The Web Local





This carries out a similar function to OAT's opwg, password guesser, and utilises the self same accounts.default file for its default username/password pairs.  It differs in that it also tries to guess accounts with the same username and password as well, which obviously doesn't happen out there :-))  It also provides a basic but succinct xml report format and has a built in xml viewer.




  • Java Runtime Environment
  • OScanner zip file


JRE Installation:


chmod 700 jre-1_5_0_04-linux-i586.bin



Oscanner Installation:


Now need to vi the files and to point towards the JAVA executable:



chmod 744

chmod 744


N.B      accounts.default file has only 120+ standard username/password pairs, to enable a check of the 600 known Oracle default accounts change this file with my prepared one here.







        Oracle Scanner 1.0.6 by


        OracleScanner -s <ip> -r <repfile> [options]

                -s      <servername>

                -f      <serverlist>

                -P      <portnr>

                -v      be verbose

[root@localhost oat]#  sh -s


OR c:\oscanner -s






Reportviewer v.0.0.1 by


Reportviewer [filename]


[root@localhost oat]#sh oscanner_192_168_0_1_report.xml 


OR c:\reportviewer oscanner_192_168_0_1_report.xml 



IT Security News:


Pen Testing Framework:


Latest Tool Reviews: