January 17th, 2002, 12:49 PM
Oracle database scanner.
Originaly from Mark Joseph Edwards, Windows & .NET Magazine Security UPDATE
UK-based PenTest offers scanner.sql, an Oracle database scanner that checks the database system's security. The script performs several tests, including tests against known and easy-to-guess passwords, and determines which users have database administrator privileges. The tool can also determine which users have the "ANY" privilege (which lets a user select any table in the database), which users can grant privileges, which accounts can run jobs from the OS level (external to the database service), and which users have system privileges (such as ALTER SYSTEM, CREATE LIBRARY, and CREATE SESSION). The tool also checks the UTF_FILE for parameters that present loose security, checks database links with clear-text passwords, and more. You can learn more about the scanner.sql script at the PenTest Web site.