Penetration Testing mailing list archives

Re: oracle database scanner

From: Nikhil Wagholikar <visitnikhil () gmail com>
Date: Fri, 3 Dec 2010 09:56:07 +0530

Hi Ryan,

Two tools I know are as follows:

1. TNSCMD.pl - A lame tool to prod the oracle tnslsnr process.

You can use the command: perl tnscmd.pl version -h <hostname or
IP_Address of target> --indent

This will give you lot of details including full version number of Oracle.

More Info: http://www.jammed.com/~jwa/hacks/security/tnscmd/

2. Oracle listener security check version 2.2 by Integrigy

This tool is same as TNSCMD, except that it has a GUI.

More Info: http://www.integrigy.com/downloads/

Note: These tools will only produce expected outputs, if:

a. No ADMIN RESTRICTIONS are configured and
b. No Listener password is set and
c. LOCAL_OS_AUTHENTICATION is off

Thank-fully, both these tools are free.

Hope this helps!

---
NIKHIL

On 2 December 2010 07:39, Ryan Giobbi <ryan () tgbemail com> wrote:


Hello,

I'm looking for a scanner that can do remote connection to an Oracle
listener or the operating server running the database and pull as much
information about the Oracle patch level as possible. Ideally it'd be
command line or have an API. It doesn't have to be free.

I appreciate any suggestions.

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

oracle database scanner Ryan Giobbi (Dec 02)
- Re: oracle database scanner The Dead (Dec 03)
- Re: oracle database scanner Nikhil Wagholikar (Dec 03)
- Re: oracle database scanner Todd Hughes (Dec 03)
- RE: oracle database scanner K K Mookhey (Dec 03)
- RE: oracle database scanner Raggo Michael-TCK748 (Dec 06)
  - Re: oracle database scanner Wendel Guglielmetti Henrique (Dec 17)
- Re: oracle database scanner Rorym Forums (Dec 06)
- <Possible follow-ups>
- RE: oracle database scanner Syed Khaden (Dec 06)