gboddin · December 15, 2020 01:32
diff --git a/probe.sh b/probe.sh
 user@leakixsyn001:~$ ulimit -n 4096 ; sudo ./ip4scout random -r 25000 -p 27017,9200|./l9tcpid service --deep-http  --max-threads=2048|pv -rabl|tee open.json|./l9explore service --explore-timeout 5s -t 2048 -l|tee leaks.json |./l9filter transform -i l9 -o human
 2020/12/15 01:28:56 selected input : l9
 2020/12/15 01:28:56 selected output :  human
 2020/12/15 01:28:56 Recommended blacklist loaded
 2020/12/15 01:28:56 30 networks in blacklist
 2020/12/15 01:28:56 Loaded 2 ports to scan
 2020/12/15 01:28:56 Using source port 7427
 2020/12/15 01:28:56 Listening!
 IP: 47.104.19.66, PORT:9200, PROTO:elasticsearch, SSL:false
 HTTP/1.1 200 OK
 content-type: application/json; charset=UTF-8
 content-length: 493

 {  "name" : "NPEZsbM",  "cluster_name" : "elasticsearch",  "cluster_uuid" : "YWOYjkWeRc6PGHDcQOw7Gw",  "version" : {    "number" : "6.3.2",    "build_flavor" : "default",    "build_type" : "tar",    "build_hash" : "053779d",    "build_date" : "2018-07-20T05:20:23.451332Z",    "build_snapshot" : false,    "lucene_version" : "7.3.1",    "minimum_wire_compatibility_version" : "5.6.0",    "minimum_index_compatibility_version" : "5.0.0"  },  "tagline" : "You Know, for Search"}
 NoAuth
 Cluster info:
 {"_nodes":{"total":1,"successful":1,"failed":0},"cluster_name":"elasticsearch","nodes":{"NPEZsbM7Q8ma9xD5keQwXg":{"name":"NPEZsbM","transport_address":"172.20.0.2:9300","host":"172.20.0.2","ip":"172.20.0.2","version":"6.3.2","build_flavor":"default","build_type":"tar","build_hash":"053779d","total_indexing_buffer":103887667,"roles":["master","data","ingest"],"attributes":{"ml.machine_memory":"16819662848","xpack.installed":"true","ml.m

 IP: 167.71.22.54, PORT:27017, PROTO:mongo, SSL:false
 HTTP/1.0 200 OK
 Connection: close
 Content-Type: text/plain
 Content-Length: 85
 It looks like you are trying to access MongoDB over HTTP on the native driver port.

 Found 1 collections:
 Found collection "system.version"


 IP: 185.65.137.161, PORT:9200, PROTO:elasticsearch, SSL:false
 HTTP/1.1 200 OK
 content-type: application/json; charset=UTF-8
 content-length: 493

 {  "name" : "DmQTRqr",  "cluster_name" : "elasticsearch",  "cluster_uuid" : "Stv9W_r0SuCIVhFqL3Jx9w",  "version" : {    "number" : "6.8.6",    "build_flavor" : "default",    "build_type" : "deb",    "build_hash" : "3d9f765",    "build_date" : "2019-12-13T17:11:52.013738Z",    "build_snapshot" : false,    "lucene_version" : "7.7.2",    "minimum_wire_compatibility_version" : "5.6.0",    "minimum_index_compatibility_version" : "5.0.0"  },  "tagline" : "You Know, for Search"}
 NoAuth
 Cluster info:
 {"_nodes":{"total":1,"successful":1,"failed":0},"cluster_name":"elasticsearch","nodes":{"DmQTRqrjRRSzVTJahxJHJw":{"name":"DmQTRqr","transport_address":"127.0.0.1:9300","host":"127.0.0.1","ip":"127.0.0.1","version":"6.8.6","build_flavor":"default","build_type":"deb","build_hash":"3d9f765","total_indexing_buffer":105630924,"roles":["master","data","ingest"],"attributes":{"ml.machine_memory":"6250135552","xpack.installed":"true","ml.max_o

