quentinhardy / odat

ODAT: Oracle Database Attacking Tool
1.62k stars 345 forks source link
oracle-database pentest pentest-tool privilege-escalation
Quentin HARDY
quentin.hardy@protonmail.com
quentin.hardy@bt.com

ODAT

ODAT (Oracle Database Attacking Tool) is an open source penetration testing tool that tests the security of Oracle Databases remotely.

Usage examples of ODAT:

Tested on Oracle Database 10g, 11g, 12c, 18c and 19c.

ODAT linux standalone version at https://github.com/quentinhardy/odat/releases/. Notice it is recommended to use the development version (git clone), master-python3 branch (python 3 version).

Changelog

Features

Thanks to ODAT, you can:

This list is not exhaustive.

Mind map - ODAT & Oracle Database pentests

Alt text

Supported Platforms and dependencies

ODAT is compatible with Linux only.

Standalone version exists in order to don't have need to install dependencies (see https://github.com/quentinhardy/odat/releases/). The ODAT standalone has been generated thanks to pyinstaller.

If you want to have the development version installed on your computer, these following tools and dependencies are needed:

Installation (optional, for development version)

This part describes how to install instantclient, CX_Oracle and some others python libraries on Ubuntu in order to have the ODAT development version. Don't forget that an ODAT standalone version exists at https://github.com/quentinhardy/odat/releases/: It is not required to install something for use the standalone version

Good job if you have not errors:)

Docs and examples

Docs and examples are on the WIKI

Donation

If you want to support my work doing a donation, I will appreciate a lot: