m8sec/enumdb m8sec/enumdb

  • Stars
    star
    211
  • Rank 185,815 (Top 4 %)
  • Language
    Python
  • License
    GNU General Publi...
  • Created over 6 years ago
  • Updated about 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
m8sec/enumdb
github

m8sec

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Relational database brute force and post exploitation tool for MySQL and MSSQL

enumdb

Enumdb is a relational database brute force and post exploitation tool for MySQL and MSSQL. When provided a list of usernames and/or passwords, it will cycle through each host looking for valid credentials. By default, enumdb will use newly discovered credentials to automatically search for sensitive data fields via keyword searches on table or column names. This information can then be extracted and reported to a .csv or .xlsx output file.

Recent Additions:

  • Ability to spawn simulated shell on target, execute edb or custom SQL queries.
  • Added threading during standard enumeration and brute force for faster results.
  • No report by default, -r csv or -r xlsx required for data extraction.
  • Failed login attempts will not be shown by default (-v required).

Number of rows extracted, blacklisted databases & tables, and keywords searches can all be modified at: enumdb/config.py.

Installation

Enumdb was designed and tested using Python3 on Debian based Linux systems (kali). However, the tool is also compatible with Python2.7, and on other Linux distributions.

git clone https://github.com/m8r0wn/enumdb
cd enumdb
python3 setup.py install

Usage

  • Connect to a MySQL database and search for keywords in table names (no report)
    enumdb -u root -p 'password123' -t mysql 10.11.1.30

  • Connect to a MSSQL database using domain credentials, search for data using keywords in column names, and extract to a .xlsx report:
    enumdb -u 'domain\\user' -p Winter2018! -t mssql -columns -report xlsx 10.11.1.30

  • Brute force multiple MySQL servers looking for default credentials (no data or table enumeration)
    enumdb -u root -p '' -t mysql --brute 10.11.1.0-30

  • Brute force MSSQL sa account login. Once valid credentials are found, enumerate data by table name writing output to a .csv report:
    enumdb -u sa -P passwords.txt -t mssql -columns -report xlsx 192.168.10.10

  • Spawn an SQL shell on the system:
    enumdb -u sa -P 'P@ssword1' -t mssql --shell 192.168.10.10

All Options

optional arguments:
  -h, --help          show this help message and exit
  -T MAX_THREADS      Max threads (Default: 10)
  -v                  Verbose output

Connection:
  -port PORT          Specify non-standard port
  -t {mysql,mssql}    Database type
  target              Target database server(s) [Positional]

Authentication:
  -u USERS            Single username
  -U USERS            Users.txt file
  -p PASSWORDS        Single password
  -P PASSWORDS        Password.txt file

Enumeration:
  -c, --columns       Search for key words in column names (Default: table names)
  -r {none,csv,xlsx}  Extract data and create output report

Additional Actions:
  --brute             Brute force only (No DB Enumeration)
  --shell             Launch SQL Shell

Shell Commands

enumdb#> help
...
edb_databases                    - list all databases
edb_tables [DB]                  - list tables in DB
edb_columns [table].[DB]         - list columns in table
edb_dump [table].[DB] [#rows]    - Get data from table
[SQL Query]                      - Execute raw SQL query

Troubleshooting

If experiencing issues with MySQLdb, additional MySQL development resources may be required:

  • Debian / Ubuntu:
sudo apt-get install python3-dev default-libmysqlclient-dev build-essential
  • Red Hat / CentOS:
sudo yum install python3-devel mysql-devel

More Repositories

1

CrossLinked

LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping
Python
806
star
2

subscraper

Perform subdomain enumeration through various techniques and retrieve detailed output to aid in further testing.
Python
665
star
3

nullinux

Internal penetration testing tool for Linux that can be used to enumerate OS information, domain information, shares, directories, and users through SMB.
Python
515
star
4

pymeta

Pymeta will search the web for files on a domain to download and extract metadata. This technique can be used to identify: domains, usernames, software/version numbers and naming conventions.
Python
382
star
5

ActiveReign

A Network Enumeration and Attack Toolset for Windows Active Directory Environments.
Python
239
star
6

ldap_search

Python3 script to perform LDAP queries and enumerate users, groups, and computers from Windows Domains. Ldap_Search can also perform brute force/password spraying to identify valid accounts via LDAP.
Python
91
star
7

taser

Python resource library for creating security related tooling
Python
79
star
8

CVE-2021-34527

PrintNightmare (CVE-2021-34527) PoC Exploit
Python
74
star
9

SubWalker

Simultaneously execute various subdomain enumeration tools and aggregate results.
Shell
33
star
10

OffsecDev

Working repo used to experiment with various languages as it relates to offensive security & evasion.
Python
23
star
11

transportc2

PoC Command and Control Server. Interact with clients through a private web interface, add new users for team sharing and more.
Python
22
star
12

EAPrimer

C# project that Reflectively loads .Net assemblies in memory.
PowerShell
13
star
13

ipparser

Python module to parse IPv4 addresses / target information and return a single list for iteration. Useful when creating security or network related tools.
Python
9
star
14

m8sec.github.io

https://m8sec.dev
HTML
2
star