 2020/12/15 01:30:02 Failed sending packet for 124.134.132.47:9200 sleeping 10 secs and resuming ...
 IP: 162.13.82.245, PORT:9200, PROTO:elasticsearch, SSL:false
 HTTP/1.1 200 OK
 content-type: application/json; charset=UTF-8
 content-length: 328

 {  "name" : "TvsoOX3",  "cluster_name" : "elasticsearch",  "cluster_uuid" : "v1amRp6qT2uTs-xkFNzDkg",  "version" : {    "number" : "5.6.15",    "build_hash" : "fe7575a",    "build_date" : "2019-02-13T16:21:45.880Z",    "build_snapshot" : false,    "lucene_version" : "6.6.1"  },  "tagline" : "You Know, for Search"}
 NoAuth
 Cluster info:
 {"_nodes":{"total":1,"successful":1,"failed":0},"cluster_name":"elasticsearch","nodes":{"TvsoOX3pRtGYMJpCQGIEuQ":{"name":"TvsoOX3","transport_address":"127.0.0.1:9300","host":"127.0.0.1","ip":"127.0.0.1","version":"5.6.15","build_hash":"fe7575a","total_indexing_buffer":315149516,"roles":["master","data","ingest"],"settings":{"client":{"type":"node"},"cluster":{"name":"elasticsearch"},"http":{"host":"0.0.0.0","type":{"default":"netty4"}},"node":{"name":"TvsoOX3"},"path":{"logs":"/usr/share/elasticsearch/logs","home":"/usr/share/elasticsearch"},"transport":{"type":{"default":"netty4"}}},"os":{"r

 IP: 59.124.157.103, PORT:27017, PROTO:mongo, SSL:false
 HTTP/1.0 200 OK
 Connection: close
 Content-Type: text/plain
 Content-Length: 85
 It looks like you are trying to access MongoDB over HTTP on the native driver port.

 Found 1 collections:
 Found collection "system.version"


 IP: 8.129.145.160, PORT:27017, PROTO:mongo, SSL:false
 HTTP/1.0 200 OK
 Connection: close
 Content-Type: text/plain
 Content-Length: 85
 It looks like you are trying to access MongoDB over HTTP on the native driver port.

 Found 2 collections:
 Found collection "system.users"
 Found collection "system.version"
	user@leakixsyn001:~$ ulimit -n 4096 ; sudo ./ip4scout random -r 25000 -p 27017,9200\|./l9tcpid service --deep-http --max-threads=2048\|pv -rabl\|tee open.json\|./l9explore service --explore-timeout 5s -t 2048 -l\|tee leaks.json \|./l9filter transform -i l9 -o human
	2020/12/15 01:28:56 selected input : l9
	2020/12/15 01:28:56 selected output : human
	2020/12/15 01:28:56 Recommended blacklist loaded
	2020/12/15 01:28:56 30 networks in blacklist
	2020/12/15 01:28:56 Loaded 2 ports to scan
	2020/12/15 01:28:56 Using source port 7427
	2020/12/15 01:28:56 Listening!
	IP: 47.104.19.66, PORT:9200, PROTO:elasticsearch, SSL:false
	HTTP/1.1 200 OK
	content-type: application/json; charset=UTF-8
	content-length: 493

	{ "name" : "NPEZsbM", "cluster_name" : "elasticsearch", "cluster_uuid" : "YWOYjkWeRc6PGHDcQOw7Gw", "version" : { "number" : "6.3.2", "build_flavor" : "default", "build_type" : "tar", "build_hash" : "053779d", "build_date" : "2018-07-20T05:20:23.451332Z", "build_snapshot" : false, "lucene_version" : "7.3.1", "minimum_wire_compatibility_version" : "5.6.0", "minimum_index_compatibility_version" : "5.0.0" }, "tagline" : "You Know, for Search"}
	NoAuth
	Cluster info:
	{"_nodes":{"total":1,"successful":1,"failed":0},"cluster_name":"elasticsearch","nodes":{"NPEZsbM7Q8ma9xD5keQwXg":{"name":"NPEZsbM","transport_address":"172.20.0.2:9300","host":"172.20.0.2","ip":"172.20.0.2","version":"6.3.2","build_flavor":"default","build_type":"tar","build_hash":"053779d","total_indexing_buffer":103887667,"roles":["master","data","ingest"],"attributes":{"ml.machine_memory":"16819662848","xpack.installed":"true","ml.m

	IP: 167.71.22.54, PORT:27017, PROTO:mongo, SSL:false
	HTTP/1.0 200 OK
	Connection: close
	Content-Type: text/plain
	Content-Length: 85
	It looks like you are trying to access MongoDB over HTTP on the native driver port.

