Penetration Testing mailing list archives
Re: Open Source Database Auditing
From: Marco Ivaldi <raptor () mediaservice net>
Date: Fri, 11 May 2007 13:06:34 +0200 (ora solare Europa occidentale)
On Thu, 10 May 2007, holstein.robert () bls gov wrote:
Hey all.I'm looking for open source database vulnerability assessment and penetration testing tools. Tips and techniques, and any related documentation would also be helpful. This is specific to Oracle9i-10G, but I would welcome input for any other DB's as well.
First of all, here are some useful on-line resources: - http://www.databasesecurity.com/ - http://www.ngssoftware.com/ - http://www.petefinnigan.com/ - http://www.red-database-security.com/ - http://www.pentest.co.uk/ - http://www.milw0rm.com/related.php?program=Oracle Then a couple of _great_ books: - The Database Hacker's Handbook by V.A. - The Oracle Hacker's Handbook by David Litchfield And, finally, the (free) tools of the trade: - Scanners OAPScan.tar.gz OraSecurityChk.zip OracSec.v.1.4.zip SIDGuesser_win32_1_0_5.zip bfora.pl dbcool_audit.pl fileprobe.sh metacoretex-0.8.0.tar.gz oak.zip oat-binary-1.3.1.tgz oat-source-1.3.1.zip oraprobe.sh oscanner_bin_1_0_6.tgz oscanner_src_1_0_6.zip osp_accounts_public.zip secscan.html - TNS Listener OracleTNSLSNR.exe WinSID.zip getsids-src-0.0.1.tar.gz getsids-win32bin-0.0.1.zip lsnrcheck.exe sidguess.zip tns-advisory.txt tnscmd-doc.html tnscmd.pl tnsprobe.sh - Password Crackers bob-the-butcher-0.7.1.tar.gz hashattack-0.2.0.tgz orabf-v0.7.6.zip oracle_checkpwd_big.zip oracle_checkpwd_linux_static.tar.gz oracle_fmt.c oracletest.pl pass_cracker.zip - Fuzzers oldfuzzer.py oldfuzzer.txt - Miscellaneous ocispy8i-0.2.6.zip ocispy8i-0.2.8-i386-linux.tar.gz p6spy-install.zip toad.txt - Misc. PL/SQL scripts from the aforementioned on-line resourcesThere's more around, but i believe this to be a good starting point already;) For all the rest, as usual Google is your friend...
Cheers, -- Marco Ivaldi, OPST Chief Security Officer Data Security Division @ Mediaservice.net Srl http://mediaservice.net/ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
Current thread:
- Open Source Database Auditing holstein . robert (May 10)
- Re: Open Source Database Auditing SD List (May 10)
- Re: Open Source Database Auditing James Patterson (May 10)
- Re: Open Source Database Auditing SD List (May 11)
- Re: Open Source Database Auditing Clint P. Garrison MBA, CISSP, QSA (May 10)
- Re: Open Source Database Auditing Joxean Koret (May 10)
- Re: Open Source Database Auditing Marco Ivaldi (May 11)
- <Possible follow-ups>
- Re: Re: Open Source Database Auditing toggmeister (May 11)