quentinhardy / odat

ODAT: Oracle Database Attacking Tool
1.62k stars 345 forks source link

Feature Request - SID min size, real time output #5

Open Lexus89 opened 9 years ago

Lexus89 commented 9 years ago

Hiya,

I have been working with the tool alot lately and i noticed some things that could improve the tool abit. Hopefully you have some time to implement these features!

When brute forcing SIDs, a min size option (--sids-min-size) would be really helpful if you already bruted the first 1-4 characters find nothing and want to scan for 5. This way you don't have to go through all other 1-4 SIDs again.

Also when doing brute forcing SIDs/accounts, real time printing of found info would save alot of time during pentests. Right now you have to wait up until all is finished, especially when bruting SIDs with higher character amounts this is really helpful.

Thanks for the awesome tool!

quentinhardy commented 9 years ago

I agree with you for all these ideas. I will work on the "real time printing of found" feature as soon as possible.

Lexus89 commented 9 years ago

Another thing that just popped my mind is expanding the SEARCH module. Right now it prints relevant columns and the owner/database however in most cases this is not enough (for example you need usernames as well). It would be very handy to also print the structure of the table the column was found in (all the columns) and a dump option to grab all data or just certain columns (perhaps even with custom queries with some ODAT help).

quentinhardy commented 8 years ago

"[...]when doing brute forcing SIDs/accounts, real time printing of found info would save a lot of time during pentests[...]". It's done now.

Lexus89 commented 8 years ago

Good to hear, great! Will be playing with it soon

Lexus89 commented 8 years ago

To get back to the real time printing, really useful so far. Any idea if/when you will implement db/table dumping? Also is it possible to clean up the repo? A simple clone takes 200mb which is alot

quentinhardy commented 8 years ago

I don't know when I will implement db/table dumping yet. If someone has the time to implement this feature, it would be nice because I have not many time at the moment.

The repository has been cleaned up today (200mo -> 1.2mo).