Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Database service discovery

From: "JosŽé M. Palazón Romero" <josem.palazon () gmail com>
Date: Mon, 14 Jan 2008 21:12:45 +0000
bbxiong.xiao () gmail com escribió:

Hi, listers,



Any existing scan tools that can help me to get all the detail information about all database servers, could be 
specific and fast?

all information i need are

host ip,

host name(windows(2k/xp/2003/vista)/linux(ubuntu/debian/redhat/suse/)/unix(solaris/freebsd/openbsd),

host os name,

host os version,

database server name(oracle/mssql/sybase/mysql/informix/postgresql/db2),

port number,

SID(for oracle/mssql/sybase),

database server version,

and any other detailed informations.
Your tool is nmap with the vscan functionality (http://insecure.org/nmap/vscan/). That will do four you everything you asked for except the "and any other detailed informations" part. You will have to go for a vulnerability scanner or an especific tool for the database you discover. 



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: