DBPwAudit is a Java tool that allows you to perform online audits of password quality for several database engines. The application design allows for easy adding of additional database drivers by simply copying new JDBC drivers to the jdbc directory. Configuration is performed in two files, the aliases.conf file is used to map drivers to aliases and the rules.conf tells the application how to handle error messages from the scan.‘
一款数据库密码爆破工具~~~归属与系统安全工具库-密码爆破-数据库密码爆破工具
Tools included in the dbpwaudit package
dbpwaudit – Does online password audits of DB engines
root@kali:~# dbpwaudit
DBPwAudit v0.8 by Patrik Karlsson patrik@cqure.net
DBPwAudit -s -d -D -U -P [options]
-s - Server name or address.
-p - Port of database server/instance.
-d - Database/Instance name to audit.
-D - The alias of the driver to use (-L for aliases)
-U - File containing usernames to guess.
-P - File containing passwords to guess.
-L - List driver aliases.
dbpwaudit Usage Example
Scan the SQL server (-s 192.168.1.130), using the specified database (-d testdb) and driver
(-D MySQL) using the root username (-U root) and password dictionary (-P /usr/share/wordlists/nmap.lst):
root@kali:~# dbpwaudit -s 192.168.1.130 -d testdb -D MySQL -U root -P /usr/share/wordlists/nmap.lst