Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Database service discovery
From: "JosŽé M. Palazón Romero" <josem.palazon () gmail com>
Date: Mon, 14 Jan 2008 21:12:45 +0000

bbxiong.xiao () gmail com escribió:
Hi, listers,



Any existing scan tools that can help me to get all the detail information about all database servers, could be 
specific and fast?

all information i need are

host ip,

host name(windows(2k/xp/2003/vista)/linux(ubuntu/debian/redhat/suse/)/unix(solaris/freebsd/openbsd),

host os name,

host os version,

database server name(oracle/mssql/sybase/mysql/informix/postgresql/db2),

port number,

SID(for oracle/mssql/sybase),

database server version,

and any other detailed informations.


Your tool is nmap with the vscan functionality (http://insecure.org/nmap/vscan/). That will do four you everything you asked for except the "and any other detailed informations" part. You will have to go for a vulnerability scanner or an especific tool for the database you discover.



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]