OAPScan – Oracle Application Server Scanner


We got an e-mail a while back about this new and apparently simple Oracle Application Server scanner.

It detects web pages, DADs (Database Access Descriptors) and test applications installed by default.

It may be useful for system hardening and pen-test.

You can download OAPScan here:

OAPScan.tar.gz

Posted in: Database Hacking, Hacking Tools

, , ,


Latest Posts:


ZigDiggity - ZigBee Hacking Toolkit ZigDiggity – ZigBee Hacking Toolkit
ZigDiggity a ZigBee Hacking Toolkit is a Python-based IoT (Internet of Things) penetration testing framework targeting the ZigBee smart home protocol.
RandIP - Network Mapper To Find Servers RandIP – Network Mapper To Find Servers
RandIP is a nim-based network mapper application that generates random IP addresses and uses sockets to test whether the connection is valid or not with additional tests for Telnet and SSH.
Nipe - Make Tor Default Gateway For Network Nipe – Make Tor Default Gateway For Network
Nipe is a Perl script to make Tor default gateway for network, this script enables you to directly route all your traffic from your computer to the Tor network.
Mosca - Manual Static Analysis Tool To Find Bugs Mosca – Manual Static Analysis Tool To Find Bugs
Mosca is a manual static analysis tool written in C designed to find bugs in the code before it is compiled, much like a grep unix command.
Slurp - Amazon AWS S3 Bucket Enumerator Slurp – Amazon AWS S3 Bucket Enumerator
Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan externally or an AWS API to scan internally.
US Government Cyber Security Still Inadequate US Government Cyber Security Still Inadequate
Surprise, surprise, surprise - an internal audit of the US Government cyber security situation has uncovered widespread weaknesses, legacy systems and poor adoption of cyber controls and tooling.


7 Responses to OAPScan – Oracle Application Server Scanner

  1. Daniel June 29, 2007 at 7:14 am #

    have you actually tested it? what platform? how does it work?

    more details please

  2. Darknet June 29, 2007 at 8:19 am #

    It’s PERL so it should work fine on both Windows and Linux, I don’t have any Oracle server or Applications here so I’m unable to test it.

  3. SN July 2, 2007 at 2:54 pm #

    Hey … this is nice. I am looking to make life really hard for my dba’s. It is better that I do it, before a real hacker does.

    -SN

  4. Sandeep Nain July 3, 2007 at 1:19 am #

    Any stats on how accurate the results are?? or teh stats on vulnerabilities found vs actual vulnerabilities

  5. Darknet July 3, 2007 at 8:47 am #

    SN sounds like a good plan :)

    Sandeep, you can try it out yourself, as we’ve said we don’t have any Oracle architecture to test with right now.

  6. john May 28, 2009 at 4:10 pm #

    Link seems broken

  7. Anonymous May 28, 2009 at 4:41 pm #

    Really? But the story is only two years old!

    Blimey Darknet, why don’t you check all of your links, every day????