Re: oracle-sid-brute.nse

[David Fifield <david () bamsoftware com>]

On Sat, Dec 12, 2009 at 11:27:21AM +0100, Patrik Karlsson wrote:
> I have created a script that attempts to guess valid Oracle instance
> names by using a dictionary. It can be run with an argument specifying
> the dictionary to use or using the default dictionary (supplied in the
> zip).
>
> As always any pointers on improvement, comments and suggestions are
> most welcome. The zip-archive containing the script and default
> dictionary file can be downloaded on my blog:

This looks good. Do we (the Nmap project) have permission do distribute
the SIDs list, which as you write on your web page, comes from
http://www.red-database-security.com/scripts/sid.txt?

Instead of using a file_exists function to check for the SIDs database,
you can just open the file with io.open and then iterate over the lines
with the lines method of the file object.

http://www.lua.org/manual/5.1/manual.html#pdf-file:lines

(As opposed to using io.lines, which both opens the file and creates an
iterator.)

About how long does the script take to run against a single host?

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/