By Adrian | October 11, 2019
Recently I had a few questions about what a particular Elasticsearch NoSQL Database was holding and I started poking using curl
and the json search language, and for the untrained it can be daunting. Heaps of syntax, nesting and JSON arrays. It was overwhelming at first. On the plus side, its super granular so if you know exactly what you are looking for its super quick. Well I had a problem, I wasnt 100% sure what I was looking for and merely just wanted to browse the data for you know….. “reasons”.
I came across a Elasticsearch GUI tool named Kaizen which is free to use for personal use or €99 a year for commercial use so I gave it a whirl.
No drama’s I thought, download, run it and point it at my elasticsearch instance, get data. I was wrong.
The Elasticsearch configuration I had specified in the elasticsearch.yml
file was such that it would only listen for requests coming from the localhost. I think we can all agree that this is much better than changing the configuration so that the world (0.0.0.0) can access your instance.
network.host: 127.0.0.1
Heres a few articles about exposed Elasticsearch instances to prove the point. Theres been a tonne of data exposed by exposing elasticsearch to the world.
- Unsecured Survey Database Exposes Info of 8 Million People
- ElasticSearch server exposed the personal data of over 57 million US citizens
- Misconfigured ElasticSearch Cluster Exposed Over 90 Million Records
In fact this Shodan search shows quite a lot of data available. 28k+ results as of the time of this post.
Anyway, ive digressed. The way I went about accessing this was by using a SSH tunnel via putty. The actual configuration is quite easy. As long as have SSH access to the server you can access the Elasticsearch DB.
In putty
, navigate to Connection
, SSH
, Tunnels
. Set a source port number to forward to 127.0.0.1:9200 and press Add
.
Here we say saying “Anything on this computers port 9999, send that to 127.0.0.1:9200 on the remote host” and as we have a connection to our Elasticsearch instance we can sucessfully connect and start browsing the data.
No more json queries required, although you can still work with json if you require. This application is quire fully featured. You can manipulate data. Add/remove data and indicies to your hearts content. Just be careful if working with production systems though! and if using it for commercial purposes buy a license.