Oscanner
Oscanner is an Oracle assessment framework developed in Java with a plugin-based architecture. It performs various enumeration tasks including SID enumeration, password tests, version detection, account roles, privileges, hashes, audit information, password policies, and database links.
Description
Oscanner is designed for assessing Oracle database servers through a plugin-based architecture. It comes with plugins that enable comprehensive enumeration of Oracle database configurations and security settings. The tool presents results in a graphical Java tree interface, making it easier to visualize findings.
Use cases include penetration testing of Oracle databases, security audits, and vulnerability assessments. It is particularly useful for identifying weak passwords, enumerating sensitive account information, and discovering database links and policies that could be exploited.
The framework requires Java runtime environment and is installed via Kali Linux package manager. It supports scanning individual servers or lists, with options for verbosity and custom service files.
How It Works
Oscanner operates as a Java-based framework that connects to Oracle database servers on specified ports, typically 1040 or default Oracle ports. It uses plugins to perform specific enumeration techniques: SID guessing, common/dictionary password brute-forcing, TNS listener queries for version and service details, and privilege/role extraction via valid connections. Results from these probes are compiled into a graphical Java tree structure for analysis.
Installation
sudo apt install oscannerFlags
Examples
oscanner -s 192.168.1.15 -P 1040oscanner -s 192.168.1.15oscanner -f serverlist.txt -P 1040oscanner -s 192.168.1.15 -r report.xmloscanner -s 192.168.1.15 -voscanner -s 192.168.1.15 -P 1521 -voscanner -f servers.txt -r output.xml -v