Skip to main content

Elasticsearch Pentesting

Default Port: 9200

Elasticsearch is a search and analytics engine. As a distributed, JSON-based search and analytics engine, Elasticsearch provides fast search speeds, complex querying, and large-scale data storage capabilities.

Elasticsearch is commonly used to search, analyze, and visualize data with uncertain or complex structures, such as text, numerical data, and time-series data.


Connecting to Elasticsearch

curl -X GET "<target-ip>:<target-port>"

Kibana Interface

You can use tools like Kibana to explore and manage Elasticsearch.


Identifying an Elasticsearch Server

You can determine the presence of an Elasticsearch server using Nmap:

nmap -p 9200 X.X.X.X

HTTP Banner Grabbing

nc -nv X.X.X.X 9200


Elasticsearch Cluster Information

To get Elasticsearch cluster information, you can use the following command:

curl -X GET "<target-ip>:<target-port>/_cluster/health?pretty"

Listing Elasticsearch Indices

curl -X GET "<target-ip>:<target-port>/_cat/indices?v"

Attack Vectors

Default Credentials

Check for default credentials or weak authentication configurations.

Unauthorized Access

Search for Elasticsearch targets and gain unauthorized access.

Data Breach

Gain access to sensitive data by unauthorized access to the Elasticsearch server.


Common Elasticsearch Commands

curl -X GET "<target-ip>:<target-port>"Sends an HTTP GET request to the Elasticsearch server.
curl -X PUT "<target-ip>:<target-port>"Sends an HTTP PUT request to the Elasticsearch server.
curl -X DELETE "<target-ip>:<target-port>"Sends an HTTP DELETE request to the Elasticsearch server.