o [NSE] Added authentication support to MongoDB library and modified existing

scripts to support it. Added the script mongodb-brute to perform password
  brute force guessing. [Patrik]

scripts/mongodb-databases.nse

@@ -29,18 +29,22 @@ Attempts to get a list of tables from a MongoDB database.
 -- |       name = admin
 -- |_  totalSize = 167772160
 
--- version 0.1
+-- version 0.2
 -- Created 01/12/2010 - v0.1 - created by Martin Holst Swende <martin@swende.se>
-
+-- Revised 01/03/2012 - v0.2 - added authentication support <patrik@cqure.net>
 
 author = "Martin Holst Swende"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
 categories = {"default", "discovery", "safe"}
 
+dependencies = {"mongodb-brute"}
+
+require "creds"
 require "mongodb"
 require "shortport"
 
 portrule = shortport.port_or_service({27017}, {"mongodb"})
+
 function action(host,port)
 
 	local socket = nmap.new_socket()
@@ -56,6 +60,19 @@ function action(host,port)
 
 	try( socket:connect(host, port) )
 	
+	-- uglyness to allow creds.mongodb to work, as the port is not recognized
+	-- as mongodb, unless a service scan was run
+	local ps = port.service
+	port.service = 'mongodb'
+	local c = creds.Credentials:new(creds.ALL_DATA, host, port)
+	for cred in c:getCredentials(creds.State.VALID + creds.State.PARAM) do
+		local status, err = mongodb.login(socket, "admin", cred.user, cred.pass)
+		if ( not(status) ) then
+			return err
+		end
+	end
+	port.service = ps
+	
 	local req, result, packet, err, status
 	--Build packet
 	status, packet = mongodb.listDbQuery()