GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → m8r0wn → Enumdb

m8r0wn / Enumdb

Licence: gpl-3.0
Relational database brute force and post exploitation tool for MySQL and MSSQL

Programming Languages

python
139335 projects - #7 most used programming language
python3
1442 projects

Labels

databasemysqlpentestingpentest-toolenumerationbrute-forcepost-exploitationmssql

Projects that are alternatives of or similar to Enumdb

Dirsearch
Web path scanner
Stars: ✭ 7,246 (+4238.92%)
Mutual labels:  pentesting, brute-force, enumeration, pentest-tool
Medoo
The lightweight PHP database framework to accelerate the development.
Stars: ✭ 4,463 (+2572.46%)
Mutual labels:  database, mysql, mssql
Nullinux
Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
Stars: ✭ 451 (+170.06%)
Mutual labels:  pentesting, pentest-tool, enumeration
Dapper.fsharp
Lightweight F# extension for StackOverflow Dapper with support for MSSQL, MySQL and PostgreSQL
Stars: ✭ 145 (-13.17%)
Mutual labels:  database, mysql, mssql
Pgloader
Migrate to PostgreSQL in a single command!
Stars: ✭ 3,754 (+2147.9%)
Mutual labels:  database, mysql, mssql
Aiodnsbrute
Python 3.5+ DNS asynchronous brute force utility
Stars: ✭ 370 (+121.56%)
Mutual labels:  pentesting, enumeration, brute-force
Thc Hydra
hydra
Stars: ✭ 5,645 (+3280.24%)
Mutual labels:  pentesting, pentest-tool, brute-force
Raccoon
A high performance offensive security tool for reconnaissance and vulnerability scanning
Stars: ✭ 2,312 (+1284.43%)
Mutual labels:  pentesting, pentest-tool, enumeration
Dbbench
🏋️ dbbench is a simple database benchmarking tool which supports several databases and own scripts
Stars: ✭ 52 (-68.86%)
Mutual labels:  database, mysql, mssql
Oscp Pentest Methodologies
备考 OSCP 的各种干货资料/渗透测试干货资料
Stars: ✭ 166 (-0.6%)
Mutual labels:  pentesting, pentest-tool, post-exploitation
Ldap search
Python3 script to perform LDAP queries and enumerate users, groups, and computers from Windows Domains. Ldap_Search can also perform brute force/password spraying to identify valid accounts via LDAP.
Stars: ✭ 78 (-53.29%)
Mutual labels:  pentesting, pentest-tool, enumeration
Space Cloud
Open source Firebase + Heroku to develop, scale and secure serverless apps on Kubernetes
Stars: ✭ 3,323 (+1889.82%)
Mutual labels:  database, mysql, mssql
Linq2db
Linq to database provider.
Stars: ✭ 2,211 (+1223.95%)
Mutual labels:  database, mysql, mssql
Sqlboiler
Generate a Go ORM tailored to your database schema.
Stars: ✭ 4,497 (+2592.81%)
Mutual labels:  database, mysql, mssql
Content Bruteforcing Wordlist
Wordlist for content(directory) bruteforce discovering with Burp or dirsearch
Stars: ✭ 173 (+3.59%)
Mutual labels:  pentesting, pentest-tool, brute-force
Phpmyfaq
phpMyFAQ - Open Source FAQ web application for PHP and MySQL, PostgreSQL and other databases
Stars: ✭ 494 (+195.81%)
Mutual labels:  database, mysql, mssql
Next
Directus is a real-time API and App dashboard for managing SQL database content. 🐰
Stars: ✭ 111 (-33.53%)
Mutual labels:  database, mysql, mssql
Prisma
Next-generation ORM for Node.js & TypeScript | PostgreSQL, MySQL, MariaDB, SQL Server, SQLite & MongoDB (Preview)
Stars: ✭ 18,168 (+10779.04%)
Mutual labels:  database, mysql, mssql
Directus
Open-Source Data Platform 🐰 — Directus wraps any SQL database with a real-time GraphQL+REST API and an intuitive app for non-technical users.
Stars: ✭ 13,190 (+7798.2%)
Mutual labels:  database, mysql, mssql
Grimoire
Database access layer for golang
Stars: ✭ 151 (-9.58%)
Mutual labels:  database, mysql
View All Similar Projects ➔

enumdb

Enumdb is a relational database brute force and post exploitation tool for MySQL and MSSQL. When provided a list of usernames and/or passwords, it will cycle through each host looking for valid credentials. By default, enumdb will use newly discovered credentials to automatically search for sensitive data fields via keyword searches on table or column names. This information can then be extracted and reported to a .csv or .xlsx output file.

Recent Additions:

  • Ability to spawn simulated shell on target, execute edb or custom SQL queries.
  • Added threading during standard enumeration and brute force for faster results.
  • No report by default, -r csv or -r xlsx required for data extraction.
  • Failed login attempts will not be shown by default (-v required).

Number of rows extracted, blacklisted databases & tables, and keywords searches can all be modified at: enumdb/config.py.

Installation

Enumdb was designed and tested using Python3 on Debian based Linux systems (kali). However, the tool is also compatible with Python2.7, and on other Linux distributions.

  • PyPi (last release)
pip3 install enumdb
  • Or, GitHub (latest code)
git clone https://github.com/m8r0wn/enumdb
cd enumdb
python3 setup.py install

Usage

  • Connect to a MySQL database and search for keywords in table names (no report)
    enumdb -u root -p 'password123' -t mysql 10.11.1.30

  • Connect to a MSSQL database using domain credentials, search for data using keywords in column names, and extract to a .xlsx report:
    enumdb -u 'domain\\user' -p Winter2018! -t mssql -columns -report xlsx 10.11.1.30

  • Brute force multiple MySQL servers looking for default credentials (no data or table enumeration)
    enumdb -u root -p '' -t mysql --brute 10.11.1.0-30

  • Brute force MSSQL sa account login. Once valid credentials are found, enumerate data by table name writing output to a .csv report:
    enumdb -u sa -P passwords.txt -t mssql -columns -report xlsx 192.168.10.10

  • Spawn an SQL shell on the system:
    enumdb -u sa -P '[email protected]' -t mssql --shell 192.168.10.10

All Options

optional arguments:
  -h, --help          show this help message and exit
  -T MAX_THREADS      Max threads (Default: 10)
  -v                  Verbose output

Connection:
  -port PORT          Specify non-standard port
  -t {mysql,mssql}    Database type
  target              Target database server(s) [Positional]

Authentication:
  -u USERS            Single username
  -U USERS            Users.txt file
  -p PASSWORDS        Single password
  -P PASSWORDS        Password.txt file

Enumeration:
  -c, --columns       Search for key words in column names (Default: table names)
  -r {none,csv,xlsx}  Extract data and create output report

Additional Actions:
  --brute             Brute force only (No DB Enumeration)
  --shell             Launch SQL Shell

Shell Commands

enumdb#> help
...
edb_databases                    - list all databases
edb_tables [DB]                  - list tables in DB
edb_columns [table].[DB]         - list columns in table
edb_dump [table].[DB] [#rows]    - Get data from table
[SQL Query]                      - Execute raw SQL query

Troubleshooting

If experiencing issues with MySQLdb, additional MySQL development resources may be required:

  • Debian / Ubuntu:
sudo apt-get install python3-dev default-libmysqlclient-dev build-essential
  • Red Hat / CentOS:
sudo yum install python3-devel mysql-devel
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].