wodat: Windows Oracle Database Attack Toolkit

Windows Oracle Database Attack Tool (wodat)

Simple port of the popular Oracle Database Attack Tool (ODAT) to C# .Net Framework.

  • Perform password-based attacks e.g. username as password, username list against given password, password list against given username, username:pass combolist.
  • Test if a credential/connection string is working against the target
  • Brute force attacks to discover valid SID/ServiceNames
  • Perform discovery of valid TNS listeners against provided target file or CIDR range
  • More to come, I hope!



The module performs wordlist SID guessing attack if not successful will ask for brute force attack.

wodat.exe BRUTESID -server:XXX.XXX.XXX.XXX -port:1521


The module performs a wordlist ServiceName guessing attack if not successful will ask for a brute force attack.

wodat.exe BRUTESRV -server:XXX.XXX.XXX.XXX -port:1521


The module performs wordlist password-based attack. The following options exist:

A – username:password combolist with no credentials given during arguments
B – username list with password given in arguments
C – password list with username given in arguments
D – username as password with username list provided

To perform a basic attack with a given file that has username:password combos.

wodat.exe BRUTECRED -server:XXX.XXX.XXX.XXX -port:1521 -sid:XE


Module tests if the given connection string can connect successfully.

wodat.exe TEST -server:XXX.XXX.XXX.XXX -port:1521 -sid:XE -user:peter -pass:pan


The module will perform discovery against provided CIDR range or file with instances. Note, that only instances with valid TNS listeners will be returned. Testing a network range will be much faster as it’s processed in parallel.

wodat.exe DISC

Instances to test must be formatted as per the below example targets.txt:,1521