Nmap mysql-audit NSE Script
This page contains detailed information about how to use the mysql-audit NSE script. For list of all NSE scripts, visit the Nmap NSE Library.
| Select: |
|---|
Script Overview
Script source code: https://github.com/nmap/nmap/tree/master/scripts/mysql-audit.nse
Script categories: discovery, safe
Target service / protocol: mysql
Target network port(s): 3306
List of CVEs: -
Script Description
The mysql-audit.nse script audits MySQL database server security configuration against parts of the CIS MySQL v1.0.2 benchmark (the engine can be used for other MySQL audits by creating appropriate audit files).
Mysql-audit NSE Script Arguments
This is a full list of arguments supported by the mysql-audit.nse script:
mysql-audit.filenameThe name of the file containing the audit rulebase, "mysql-cis.audit" by default
mysql-audit.passwordThe password with which to connect to the database
mysql-audit.usernameThe username with which to connect to the database
- - -
To use these script arguments, add them to the Nmap command line using the --script-args arg1=value,[arg2=value,..] syntax. For example:
nmap --script=mysql-audit --script-args mysql-audit.filename=value,mysql-audit.password=value <target>Mysql-audit NSE Script Example Usage
Here's an example of how to use the mysql-audit.nse script:
nmap -p 3306 --script mysql-audit --script-args "mysql-audit.username='root', \
mysql-audit.password='foobar',mysql-audit.filename='nselib/data/mysql-cis.audit'"
Mysql-audit NSE Script Example Output
Here's a sample output from the mysql-audit.nse script:
PORT STATE SERVICE
3306/tcp open mysql
| mysql-audit:
| CIS MySQL Benchmarks v1.0.2
| 3.1: Skip symbolic links => PASS
| 3.2: Logs not on system partition => PASS
| 3.2: Logs not on database partition => PASS
| 4.1: Supported version of MySQL => REVIEW
| Version: 5.1.54-1ubuntu4
| 4.4: Remove test database => PASS
| 4.5: Change admin account name => FAIL
| 4.7: Verify Secure Password Hashes => PASS
| 4.9: Wildcards in user hostname => FAIL
| The following users were found with wildcards in hostname
| root
| super
| super2
| 4.10: No blank passwords => PASS
| 4.11: Anonymous account => PASS
| 5.1: Access to mysql database => REVIEW
| Verify the following users that have access to the MySQL database
| user host
| root localhost
| root patrik-11
| root 127.0.0.1
| debian-sys-maint localhost
| root %
| super %
| 5.2: Do not grant FILE privileges to non Admin users => REVIEW
| The following users were found having the FILE privilege
| super
| super2
| 5.3: Do not grant PROCESS privileges to non Admin users => REVIEW
| The following users were found having the PROCESS privilege
| super
| 5.4: Do not grant SUPER privileges to non Admin users => REVIEW
| The following users were found having the SUPER privilege
| super
| 5.5: Do not grant SHUTDOWN privileges to non Admin users => REVIEW
| The following users were found having the SHUTDOWN privilege
| super
| 5.6: Do not grant CREATE USER privileges to non Admin users => REVIEW
| The following users were found having the CREATE USER privilege
| super
| 5.7: Do not grant RELOAD privileges to non Admin users => REVIEW
| The following users were found having the RELOAD privilege
| super
| 5.8: Do not grant GRANT privileges to non Admin users => PASS
| 6.2: Disable Load data local => FAIL
| 6.3: Disable old password hashing => PASS
| 6.4: Safe show database => FAIL
| 6.5: Secure auth => FAIL
| 6.6: Grant tables => FAIL
| 6.7: Skip merge => FAIL
| 6.8: Skip networking => FAIL
| 6.9: Safe user create => FAIL
| 6.10: Skip symbolic links => FAIL
|
|_ The audit was performed using the db-account: root
Mysql-audit NSE Script Example XML Output
There is no sample XML output for this module. However, by providing the -oX <file> option, Nmap will produce a XML output and save it in the file.xml file.
Author
- Patrik Karlsson
References
- https://nmap.org/nsedoc/scripts/mysql-audit.html
- https://github.com/nmap/nmap/tree/master/scripts/mysql-audit.nse
See Also
Related NSE scripts to the mysql-audit.nse script:
- mysql-brute.nse
- mysql-databases.nse
- mysql-dump-hashes.nse
- mysql-empty-password.nse
- mysql-enum.nse
- mysql-info.nse
- mysql-query.nse
- mysql-users.nse
- mysql-variables.nse
- mysql-vuln-cve2012-2122.nse
Visit Nmap NSE Library for more scripts.
The mysql-audit.nse script may fail with the following error messages. Check for the possible causes by using the code snippets highlighted below found in the script source code. This can often times help in identifying the root cause of the problem.
Failed to load rulebase:n%s
Here is a relevant code snippet related to the "Failed to load rulebase:n%s" error message:
105: filename = nmap.fetchfile("nselib/data/" .. filename) or filename
106: stdnse.debug(1, "Loading rules from: %s", filename)
107: local file, err = loadfile(filename, "t", env)
108:
109: if ( not(file) ) then
110: return false, fail(("Failed to load rulebase:\n%s"):format(err))
111: end
112:
113:
114: file()
115: TEMPLATE_NAME = env.TEMPLATE_NAME
No username was supplied (see mysql-audit.username)
Here is a relevant code snippet related to the "No username was supplied (see mysql-audit.username)" error message:
122: local username = stdnse.get_script_args("mysql-audit.username")
123: local password = stdnse.get_script_args("mysql-audit.password")
124: local filename = stdnse.get_script_args("mysql-audit.filename") or "mysql-cis.audit"
125:
126: if ( not(username) ) then
127: return fail("No username was supplied (see mysql-audit.username)")
128: end
129:
130: local status, tests = loadAuditRulebase( filename )
131: if( not(status) ) then return tests end
132:
Failed to authenticate
Here is a relevant code snippet related to the "Failed to authenticate" error message:
137: status, response = mysql.receiveGreeting( socket )
138: if ( not(status) ) then return response end
139:
140: status, response = mysql.loginRequest( socket, { authversion = "post41", charset = response.charset }, username, password, response.salt )
141:
142: if ( not(status) ) then return fail("Failed to authenticate") end
143: local results = {}
144:
145: for _, test in ipairs(tests) do
146: local queries = ( "string" == type(test.sql) ) and { test.sql } or test.sql
147: local rowstab = {}
%s: ERROR: Failed to execute SQL statement
Here is a relevant code snippet related to the "%s: ERROR: Failed to execute SQL statement" error message:
148:
149: for _, query in ipairs(queries) do
150: local row
151: status, row = mysql.sqlQuery( socket, query )
152: if ( not(status) ) then
153: table.insert( results, { ("%s: ERROR: Failed to execute SQL statement"):format(test.id) } )
154: else
155: table.insert(rowstab, row)
156: end
157: end
158:
Version
This page has been created based on Nmap version 7.92.
Go back to menu.
