LeakLooker : Tools to Find open databases with Shodan

at last years we see many leaks from large websites such as Amazon, Linkedin… and others, the mean reason for this leaks is misconfigured.

these misconfigured led to the penetration of entire companies, and sometimes the result were devastating companies and individual privacy.

these websites are listed on the shodan website, but to find this misconfigured website is daunting, where you can use the LeakLooker tool, which displays the unsecured database smoothly.

LeakLooker can search for databases (MongoDB, CouchDB, elasticsearch, KIBANA).

to use the tool you must obtain a paid API from shodan website, except for the kibana databases where the free API can be used.

How use LeakLooker

root@kali:~/Desktop/LeakLooker# git clone https://github.com/woj-ciech/LeakLooker.git
root@kali:~/Desktop/LeakLooker# pip install shodan
root@kali:~/Desktop/LeakLooker# pip install colorama
root@kali:~/Desktop/LeakLooker# pip install hurry.filesize

go to LeakLooker Folder to set API Key

root@kali:~/Desktop/LeakLooker# cd LeakLooker/
root@kali:~/Desktop/LeakLooker# ls
root@kali:~/Desktop/LeakLooker# leafpad leaklooker.py

search for shodan_api_key and set your API Key


now you can search for databases, for example if we want to search for mongo db database

root@kali:~/Desktop/LeakLooker# python leaklooker.py  --kibana --first 1 --last 2

–first and –last parameter , by this parameter we tell tools to search from page one to page 2.

we can search for multi databases

root@kali:~/Desktop/LeakLooker# python leaklooker.py  --kibana --couchdb --mondodb --elastic --first 1 --last 2

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More