|
||
|
Title: Inventory dbs Post by Pete Finnigan on Jun 14th, 2006, 4:10pm I'm currently making an inventory of every database in our large network (to catch rogue dbs etc.) I've been scanning for certain ports and doing manual legwork to discover the dbs, but I'm looking for a more automatic way. I successfully used SQLRecon to find many mssql dbs. However, we have a variety of dbs (Oracle, Sybase, db2, MySql, etc). Any similar program to scan (and nicely log ;D ) the remaining dbs would be a god-send. I'm not looking as much for Vulnerability scanning (like AppDetective) as I am for cost effectiveness and simplicity. Thanks for your time, any help would be appreciated. -Will |
||
|
Title: Re: Inventory dbs Post by Pete Finnigan on Jun 19th, 2006, 1:09pm Hi, I am not aware of any free tools that scan specifically for Oracle databases other than the simple shell scripts written by Tim Gorman. You will find links on my tools page. These are not comprehensive and would need to be modified to scan whole subnets as you require. A better approach is to use the techniques that pentesters use and scan for hosts using tools such as nmap using ping (or less visible) sweeps. Then you can use a tool such as amap to scan the ports on each machine and identify live databases. nmap also i believe now has the same application / service identification features as amap. cheers Pete |
||
|
Powered by YaBB 1 Gold - SP 1.4! Forum software copyright © 2000-2004 Yet another Bulletin Board |