A small multi-threaded tool that scans for Microsoft SQL Servers. The tool does it’s discovery by using UDP and returns a list of all detected instances with there respective protocols and ports.

MSSQLScan v0.8 by patrik@cqure.net
——————————————————–
MSSQLScan -t <target_ip> [options]

Options:
-t <target> - target ip address(es)
-s <src> - source ip address
-T <threads> - maximum threads (default 50)
-v - verbose logging
-w <timeout> - timeout for replies (default 500 ms)
-o <file> - output to file

example:
MSSQLScan -t 192.168.1-2.* -o results.txt

sample output:

Scan results
——————-
10.10.10.10;SQL01;INST1;8.00.194;[np:\\SQL01\pipe\sql\query, tcp:1433]

The tools is written in Java and can be downloaded here:
Download version 0.8 mssqlscan-bin-0_8.zip