Re: Database service discovery

From: JosŽé M. Palazón Romero (josem.palazon@gmail.com)
Date: Mon Jan 14 2008 - 16:12:45 EST


bbxiong.xiao@gmail.com escribió:
> Hi, listers,
>
>
>
> Any existing scan tools that can help me to get all the detail information about all database servers, could be specific and fast?
>
> all information i need are
>
> host ip,
>
> host name(windows(2k/xp/2003/vista)/linux(ubuntu/debian/redhat/suse/)/unix(solaris/freebsd/openbsd),
>
> host os name,
>
> host os version,
>
> database server name(oracle/mssql/sybase/mysql/informix/postgresql/db2),
>
> port number,
>
> SID(for oracle/mssql/sybase),
>
> database server version,
>
> and any other detailed informations.
>
>
>
Your tool is nmap with the vscan functionality
(http://insecure.org/nmap/vscan/). That will do four you everything you
asked for except the "and any other detailed informations" part. You
will have to go for a vulnerability scanner or an especific tool for
the database you discover.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:20 EDT