Enumdb – MySQL and MSSQL Brute Force And Post Exploitation Tool To Search Through Databases And Extract Sensitive Information Enumdb is brute force and post exploitation tool for MySQL and MSSQL databases.

When provided a list of usernames and/or passwords, it will cycle through each looking for valid credentials.

By default enumdb will use newly found, or given, credentials to search the database and find tables containing sensitive information (usernames, passwords, ssn, credit cards, etc), taking the manual work out of post exploitation.

The data will be copied to a .xlsx output file in the current directory, listing one table per sheet. This output file can be changed to .csv using the command line arguments.

Enumdb is written in python3, use the setup.sh script to ensure all required libraries are installed.

Getting Started

In the Linux terminal run

  1. git clone https://github.com/m8r0wn/enumdb
  2. sudo chmod +x enumdb/setup.sh
  3. sudo ./enumdb/setup.sh

Usage

Connect to a MySQL database and enumerate tables writing output to xlsx:

Connect to a MSSQL database using a domain username and enumerate tables writing output to xlsx:

Connect to MySQL database and enumerate tables writing output to csv:

Brute force MSSQL sa account login. Once valid credentials are found, enumerate data writing output to xlsx:

Brute force MSSQL sa account login without enumerating data or logging output:

All Options

Download Enumdb