OAPScan – Oracle Application Server Scanner


We got an e-mail a while back about this new and apparently simple Oracle Application Server scanner.

It detects web pages, DADs (Database Access Descriptors) and test applications installed by default.

It may be useful for system hardening and pen-test.

You can download OAPScan here:

OAPScan.tar.gz

Posted in: Database Hacking, Hacking Tools

, , ,


Latest Posts:


CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.
Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands.
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.


7 Responses to OAPScan – Oracle Application Server Scanner

  1. Daniel June 29, 2007 at 7:14 am #

    have you actually tested it? what platform? how does it work?

    more details please

  2. Darknet June 29, 2007 at 8:19 am #

    It’s PERL so it should work fine on both Windows and Linux, I don’t have any Oracle server or Applications here so I’m unable to test it.

  3. SN July 2, 2007 at 2:54 pm #

    Hey … this is nice. I am looking to make life really hard for my dba’s. It is better that I do it, before a real hacker does.

    -SN

  4. Sandeep Nain July 3, 2007 at 1:19 am #

    Any stats on how accurate the results are?? or teh stats on vulnerabilities found vs actual vulnerabilities

  5. Darknet July 3, 2007 at 8:47 am #

    SN sounds like a good plan :)

    Sandeep, you can try it out yourself, as we’ve said we don’t have any Oracle architecture to test with right now.

  6. john May 28, 2009 at 4:10 pm #

    Link seems broken

  7. Anonymous May 28, 2009 at 4:41 pm #

    Really? But the story is only two years old!

    Blimey Darknet, why don’t you check all of your links, every day????