Penetration Testing mailing list archives
Re: oracle database scanner
From: Nikhil Wagholikar <visitnikhil () gmail com>
Date: Fri, 3 Dec 2010 09:56:07 +0530
Hi Ryan, Two tools I know are as follows: 1. TNSCMD.pl - A lame tool to prod the oracle tnslsnr process. You can use the command: perl tnscmd.pl version -h <hostname or IP_Address of target> --indent This will give you lot of details including full version number of Oracle. More Info: http://www.jammed.com/~jwa/hacks/security/tnscmd/ 2. Oracle listener security check version 2.2 by Integrigy This tool is same as TNSCMD, except that it has a GUI. More Info: http://www.integrigy.com/downloads/ Note: These tools will only produce expected outputs, if: a. No ADMIN RESTRICTIONS are configured and b. No Listener password is set and c. LOCAL_OS_AUTHENTICATION is off Thank-fully, both these tools are free. Hope this helps! --- NIKHIL On 2 December 2010 07:39, Ryan Giobbi <ryan () tgbemail com> wrote:
Hello, I'm looking for a scanner that can do remote connection to an Oracle listener or the operating server running the database and pull as much information about the Oracle patch level as possible. Ideally it'd be command line or have an API. It doesn't have to be free. I appreciate any suggestions. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- oracle database scanner Ryan Giobbi (Dec 02)
- Re: oracle database scanner The Dead (Dec 03)
- Re: oracle database scanner Nikhil Wagholikar (Dec 03)
- Re: oracle database scanner Todd Hughes (Dec 03)
- RE: oracle database scanner K K Mookhey (Dec 03)
- RE: oracle database scanner Raggo Michael-TCK748 (Dec 06)
- Re: oracle database scanner Wendel Guglielmetti Henrique (Dec 17)
- Re: oracle database scanner Rorym Forums (Dec 06)
- <Possible follow-ups>
- RE: oracle database scanner Syed Khaden (Dec 06)