Database Server Vulnerability Scanner / Penetration Testing Toolkit

Scuba :

             Scuba is a free tool that scans leading enterprise databases for security vulnerabilities and configuration flaws, including patch levels. Reports deliver actionable information to quickly reduce risk, and regular vulnerability updates ensure that Scuba keeps pace with new threats.

Use Scuba to:

• Automate vulnerability discovery
• Secure infrastructure and measure compliance
• Prioritize risk and focus remediation resources
• Safely test enterprise class databases
  
  
  Download Link : https://www.imperva.com/lg/lgw.asp?pid=213  

 Safe3SI :

              is one of the most powerful and easy usage penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database,to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

 Download Link : http://sourceforge.net/projects/safe3si/files/

DBPwAudit :

                 is a Java tool that allows you to perform online audits of password quality for several database engines. The application design allows for easy adding of additional database drivers by simply copying new JDBC drivers to the jdbc directory. Configuration is performed in two files, the aliases.conf file is used to map drivers to aliases and the rules.conf tells the application how to handle error messages from the scan.

Download Link : http://www.cqure.net/tools/dbpwaudit_0_8.zip

McAfee Vulnerability Manager :

                             for Databases automatically discovers databases on your network, determines if the latest patches have been applied, and tests for common weaknesses such as weak passwords, default accounts, and other common threats. Vulnerability Manager for Databases conducts more than 4,700 vulnerability checks against leading database systems, including Oracle, SQL Server, DB2, and MySQL.

Download Link : http://www.mcafee.com/apps/downloads/free-evaluations/default.aspx?region=us&pid=15970

AppDetectivePro :

                          is a database scanner that empowers professionals to scan databases for vulnerabilities, configuration issues, weak passwords, missing patches, access control concerns, and other issues that can lead to user privilege escalation. As complex as databases are, AppDetectivePro provides a cost-effective solution to provide the following:

Download Link : http://info.appsecinc.com/WebsiteAppDEval_LandingPage.html?ldt=Eval&ls=Web%20Referral&lst=Website&ld=AppD%20Eval

SQLdict :

         is a dictionary attack tool for SQL Server. SQLdict is a basic single ip brute-force MS SQL Server password utility that can carry out a dictionary attack against a named SQL account.

        The use of this tool is simple you just specify the IP address you are attacking, the user account you are up against and then load an appropriate wordlist to try via the Load Password File button

Download Link : http://ntsecurity.nu/downloads/sqldict.exe

Oscanner : 

                is an Oracle assessment framework developed in Java. It has a plugin-based architecture and comes with a couple of plugins that currently do:

- Sid Enumeration
- Passwords tests (common & dictionary)
- Enumerate Oracle version
- Enumerate account roles
- Enumerate account privileges
- Enumerate account hashes
- Enumerate audit information
- Enumerate password policies
- Enumerate database links

Download Link :

Version 1.0.6 source oscanner_src_1_0_6.zip
Version 1.0.6 binary oscanner_bin_1_0_6.zip

Oracle Auditing Tool :

                                 Exploits some of the known vulnerabilities of Oracle. Includes SID Enumeration, Passwords tests [common/ dictionary]. Supports attachment of malformed shell codes with TCP packets for crashing the remote server or gain DBA privileges on it.

 Download Link : http://sourceforge.net/projects/oracleauditor/files/latest/download

 

Secure Oracle Auditor :

                                   is an Oracle auditing and Oracle security vulnerability assessment software which is capable of scanning multiple Oracle database servers. This Oracle security software provides Oracle audit tools, Oracle password tools, database scanner software and Oracle security tools for penetration testing.  Secure Oracle Auditor™ identifies the database security threats in Oracle database that contains significant and precious information which is essential for the organization's success.

Download Link : http://www.secure-bytes.com/register.php

Secure SQL Auditor (SQA) :

                                        is a SQL security software that conducts database server security auditing & includes vulnerability assessment tools for SQL database server. It is a network based SQL security assessment tool capable of scanning multiple database servers. Secure SQL Auditor™ performs the massive task of identifying vulnerabilities and threats present in MS SQL database server. It helps administrators in closing loopholes which provide direct access to SQL database servers and lead to monetary, reputational and informational losses.

Download Link : http://www.secure-bytes.com/register.php

VoIP Vulnerability Scanner / Penetration Testing Tool

VoIP ( Voice Over IP ) Security Assessment Tool :

  Viproy :
              Voip Penetration and Exploitation Kit is developed to improve quality of SIP penetration testing. It provides authentication and trust analysis features that assists in creating simple tests.
10 different modules with authentication support: options tester, brute forcer, enumerator, invite tester, trust analyzer, proxy and registration tester. All attacks could perform before and after authentication to fuzz SIP services and value added services.

