DBPwAudit Package Description

DBPwAudit is a Java tool that allows you to perform online audits of password quality for several database engines. The application design allows for easy adding of additional database drivers by simply copying new JDBC drivers to the jdbc directory. Configuration is performed in two files, the aliases.conf file is used to map drivers to aliases and the rules.conf tells the application how to handle error messages from the scan.

The tool has been tested and known to work with:

  • Microsoft SQL Server 2000/2005
  • Oracle 8/9/10/11
  • IBM DB2 Universal Database
  • MySQL

The tool is pre-configured for these drivers but does not ship with them, due to licensing issues.

Source: http://www.cqure.net/wp/tools/database/dbpwaudit/
DBPwAudit Homepage | Kali DBPwAudit Repo

  • Author: Patrik Karlsson
  • License: GPLv2

Tools included in the dbpwaudit package

dbpwaudit – Does online password audits of DB engines
[email protected]:~# dbpwaudit
DBPwAudit v0.8 by Patrik Karlsson <[email protected]>
----------------------------------------------------
DBPwAudit -s <server> -d <db> -D <driver> -U <users> -P <passwords> [options]

    -s - Server name or address.
    -p - Port of database server/instance.
    -d - Database/Instance name to audit.
    -D - The alias of the driver to use (-L for aliases)
    -U - File containing usernames to guess.
    -P - File containing passwords to guess.
    -L - List driver aliases.

dbpwaudit Usage Example

Scan the SQL server (-s 192.168.1.130), using the specified database (-d testdb) and driver
(-D MySQL) using the root username (-U root) and password dictionary (-P /usr/share/wordlists/nmap.lst):

[email protected]:~# dbpwaudit -s 192.168.1.130 -d testdb -D MySQL -U root -P /usr/share/wordlists/nmap.lst