Scuba :
Scuba is a free tool that scans leading enterprise databases for
security vulnerabilities and configuration flaws, including patch
levels. Reports deliver actionable information to quickly reduce risk,
and regular vulnerability updates ensure that Scuba keeps pace with new
threats.
Use Scuba to:
- Automate vulnerability discovery
- Secure infrastructure and measure compliance
- Prioritize risk and focus remediation resources
- Safely test enterprise class databases
Download Link : https://www.imperva.com/lg/lgw.asp?pid=213
Safe3SI :
is one of the most powerful and easy usage penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database,to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
Download Link : http://sourceforge.net/projects/safe3si/files/
DBPwAudit :
is a Java tool that allows you to perform online audits of
password quality for several database engines. The application design
allows for easy adding of additional database drivers by simply copying
new JDBC drivers to the jdbc directory. Configuration is performed in
two files, the aliases.conf file is used to map drivers to aliases and
the rules.conf tells the application how to handle error messages from
the scan.
Download Link : http://www.cqure.net/tools/dbpwaudit_0_8.zip
McAfee Vulnerability Manager :
for Databases automatically discovers
databases on your network, determines if the latest patches have been
applied, and tests for common weaknesses such as weak passwords, default
accounts, and other common threats. Vulnerability Manager for Databases
conducts more than 4,700 vulnerability checks against leading database
systems, including Oracle, SQL Server, DB2, and MySQL.
Download Link : http://www.mcafee.com/apps/downloads/free-evaluations/default.aspx?region=us&pid=15970
AppDetectivePro :
is a database scanner that empowers professionals to
scan databases for vulnerabilities, configuration issues, weak
passwords, missing patches, access control concerns, and other issues
that can lead to user privilege escalation. As complex as databases
are, AppDetectivePro provides a cost-effective solution to provide the
following:
Download Link : http://info.appsecinc.com/WebsiteAppDEval_LandingPage.html?ldt=Eval&ls=Web%20Referral&lst=Website&ld=AppD%20Eval
SQLdict :
is a dictionary attack tool for SQL Server. SQLdict is a basic single ip brute-force MS SQL
Server password utility that can carry out a dictionary attack against a
named SQL account.
The use of this tool is simple you just specify the IP address you are
attacking, the user account you are up against and then load an
appropriate wordlist to try via the Load Password File button
Download Link : http://ntsecurity.nu/downloads/sqldict.exe
Oscanner :
is an Oracle assessment framework developed in Java. It has a
plugin-based architecture and comes with a couple of plugins that
currently do:
- Sid Enumeration
- Passwords tests (common & dictionary)
- Enumerate Oracle version
- Enumerate account roles
- Enumerate account privileges
- Enumerate account hashes
- Enumerate audit information
- Enumerate password policies
- Enumerate database links
Download Link :
Version 1.0.6 source oscanner_src_1_0_6.zip
Version 1.0.6 binary oscanner_bin_1_0_6.zip
Oracle Auditing Tool :
Exploits some of the known vulnerabilities of Oracle. Includes SID Enumeration, Passwords tests [common/ dictionary]. Supports attachment of malformed shell codes with TCP packets for crashing the remote server or gain DBA privileges on it.
Download Link : http://sourceforge.net/projects/oracleauditor/files/latest/download
Secure Oracle Auditor :
is an Oracle auditing and Oracle security vulnerability assessment software which is capable of scanning multiple Oracle database servers. This Oracle security software provides Oracle audit tools, Oracle password tools, database scanner software and Oracle security tools for penetration testing. Secure Oracle Auditor™ identifies the database security threats in Oracle database that contains significant and precious information which is essential for the organization's success.
Download Link : http://www.secure-bytes.com/register.php
Secure SQL Auditor (SQA) :
is a SQL security software
that conducts database server security auditing & includes
vulnerability assessment tools for SQL database server. It is a network
based SQL security assessment tool capable of scanning multiple database servers. Secure SQL Auditor™
performs the massive task of identifying vulnerabilities and threats
present in MS SQL database server. It helps administrators in closing
loopholes which provide direct access to SQL database servers and lead
to monetary, reputational and informational losses.
Download Link : http://www.secure-bytes.com/register.php