Nmap Scripting Engine – MySQL
Nmap Usage
Nmap needs the following information port number, script name, any script arguments (optional), and the IP of the target.
nmap -p <port> –script <script-same> –script-args <script arguemens> <target IP>
MySQL listing databases
nmap -p 3306 –script mysql-databases –script-args mysqluser=root 192.168.2.66
Using the mysql-databases script we can view the databases in MySQL. In this instance there was no password, however, to enter a password use the script-args “mysqlpass=<password>.”
MySQL empty password
nmap -p3306 –script mysql-empty-password,mysql-databases 192.168.2.66
In the previous example, we logged into MySQL using a blank password. Using the “mysql-empty-password” script along with the “mysql-databases” script we can detect any instances of MySQL that is running without a password and it will show the databases.
MySQL user listing
nmap -p3306 –script mysql-empty-password,mysql-users 192.168.2.66
Using the “mysql-users” script we can view any user accounts in MySQL.
MySQL variables
nmap -p3306 –script mysql-empty-password,mysql-variables 192.168.2.66
The “mysql-variables” script can reveal configurations of the MySQL installation.