OScanner

This carries out a similar function to OAT's opwg, password guesser, and utilises the self same accounts.default file for its default username/password pairs.  It differs in that it also tries to guess accounts with the same username and password as well, which obviously doesn't happen out there :-))  It also provides a basic but succinct xml report format and has a built in xml viewer.

Requirements:

• Java Runtime Environment
• OScanner zip file

JRE Installation:

chmod 700 jre-1_5_0_04-linux-i586.bin

./jre-1_5_0_04-linux.bin

Oscanner Installation:

Now need to vi the files oscanner.sh and reportviewer.sh to point towards the JAVA executable:

JAVA=/usr/java/j2re1.4.2_08/bin/java

chmod 744 oscanner.sh

chmod 744 reportviewer.sh

N.B      accounts.default file has only 120+ standard username/password pairs, to enable a check of the 600 known Oracle default accounts change this file with my prepared one here.

Usage:

Oscanner:

C:\Oracle\oscanner_bin>oscanner

        Oracle Scanner 1.0.6 by patrik@cqure.net

        --------------------------------------

        OracleScanner -s <ip> -r <repfile> [options]

                -s      <servername>

                -f      <serverlist>

                -P      <portnr>

                -v      be verbose

[root@localhost oat]#  sh oscanner.sh -s 192.168.0.1

OR c:\oscanner -s 192.168.0.1

Reportviewer:

C:\Oracle\oscanner_bin>reportviewer

Reportviewer v.0.0.1 by patrik@cqure.net

----------------------------------------

Reportviewer [filename]

[root@localhost oat]#sh reportviewer.sh oscanner_192_168_0_1_report.xml 

OR c:\reportviewer oscanner_192_168_0_1_report.xml