cqure.net

Using Nmap to audit your MySQL database

I’ve been working on a Nmap script for auditing MySQL databases against the CIS 1.0.2 benchmark for a while. I haven’t committed it to subversion yet, but it’s available to download for anyone who feels up to testing it. While it isn’t perfect nor does it contain all CIS controls, it provides Nmap users with the possibility to quickly scan a database to see whether it complies with the CIS recommendations or not.

The script is comprised of two parts; the engine and the rulebase. The engine (mysql-audit.nse) simply reads the rulebase (mysql-cis.audit) which contains all of the checks. The rulebase is quite simple and contains a few supporting functions making it trivial to add more rules to it.

The script and rulebase can be downloaded from nmap-dev and the files need to be copied to the correct directories in order to run. The script file (mysql-audit.nse) goes into the nmap script directory and the audit file could really go anywhere but I’ve copied it into the nselib/data directory.

In order to run, the script needs the following parameters:

  1. the hostname against which it’s supposed to run
  2. the port on which the MySQL database is running
  3. the username and password of a privileged account (eg. the MySQL root account)

The following command (contains line breaks for readability) instructs Nmap to scan the database at 1.2.3.4 on port 3306 using the username root and password foobar:

The result should look something similar to this:

I’m interested in both bug reports and success stories, so let me know of your results.

2 Responses to “Using Nmap to audit your MySQL database”

  1. Undead Security / Monday Catchup – 06/06/2011 Says:

    [...] Auditing MySQL with Nmap: http://www.cqure.net/wp/2011/06/using-nmap-to-audit-your-mysql-database/ [...]

  2. IT Secure Site » Monday Catchup – 06/06/2011 Says:

    [...] Auditing MySQL with Nmap: http://www.cqure.net/wp/2011/06/using-nmap-to-audit-your-mysql-database/ [...]

Leave a Reply