Database Scanners (Not in any order):
S.N. / Name / Brief Description / Open Source? / Platform / Functions1 / Shadow Database Scanner
/ Scans MSSql, Oracle, IBMDB2, MiniSql,MySQL, and Lotus Domino / No / Win /
- Scans servers built practically on any platform.
- Because of a fully open (ActiveX-based) architecture any professional with knowledge of VC++, C++ Builder or Delphi may easily expand the capabilities of the Scanner.
- Detailed scan session log in HTML, XML, PDF, RTF and CHM (compiled HTML) formats.
2 /
Acunetix Web Vulnerability Scanner
/ All-in-one web vulnerability scanner and database scanner / No / Win /- Provides a fully featured web security scanner, crawler, report analysis tool, as well as web security explanations, and an extensive database of security checks for all leading web server platforms.
- It automatically detects, reports & addresses outdated server software
3 / AuditPro Enterprise
/ A security auditing tool for Oracle and MS SQL Servers / No / Win, Linux /
- A security assessment solution featuring critical asset identification, policy compliance, risk analysis, real time vulnerability views, enhanced reporting capability, graphical progress analysis etc.
- Supports multiple operating systems and databases
4 / OScanner
/ Oracle assessment framework developed in Java / Yes / Win, Linux / Sid Enumeration
- Passwords tests (common & dictionary)
- Enumerate Oracle version
- Enumerate account roles
- Enumerate account privileges
- Enumerate account hashes
- Enumerate audit information
- Enumerate password policies
- Enumerate database links
- The results are given in graphical tree.
5 / AppSentry
/ Oracle Database scanner. Supports Oracle 8i, 9i, and 10g. / No / Win / Detects security risks and vulnerabilities within the Oracle Database and associated application. With over 100 audits and checks specifically written for the Oracle Database, AppSentry automates and streamlines the identification of vulnerabilities to an extent not previously possible.
6 / AppDetective
/ Network based Database scanner
MySQL,Oracle, Sybase,IBM DB2, IBM DB2 on Mainframe,
Microsoft SQL Server, Oracle Application Server,
Lotus Notes/Domino / No / Win / It discovers database applications within your infrastructure and assesses their security strength
AppDetective locates, examines, reports, and fixes security holes and misconfigurations.
7 / Symantec Enterprise Security Manager™ for Databases 3.0 Application Modules
/ Oracle and DB2 Module based scanner / No / Win / The provided modules and policies protect Oracle and DB2 databases from known security vulnerabilities. The policies introduce new, database-specific executables and content, including modules to check password strength, patches, and unneeded services.
8 / SQLDict
/ A Dictionary attack tool for SQL Server. / Freeware / Win / Specify the target server IP address, the target account name, and select a password list file to use for the dictionary attack.
9 / NGSSQL Crack
/ Password cracker for MS SQL Server / No / Win / It uses a dictionary of commonly used passwords and produces a hash for each entry then compares it with the user's real password hash. If they match then the password has been found;
After a dictionary sweep NGSSQLCrack will start to brute force the password, trying varying combinations of characters.
10 / NGSSquirrel for Oracle, SQL
/ A comprehensive automated vulnerability assessment tool for Oracle database servers / No / Win -
Oracle, SQL / It identifies potential vulnerabilities, misconfigurations or backdoors which could lead to the compromise of a server and its data. It is capable of performing the fullest audit of business risk currently available in an Oracle database scanner.
11 / MetaCortex
/ Entirely JAVA vulnerability scanning framework that emphasizes database. / Freeware / Independent.
JDBC Type IV driver jars – MS Sql, MYSql