SIDGuesser

SIDGuesser is a tool designed to guess SIDs (System Identifier) and instances against Oracle databases. It uses a dictionary file containing potential SID values to perform brute-force attacks on the target server. The tool is particularly useful for penetration testers and security researchers assessing the security of Oracle database configurations where default or predictable SIDs are in use.

Use cases include identifying weak SID configurations during vulnerability assessments of Oracle database servers. By systematically trying dictionary entries, it can discover valid SIDs without requiring advanced privileges or complex exploits. The tool supports interactive controls during the attack, such as viewing statistics with spacebar or quitting with Q.

Despite its slow speed, SIDGuesser reliably completes the job for dictionary-based guessing, making it suitable for targeted attacks rather than high-volume brute-forcing.

SIDGuesser connects to an Oracle database server on the specified IP and port (default 1521) and attempts to guess SIDs or instances by trying entries from a provided dictionary file one by one. It operates at a rate of 80-100 guesses per second, sending requests to the Oracle TNS listener to validate each guess. Modes like 'findfirst' or 'findall' control whether it stops at the first match or continues through the dictionary. Progress stats are available interactively during execution.