OScanner
OScanner is an Oracle database assessment framework designed to identify security vulnerabilities, misconfigurations, and weaknesses in Oracle database instances. It performs comprehensive scans across multiple security domains including user privileges, default accounts, and audit settings.
Installation
Sección titulada «Installation»Linux/Unix Installation
Sección titulada «Linux/Unix Installation»# Download OScanner
wget http://www.cqure.net/tools/oscanner/oscanner110611.tar.gz
# Extract the archive
tar -xzf oscanner110611.tar.gz
cd oscanner
# Set execute permissions
chmod +x oscanner
# Verify installation
./oscanner -hPrerequisites
Sección titulada «Prerequisites»- Java Runtime Environment (JRE) 1.6 or higher
- Network connectivity to target Oracle database
- Valid database credentials (preferably with DBA role)
- Oracle JDBC drivers (included in most distributions)
macOS Installation
Sección titulada «macOS Installation»# Install Java if not present
brew install openjdk
# Download and extract
wget http://www.cqure.net/tools/oscanner/oscanner110611.tar.gz
tar -xzf oscanner110611.tar.gz
cd oscanner
# Make executable
chmod +x oscannerBasic Concepts
Sección titulada «Basic Concepts»Target Connection Methods
Sección titulada «Target Connection Methods»OScanner connects to Oracle databases using:
- Direct connection: TCP/IP connection to database listener
- Connection string: Standard Oracle connection format
- Authentication: Username/password or OS authentication
Scan Types
Sección titulada «Scan Types»- User scanning: Identify privileged accounts and weak passwords
- Privilege analysis: Detect excessive user privileges
- Default account detection: Find unchanged default credentials
- Audit configuration: Review and identify audit gaps
- Server misconfiguration: Identify parameter weaknesses
Basic Commands
Sección titulada «Basic Commands»| Command | Description |
|---|---|
oscanner -h | Display help message |
oscanner -s <host>:<port>:<SID> | Scan specific database instance |
oscanner -u <user> -p <pass> | Specify authentication credentials |
oscanner -f <file> | Load targets from file |
oscanner -v <level> | Set verbosity level (0-3) |
Database Connection
Sección titulada «Database Connection»Scan Single Database
Sección titulada «Scan Single Database»./oscanner -s 192.168.1.100:1521:ORCL \
-u system \
-p managerScan with TNS Connection String
Sección titulada «Scan with TNS Connection String»./oscanner \
-s orcl.example.com:1521:ORCL \
-u system \
-p manager \
-v 2Batch Scanning from File
Sección titulada «Batch Scanning from File»Create targets.txt:
192.168.1.100:1521:ORCL:system:manager
192.168.1.101:1521:PROD:system:password123
192.168.1.102:1521:TEST:scott:tigerThen scan:
./oscanner -f targets.txt -v 2Connect with OS Authentication
Sección titulada «Connect with OS Authentication»./oscanner -s 192.168.1.100:1521:ORCL \
-u / \
-p / \
-w 5Advanced Scanning Options
Sección titulada «Advanced Scanning Options»Customize Scan Checks
Sección titulada «Customize Scan Checks»# Run only user privilege checks
./oscanner -s 192.168.1.100:1521:ORCL \
-u system \
-p manager \
-checks privilege
# Run only default account checks
./oscanner -s 192.168.1.100:1521:ORCL \
-u system \
-p manager \
-checks default_accountsIncrease Scan Depth
Sección titulada «Increase Scan Depth»# Full comprehensive scan with maximum verbosity
./oscanner -s 192.168.1.100:1521:ORCL \
-u system \
-p manager \
-v 3 \
-depth full \
-timeout 300Network Timeout Configuration
Sección titulada «Network Timeout Configuration»# Set connection timeout (seconds)
./oscanner -s 192.168.1.100:1521:ORCL \
-u system \
-p manager \
-timeout 30 \
-retry 3Security Assessment Tasks
Sección titulada «Security Assessment Tasks»Identify Weak User Accounts
Sección titulada «Identify Weak User Accounts»./oscanner -s 192.168.1.100:1521:ORCL \
-u system \
-p manager \
-check_weak_passwords \
-output weak_accounts.txtAudit Privilege Escalation Risks
Sección titulada «Audit Privilege Escalation Risks»./oscanner -s 192.168.1.100:1521:ORCL \
-u system \
-p manager \
-analyze privileges \
-report privilege_report.htmlCheck Default Account Status
Sección titulada «Check Default Account Status»./oscanner -s 192.168.1.100:1521:ORCL \
-u system \
-p manager \
-scan_defaults \
-list_inactiveAudit Role Assignments
Sección titulada «Audit Role Assignments»./oscanner -s 192.168.1.100:1521:ORCL \
-u system \
-p manager \
-enumerate roles \
-export roles.csvOutput and Reporting
Sección titulada «Output and Reporting»Generate HTML Report
Sección titulada «Generate HTML Report»./oscanner -s 192.168.1.100:1521:ORCL \
-u system \
-p manager \
-report assessment.html \
-format htmlCSV Export for Analysis
Sección titulada «CSV Export for Analysis»./oscanner -s 192.168.1.100:1521:ORCL \
-u system \
-p manager \
-export findings.csv \
-format csvVerbose Output with Timestamps