	Found 1 collections:
	Found collection "system.version"


	IP: 185.65.137.161, PORT:9200, PROTO:elasticsearch, SSL:false
	HTTP/1.1 200 OK
	content-type: application/json; charset=UTF-8
	content-length: 493

	{ "name" : "DmQTRqr", "cluster_name" : "elasticsearch", "cluster_uuid" : "Stv9W_r0SuCIVhFqL3Jx9w", "version" : { "number" : "6.8.6", "build_flavor" : "default", "build_type" : "deb", "build_hash" : "3d9f765", "build_date" : "2019-12-13T17:11:52.013738Z", "build_snapshot" : false, "lucene_version" : "7.7.2", "minimum_wire_compatibility_version" : "5.6.0", "minimum_index_compatibility_version" : "5.0.0" }, "tagline" : "You Know, for Search"}
	NoAuth
	Cluster info:
	{"_nodes":{"total":1,"successful":1,"failed":0},"cluster_name":"elasticsearch","nodes":{"DmQTRqrjRRSzVTJahxJHJw":{"name":"DmQTRqr","transport_address":"127.0.0.1:9300","host":"127.0.0.1","ip":"127.0.0.1","version":"6.8.6","build_flavor":"default","build_type":"deb","build_hash":"3d9f765","total_indexing_buffer":105630924,"roles":["master","data","ingest"],"attributes":{"ml.machine_memory":"6250135552","xpack.installed":"true","ml.max_o

	2020/12/15 01:30:02 Failed sending packet for 124.134.132.47:9200 sleeping 10 secs and resuming ...
	IP: 162.13.82.245, PORT:9200, PROTO:elasticsearch, SSL:false
	HTTP/1.1 200 OK
	content-type: application/json; charset=UTF-8
	content-length: 328

	{ "name" : "TvsoOX3", "cluster_name" : "elasticsearch", "cluster_uuid" : "v1amRp6qT2uTs-xkFNzDkg", "version" : { "number" : "5.6.15", "build_hash" : "fe7575a", "build_date" : "2019-02-13T16:21:45.880Z", "build_snapshot" : false, "lucene_version" : "6.6.1" }, "tagline" : "You Know, for Search"}
	NoAuth
	Cluster info:
	{"_nodes":{"total":1,"successful":1,"failed":0},"cluster_name":"elasticsearch","nodes":{"TvsoOX3pRtGYMJpCQGIEuQ":{"name":"TvsoOX3","transport_address":"127.0.0.1:9300","host":"127.0.0.1","ip":"127.0.0.1","version":"5.6.15","build_hash":"fe7575a","total_indexing_buffer":315149516,"roles":["master","data","ingest"],"settings":{"client":{"type":"node"},"cluster":{"name":"elasticsearch"},"http":{"host":"0.0.0.0","type":{"default":"netty4"}},"node":{"name":"TvsoOX3"},"path":{"logs":"/usr/share/elasticsearch/logs","home":"/usr/share/elasticsearch"},"transport":{"type":{"default":"netty4"}}},"os":{"r

	IP: 59.124.157.103, PORT:27017, PROTO:mongo, SSL:false
	HTTP/1.0 200 OK
	Connection: close
	Content-Type: text/plain
	Content-Length: 85
	It looks like you are trying to access MongoDB over HTTP on the native driver port.

	Found 1 collections:
	Found collection "system.version"


	IP: 8.129.145.160, PORT:27017, PROTO:mongo, SSL:false
	HTTP/1.0 200 OK
	Connection: close
	Content-Type: text/plain
	Content-Length: 85
	It looks like you are trying to access MongoDB over HTTP on the native driver port.

	Found 2 collections:
	Found collection "system.users"
	Found collection "system.version"