongoDB
  • Gitlab
  • Rsync
  • Jenkins
  • Sonarqube
  • Kibana
  • CassandraDB
  • RethinkDB
  • Directory listing
  • Amazon S3

and custom query.

Queries:

https://docs.binaryedge.io/api-v2/

Background: https://www.offensiveosint.io/leaklooker-find-open-databases-in-seconds/ https://www.offensiveosint.io/fun-with-amazon-s3-leaks-and-bucket-takeover-attack/ https://www.offensiveosint.io/leaklooker-v2-find-more-open-servers-and-source-code-leaks/ https://www.offensiveosint.io/leaklooker-part-3-dna-samples-internal-files-and-more/

Requirements:

Python 3 & Binaryedge API

Paste your BinaryEdge API key in line 113

pip3 install colorama
pip3 install hurry.filesize
pip3 install beautifulsoup4
pip3 install pybinaryedge
pip install -r requirements.txt

Usage

(venv) root@kali:~/PycharmProjects/LeakLooker# python leaklooker.py -h

         ,
         )\
        /  \
       '  # '
       ',  ,'
         `'

         ,
         )\
        /  \
       '  ~ '
       ',  ,'
         `'
LeakLooker - Find open databases - Powered by Binaryedge.io
https://medium.com/@woj_ciech https://github.com/woj-ciech/
Example: python leaklooker.py --mongodb --couchdb --kibana --elastic --first 21 --last 37
usage: leaklooker.py [-h] [--elastic] [--couchdb] [--mongodb] [--gitlab]
                     [--rsync] [--jenkins] [--sonarqube] [--query QUERY]
                     [--cassandra] [--rethink] [--listing] [--kibana]
                     [--s3asia] [--s3usa] [--s3europe] [--first FIRST]
                     [--last LAST]

optional arguments:
  -h, --help     show this help message and exit
  --elastic      Elastic search (default: False)
  --couchdb      CouchDB (default: False)
  --mongodb      MongoDB (default: False)
  --gitlab       Gitlab (default: False)
  --rsync        Rsync (default: False)
  --jenkins      Jenkins (default: False)
  --sonarqube    SonarQube (default: False)
  --query QUERY  Additional query or filter for BinaryEdge (default: )
  --cassandra    Cassandra DB (default: False)
  --rethink      Rethink DB (default: False)
  --listing      Listing directory (default: False)
  --kibana       Kibana (default: False)
  --s3asia       Amazon s3 s3.ap-southeast-1 (default: False)
  --s3usa        Amazon s3 s3.ap-southeast-1 (default: False)
  --s3europe     Amazon s3 s3.ap-southeast-1 (default: False)

Pages:
  --first FIRST  First page (default: None)
  --last LAST    Last page (default: None)

You need to specify first and last page

Example

Search for RethinkDB and listing directory in pages from 21 to 37

root@kali:~/PycharmProjects/LeakLooker# python leaklooker.py --rethink --listing --first 21 --last 37
----------------------------------Listing directory - Page 21--------------------------------
https://[REDACTED]:6666
Product: Apache httpd
Hostname: localhost
[REDACTED]/
[REDACTED]/
[REDACTED]/
[REDACTED]/
[REDACTED]/
-----------------------------
https://[REDACTED]:6666
Product: MiniServ
-----------------------------
https://[REDACTED]:6666
Product: Apache httpd
[REDACTED]/
[REDACTED]/
[REDACTED].html
[REDACTED]/
[REDACTED].css
[REDACTED]/
[REDACTED]/
[REDACTED]/
favicon.ico
-----------------------------
https://[REDACTED]:6666
Product: Apache httpd
[REDACTED]/
[REDACTED]/
[REDACTED]/
[REDACTED]..>
[REDACTED]/
[REDACTED]..>
[REDACTED]/
----------------------------------Rethink DB - Page 21--------------------------------
ReQL: [REDACTED]:28015
HTTP Admin: http://[REDACTED]:8080
Hostname: [REDACTED]
Version: rethinkdb 2.3.6~0trusty (GCC 4.8.2)
Name: [REDACTED]
Database: [REDACTED]
Tables: 
Database: rethinkdb
Tables: 
cluster_config
current_issues
db_config
jobs
logs
permissions
server_config
server_status
stats
table_config
table_status
users
Database: [REDACTED]
Tables: 
-----------------------------
ReQL: [REDACTED]:28015
HTTP Admin: http://[REDACTED]:8080
Hostname: [REDACTED]
Version: rethinkdb 2.3.6~0jessie (GCC 4.9.2)
Name: [REDACTED]
Database: [REDACTED]
Tables: 
Database: rethinkdb
Tables: 
cluster_config
current_issues
db_config
jobs
logs
permissions
server_config
server_status
stats
table_config
table_status
users
Database: settings
Tables: 
-----------------------------

Search for Jenkins, Gitlab in Uruguay (Country code is UY) on pages from 1 to 2

root@kali:~/PycharmProjects/LeakLooker# python leaklooker.py --jenkins --gitlab --first 1 --last 2 --query "country:UY"
----------------------------------GitLab - Page 1--------------------------------
Total results: 13
https://[REDACTED]:443
GitLab Community Edition
Registration is open
-----------------------
https://[REDACTED]:443
Registration is closed. Check public repositories. https://164.73.232.10:443/explore
-----------------------
https://[REDACTED]:443
Registration is closed. Check public repositories. https://190.64.138.5:443/explore
-----------------------
https://[REDACTED]:443
GitLab Community Edition
Registration is open
[...]
----------------------------------Jenkins - Page 1--------------------------------
Total results: 6501
http://[REDACTED]:443
Executors
Windows
(master)
Jobs
-----------------------------
http://[REDACTED]:443
Executors
Jobs
-----------------------------
http://[REDACTED]:443
Executors
Jobs
[REDACTED]
[REDACTED]

Search for mongoDB and Elasticsearch with keyword "medical" only on first page

root@kali:~/PycharmProjects/LeakLooker# python leaklooker.py --mongo --elastic --first 1 --last 2 --query "medical"

Additional

Tool has been made for educational purposes only. I'm not responsible for any damage caused. Don't be evil.