Sección titulada «Verbose Output with Timestamps»./oscanner -s 192.168.1.100:1521:ORCL \
-u system \
-p manager \
-v 3 \
-log oscanner_$(date +%Y%m%d_%H%M%S).logAuthentication and Authorization
Sección titulada «Authentication and Authorization»Check User Privilege Escalation
Sección titulada «Check User Privilege Escalation»./oscanner -s 192.168.1.100:1521:ORCL \
-u system \
-p manager \
-analyze_privs \
-escalation_checkIdentify Excessive DBA Accounts
Sección titulada «Identify Excessive DBA Accounts»./oscanner -s 192.168.1.100:1521:ORCL \
-u system \
-p manager \
-list dba_users \
-filter privilegedRole Permission Analysis
Sección titulada «Role Permission Analysis»./oscanner -s 192.168.1.100:1521:ORCL \
-u system \
-p manager \
-enumerate role_privs \
-detailedVulnerability Assessment
Sección titulada «Vulnerability Assessment»Comprehensive Security Scan
Sección titulada «Comprehensive Security Scan»./oscanner -s 192.168.1.100:1521:ORCL \
-u system \
-p manager \
-full_scan \
-include_defaults \
-check_cveVersion-Specific Vulnerabilities
Sección titulada «Version-Specific Vulnerabilities»./oscanner -s 192.168.1.100:1521:ORCL \
-u system \
-p manager \
-version_check \
-vuln_database \
-patch_levelPassword Policy Assessment
Sección titulada «Password Policy Assessment»./oscanner -s 192.168.1.100:1521:ORCL \
-u system \
-p manager \
-check_pwd_policy \
-test_complexityPerformance and Optimization
Sección titulada «Performance and Optimization»Parallel Scanning
Sección titulada «Parallel Scanning»# Scan multiple databases in parallel
./oscanner -f targets.txt \
-parallel 4 \
-v 2Timeout Settings
Sección titulada «Timeout Settings»./oscanner -s 192.168.1.100:1521:ORCL \
-u system \
-p manager \
-connect_timeout 20 \
-query_timeout 60Troubleshooting
Sección titulada «Troubleshooting»Connection Issues
Sección titulada «Connection Issues»# Test connectivity first
tnsping ORCL
# Verbose connection debugging
./oscanner -s 192.168.1.100:1521:ORCL \
-u system \
-p manager \
-debug connectionMemory Issues
Sección titulada «Memory Issues»# Increase Java heap size
export JAVA_OPTS="-Xmx1024m"
./oscanner -s 192.168.1.100:1521:ORCL \
-u system \
-p managerCredential Problems
Sección titulada «Credential Problems»# Test credentials separately
sqlplus system/manager@ORCL
# Then run scanner with verified credentials
./oscanner -s 192.168.1.100:1521:ORCL \
-u system \
-p manager \
-test_credsBest Practices
Sección titulada «Best Practices»Pre-Scan Checklist
Sección titulada «Pre-Scan Checklist»- Obtain written authorization before scanning
- Document baseline database configuration
- Verify network connectivity to target
- Confirm credential validity and permissions
- Review scan scope with database administrator
- Schedule scans during maintenance windows
Scan Configuration
Sección titulada «Scan Configuration»# Recommended comprehensive scan
./oscanner -s target.example.com:1521:PROD \
-u system \
-p $(read -sp "Password: " && echo $REPLY) \
-v 2 \
-timeout 300 \
-full_scan \
-report assessment_$(date +%Y%m%d).htmlPost-Scan Analysis
Sección titulada «Post-Scan Analysis»- Review findings for false positives
- Prioritize critical vulnerabilities
- Document remediation steps
- Track remediation progress
- Re-scan after fixes applied
- Maintain historical records
Common Findings and Remediation
Sección titulada «Common Findings and Remediation»Default Accounts Detected
Sección titulada «Default Accounts Detected»| Account | Risk | Action |
|---|---|---|
| SCOTT/TIGER | High | Change password or lock account |
| SYSTEM/MANAGER | High | Strengthen password |
| SYS/ | Critical | Immediate remediation required |
| DBSNMP/DBSNMP | Medium | Change default password |
Privilege Issues
Sección titulada «Privilege Issues»# Audit specific user privileges
./oscanner -s 192.168.1.100:1521:ORCL \
-u system \
-p manager \
-audit_user scott \
-list_privsAudit Configuration
Sección titulada «Audit Configuration»# Check audit settings
./oscanner -s 192.168.1.100:1521:ORCL \
-u system \
-p manager \
-check_audit \
-verify_settingsLegal and Ethical Considerations
Sección titulada «Legal and Ethical Considerations»OScanner should only be used:
- On systems you own or have explicit authorization to test
- As part of authorized security assessments
- Within scope of penetration testing engagement
- With documented approval from system owners
- In compliance with applicable laws and regulations
Always maintain detailed records of:
- Scan scope and authorization
- Findings and recommendations
- Remediation efforts
- Follow-up assessment results
- Time and date of all activities
Resources
Sección titulada «Resources»- Official OScanner documentation: http://www.cqure.net/tools/oscanner/
- Oracle security best practices guide
- OWASP database security testing guidelines
- CIS Oracle Database benchmark
- Oracle security update notifications