Not related to the latest MongoDB vulnerability (since it doesn't require authentication), but does anyone know of a good MongoDB honeypot? You know, one that masquerades as a real MongoDB database server and logs the login attempts while returning a "bad credentials" error? (It clearly won't be able to log the passwords because of SCRAM but anything else would be useful.)
All I could find was a logging proxy to a real MongoDB server or a MongoDB server running in a Docker image - but I don't want that.
VessOnSecurity
npub1gx…7tun6
2025-12-27 10:09:11 UTC
Author Public Key
npub1gxa39sc7wtpmatdx9rkplkplaquyug2vfhk23dl54slsnmuzf45sh7tun6Seen on
wss://relay.momostr.pinkPublished at
2025-12-27 10:09:11 UTCEvent JSON
{
"id": "e853896a842d56202bb096e4052cf9be0d0268425d10d6e894aaf4ce6d74f31c",
"pubkey": "41bb12c31e72c3beada628ec1fd83fe8384e214c4deca8b7f4ac3f09ef824d69",
"created_at": 1766830151,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/@bontchev/115790980785939427",
"web"
],
[
"proxy",
"https://infosec.exchange/users/bontchev/statuses/115790980785939427",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.exchange/users/bontchev/statuses/115790980785939427",
"pink.momostr"
],
[
"-"
]
],
"content": "Not related to the latest MongoDB vulnerability (since it doesn't require authentication), but does anyone know of a good MongoDB honeypot? You know, one that masquerades as a real MongoDB database server and logs the login attempts while returning a \"bad credentials\" error? (It clearly won't be able to log the passwords because of SCRAM but anything else would be useful.)\n\nAll I could find was a logging proxy to a real MongoDB server or a MongoDB server running in a Docker image - but I don't want that.",
"sig": "a2cd783e6aaef038bb702573ea3809a03c593ec94672cbe3db3c1c46d141881a57a5671bc3ab3fc0f5886b72783ea8d8135971cc139e0c74a0899f668c1c9fba"
}