kali弱点分析工具之DBPwAudit

DBPwAudit is a Java tool that allows you to perform online audits of password quality for several database engines. The application design allows for easy adding of additional database drivers by simply copying new JDBC drivers to the jdbc directory. Configuration is performed in two files, the aliases.conf file is used to map drivers to aliases and the rules.conf tells the application how to handle error messages from the scan.‘

一款数据库密码爆破工具～～～归属与系统安全工具库-密码爆破-数据库密码爆破工具

Tools included in the dbpwaudit package

dbpwaudit – Does online password audits of DB engines

root@kali:~# dbpwaudit

DBPwAudit v0.8 by Patrik Karlsson patrik@cqure.net

DBPwAudit -s -d -D -U -P [options]

-s - Server name or address.
-p - Port of database server/instance.
-d - Database/Instance name to audit.
-D - The alias of the driver to use (-L for aliases)
-U - File containing usernames to guess.
-P - File containing passwords to guess.
-L - List driver aliases.

dbpwaudit Usage Example

Scan the SQL server (-s 192.168.1.130), using the specified database (-d testdb) and driver

(-D MySQL) using the root username (-U root) and password dictionary (-P /usr/share/wordlists/nmap.lst):

root@kali:~# dbpwaudit -s 192.168.1.130 -d testdb -D MySQL -U root -P /usr/share/wordlists/nmap.lst