DBPwAudit – Database Password Auditing Tool

Find your website's Achilles' Heel


DBPwAudit is a Java database password auditing tool that allows you to perform online audits of password quality for several database engines. The application design allows for easy adding of additional database drivers by simply copying new JDBC drivers to the jdbc directory.

DBPwAudit - Database Password Auditing Tool

Configuration is performed in two files, the aliases.conf file is used to map drivers to aliases and the rules.conf tells the application how to handle error messages from the scan.

Compatibility

The tool has been tested and known to work with:

– Microsoft SQL Server 2000/2005
– Oracle 8/9/10/11
– IBM DB2 Universal Database
– MySQL

Requirements

The tool is pre-configured for these drivers but does not ship with them, due to licensing issues. The links below can be used to find some of the drivers. They should all be copied to the jdbc directory.


Links to JDBC Drivers:

MySQL
Microsoft SQL Server 2005
Microsoft SQL Server 2000
Oracle

Usage

Scan the SQL server (-s 192.168.1.130), using the specified database (-d testdb) and driver (-D MySQL) using the root username (-U root) and password dictionary (-P /usr/share/wordlists/nmap.lst):

You can download DBPwAudit here:

dbpwaudit_0_8.zip

Or read more here.


Posted in: Database Hacking, Hacking Tools, Password Cracking

, , , , , , , ,

Recent in Database Hacking:
- Securing MySQL Installation on Ubuntu 16.04 LTS
- BBQSQL – Blind SQL Injection Framework
- DBPwAudit – Database Password Auditing Tool

Related Posts:

Most Read in Database Hacking:
- Pangolin – Automatic SQL Injection Tool - 77,677 views
- bsqlbf 1.1 – Blind SQL Injection Tool - 54,609 views
- SQLBrute – SQL Injection Brute Force Tool - 41,813 views


Comments are closed.