{"id":15002600,"url":"https://github.com/m8sec/enumdb","last_synced_at":"2025-04-07T10:28:27.804Z","repository":{"id":94842926,"uuid":"118165871","full_name":"m8sec/enumdb","owner":"m8sec","description":"Relational database brute force and post exploitation tool for MySQL and MSSQL","archived":false,"fork":false,"pushed_at":"2024-06-19T14:31:03.000Z","size":72,"stargazers_count":220,"open_issues_count":0,"forks_count":64,"subscribers_count":18,"default_branch":"master","last_synced_at":"2025-03-31T09:04:48.837Z","etag":null,"topics":["brute-force","database","enumeration","mssql","mysql","pentest-tool","pentesting","post-exploitation","python3"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/m8sec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":null,"patreon":null,"open_collective":null,"ko_fi":null,"tidelift":null,"community_bridge":null,"liberapay":null,"issuehunt":null,"otechie":null,"custom":null}},"created_at":"2018-01-19T19:00:25.000Z","updated_at":"2025-03-23T06:49:48.000Z","dependencies_parsed_at":"2024-06-20T00:56:25.308Z","dependency_job_id":"e4193808-4901-42c2-8eae-f7301c9a5af8","html_url":"https://github.com/m8sec/enumdb","commit_stats":{"total_commits":47,"total_committers":4,"mean_commits":11.75,"dds":0.6595744680851063,"last_synced_commit":"f0b80444b3f902ad8e8d3d0e3e6e7a5e067a4423"},"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/m8sec%2Fenumdb","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/m8sec%2Fenumdb/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/m8sec%2Fenumdb/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/m8sec%2Fenumdb/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/m8sec","download_url":"https://codeload.github.com/m8sec/enumdb/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247634860,"owners_count":20970618,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["brute-force","database","enumeration","mssql","mysql","pentest-tool","pentesting","post-exploitation","python3"],"created_at":"2024-09-24T18:51:24.087Z","updated_at":"2025-04-07T10:28:27.775Z","avatar_url":"https://github.com/m8sec.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# enumdb\nEnumdb is a relational database brute force and post exploitation tool for MySQL and MSSQL. When provided a list of usernames and/or passwords, it will cycle through each host looking for valid credentials. By default, enumdb will use newly discovered credentials to automatically search for sensitive data fields via keyword searches on table or column names. This information can then be extracted and reported to a .csv or .xlsx output file.\n\n**Recent Additions:**\n* Ability to spawn simulated shell on target, execute edb or custom SQL queries.\n* Added threading during standard enumeration and brute force for faster results.\n* No report by default, ```-r csv``` or ```-r xlsx``` required for data extraction.\n* Failed login attempts will not be shown by default (```-v``` required).\n\n*Number of rows extracted, blacklisted databases \u0026 tables, and keywords searches can all be modified at: ```enumdb/config.py```.*\n\n## Installation\nEnumdb was designed and tested using Python3 on Debian based Linux systems (kali). However, the tool is also compatible with Python2.7, and on other Linux distributions.\n```bash\ngit clone https://github.com/m8r0wn/enumdb\ncd enumdb\npython3 setup.py install\n``````\n\n## Usage\n* Connect to a MySQL database and search for keywords in table names (no report)\u003cbr\u003e\n```enumdb -u root -p 'password123' -t mysql 10.11.1.30```\n\n* Connect to a MSSQL database using domain credentials, search for data using keywords in column names, and extract to a .xlsx report:\u003cbr\u003e\n```enumdb -u 'domain\\\\user' -p Winter2018! -t mssql -columns -report xlsx 10.11.1.30```\n\n* Brute force multiple MySQL servers looking for default credentials (no data or table enumeration)\u003cbr\u003e\n```enumdb -u root -p '' -t mysql --brute 10.11.1.0-30```\n\n* Brute force MSSQL sa account login. Once valid credentials are found, enumerate data by table name writing output to a .csv report:\u003cbr\u003e\n```enumdb -u sa -P passwords.txt -t mssql -columns -report xlsx 192.168.10.10```\n\n* Spawn an SQL shell on the system:\u003cbr\u003e\n```enumdb -u sa -P 'P@ssword1' -t mssql --shell 192.168.10.10```\n\n\u003c!--![enumdb](https://user-images.githubusercontent.com/13889819/54823551-9ae80d00-4c7e-11e9-89e5-3140b793b6d7.gif)--\u003e\n\n## All Options\n```html\noptional arguments:\n  -h, --help          show this help message and exit\n  -T MAX_THREADS      Max threads (Default: 10)\n  -v                  Verbose output\n\nConnection:\n  -port PORT          Specify non-standard port\n  -t {mysql,mssql}    Database type\n  target              Target database server(s) [Positional]\n\nAuthentication:\n  -u USERS            Single username\n  -U USERS            Users.txt file\n  -p PASSWORDS        Single password\n  -P PASSWORDS        Password.txt file\n\nEnumeration:\n  -c, --columns       Search for key words in column names (Default: table names)\n  -r {none,csv,xlsx}  Extract data and create output report\n\nAdditional Actions:\n  --brute             Brute force only (No DB Enumeration)\n  --shell             Launch SQL Shell\n```\n\n## Shell Commands\n```\nenumdb#\u003e help\n...\nedb_databases                    - list all databases\nedb_tables [DB]                  - list tables in DB\nedb_columns [table].[DB]         - list columns in table\nedb_dump [table].[DB] [#rows]    - Get data from table\n[SQL Query]                      - Execute raw SQL query\n```\n\n## Troubleshooting\nIf experiencing issues with [MySQLdb](https://github.com/PyMySQL/mysqlclient-python), additional MySQL development resources may be required:\n\n* Debian / Ubuntu: \n```\nsudo apt-get install python3-dev default-libmysqlclient-dev build-essential\n```\n\n* Red Hat / CentOS: \n```\nsudo yum install python3-devel mysql-devel\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fm8sec%2Fenumdb","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fm8sec%2Fenumdb","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fm8sec%2Fenumdb/lists"}