tnscmd10g

tnscmd10g is designed to interact with Oracle TNS listeners by sending specific CONNECT_DATA commands to probe the service. The tool targets the tnslsnr process typically running on TCP port 1521, allowing security researchers to gather information about Oracle database servers.

Common use cases include version enumeration, service status checking, and basic connectivity testing (ping). It reveals details like TNS listener version, platform information, and protocol adapters without requiring authentication, making it valuable for reconnaissance during database assessments.

The tool supports customization through various flags for port specification, logging raw packets, formatting output, and advanced options like faking command sizes to detect packet leakage or compatibility with 10G versions.

tnscmd10g constructs and sends TNS protocol packets to the target host on port 1521/tcp (configurable). It builds CONNECT_DATA structures with specified commands (version, ping, status, etc.) wrapped in TNS formatting. The tool writes the packet, reads the response from the tnslsnr process, and displays raw or formatted output showing version numbers, error codes, and service details. Options like --rawcmd allow custom CONNECT_DATA strings, while --cmdsize fakes packet lengths to test for information leakage.