Viproy is a tool for testing SIP servers security, the Session Initiation Protocol is widely used for voice and video calls over IP, the software comes with different modules performing specific tasks, all of the modules support debugging and verbose mode, this is a Linux only command line tool, instructions are included and it should not be difficult for a Linux beginner to understand them. - See more at: http://www.hacker10.com/tag/voip-penetration-testing/#sthash.vcWe7zby.dpuf

Viproy is a tool for testing SIP servers security, the Session Initiation Protocol is widely used for voice and video calls over IP, the software comes with different modules performing specific tasks, all of the modules support debugging and verbose mode, this is a Linux only command line tool, instructions are included and it should not be difficult for a Linux beginner to understand them. - See more at: http://www.hacker10.com/tag/voip-penetration-testing/#sthash.vcWe7zby.dpuf

Viproy is a tool for testing SIP servers security, the Session Initiation Protocol is widely used for voice and video calls over IP, the software comes with different modules performing specific tasks, all of the modules support debugging and verbose mode, this is a Linux only command line tool, instructions are included and it should not be difficult for a Linux beginner to understand them. - See more at: http://www.hacker10.com/tag/voip-penetration-testing/#sthash.vcWe7zby.dpuf

Viproy is a tool for testing SIP servers security, the Session Initiation Protocol is widely used for voice and video calls over IP, the software comes with different modules performing specific tasks, all of the modules support debugging and verbose mode, this is a Linux only command line tool, instructions are included and it should not be difficult for a Linux beginner to understand them. - See more at: http://www.hacker10.com/tag/voip-penetration-testing/#sthash.vcWe7zby.dpuf

Viproy is a tool for testing SIP servers security, the Session Initiation Protocol is widely used for voice and video calls over IP, the software comes with different modules performing specific tasks, all of the modules support debugging and verbose mode, this is a Linux only command line tool, instructions are included and it should not be difficult for a Linux beginner to understand them. - See more at: http://www.hacker10.com/tag/voip-penetration-testing/#sthash.vcWe7zby.dpuf

Video :

 More Info : http://viproy.com/voipkit/

Download Link : https://github.com/fozavci/viproy-voipkit/archive/master.zip

SIPVicious : ( Tools for auditing SIP based VoIP systems )

          SIPVicious suite is a set of tools that can be used to audit SIP based VoIP systems. It currently consists of four tools:

• svmap - this is a sip scanner. Lists SIP devices found on an IP range
• svwar - identifies active extensions on a PBX
• svcrack - an online password cracker for SIP PBX
• svreport - manages sessions and exports reports to various formats
• svcrash - attempts to stop unauthorized svwar and svcrack scans

Download Link : http://code.google.com/p/sipvicious/downloads/list

VAST : ( VIPER Assessment Security Tools )

                          VAST is a Linux-based security distribution specifically designed for pentesting VoIP and UC networks. It enables security professionals and UC administrators to rapidly perform VoIP security assessments and enumerate vulnerabilities in IP Phones or IP PBX servers in a lab environment. With VAST, a security consultant has every tool necessary to carry out a successful onsite or remote penetration test or vulnerability assessment against a UC network. VAST is built on Mint Linux 13 and includes all of the open source VIPER Lab tools, in addition to some other network pentest tools.

Download Link : http://sourceforge.net/projects/vipervast/files/

SiVuS - VoIP vulnerability scanner

                        SiVuS is the first publicly available vulnerability scanner for VoIP networks that use the SIP protocol. It provides powerful features to assess the security and robustness of VoIP implementations and it is used by VoIP product vendors, security consultants, network architects, researchers and students. We encourage our community to provide us with feedback so we can enhance the current implementation and support the efforts to strengthen the security of VoIP networks.

More Info : http://nil.uniza.sk/sip/tools/sivus-voip-vulnerability-scanner

 

Download Link : http://www.voip-security.net/index.php/downloads/security/summary/30/299

FreeSentral :

              is a full IP PBX consisting of a Linux Distribution, an IP PBX and a Web Graphical User Interface for easy configuration.

Features

• Define, group extensions
• Set dial plan
• Direct Inward Calling
• Set Auto Attendant
• Music on hold
• Short Dialing
• Set call forwarding
• Voicemail
  
  

                                   For all security audits on VoIP systems, FreeSental can make a quick and easy solution to implement. It can therefore be used as a training platform for testing VoIP vulnerabilities and issues. See here our VoIP tools collection to help you auditing and scanning.

 Download Link : http://www.freesentral.com/index.php/Download/Download

 Thanks,

RRN Technologies