Auditing an Oracle database for security issues is very important. provides all of the information and tools that you will need Click here for details of Limited's detailed Oracle database security audit service Click here for details of Limited's Oracle Security Training Courses
There are 49 visitors online    
Cookie Policy:We only use essential cookies on small sections of this website. For details see here.

Pete Finnigan's Oracle security weblog

Home » Archives » April 2007 » Oracle Assessment Toolkit

[Previous entry: "3 new papers on Oracle forensics"] [Next entry: "A new Oracle Security Apprentice?"]

Oracle Assessment Toolkit

April 9th, 2007 by Pete

David has released an Oracle Assessment Toolkit on his website. This is a set of tools compiled into binaries that also include the C source code. The real gem is the fact that David has included a C source TNS library. The whole OAK zip is beta so dont expect everything to be perfect and complete, david has said he will complete it, let give him chance.

The kit includes a tool to get oracle versions (this can be seen in the OHH as well for explanations), a tool to enumerate users in a database without authenticating. A password brute force tool, a tool to retrieve the SID's from the listener, a tool to guess SID's and an example of the Jan 2006 CPU DB18 AUTH_ALTER_SESSION hack.

Worth downloading and also keeping an eye on for fixes and updates.

April 2007

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

Weblog Home
Weblog Archives

Oracle Security Tools page
Oracle security papers
Oracle Security alerts

Web Development
SQL Server Security

Atom 0.3 FEED
Powered by gm-rss 2.0.0

Valid XHTML 1.0!