SQL Scripts


This is a simple scanner script to look for certain security issues within an Oracle database. This scanner accompanies a white paper published on security focus at http://www.securityfocus.com/infocus/1522.


This script allows the user to change users in an Oracle database without knowing the password of the user they wish to log in as. To use this script you need to be logged in as a dba.


This script retrieves the SQL from the Oracle SGA for a particular user and session ID. This allows you to see the statements being executed by any user.


This script can be used to see which Oracle events are set for the current Oracle session.


This script displays details of the logical structures in an Oracle database and the main datafiles used by an Oracle database.


Shows who is logged onto an Oracle database and gives the database serial number and PID as well as the O/S PID.


Can be used to check for default users installed in the database where the password is still set to the default.


Can be used to check for default roles installed in the database where the password is still set to the default.


Script to show the database link details including any stored passwords.


Display details of each data file used in the database and show reads, writes and totals.


Checks all objects in the database for validity and displays the objects that are invalid by owner and type.


Displays the user_dump_dest (trace directory) from the fixed tables.


Displays the user_file_dir (directory utl_file writes to) from the fixed tables.


This script finds any indexes that are invalid and displays their details.


This script displays the "enqueue" statistics.


Show the resource limits, the current values and the max values.


Show all of the system statistics.


Show all of the system event statistics.


Show all of the redo latch statistics.


Display all of the event names and parameters.


Display the latch misses and immediate misses.


Display the latch statistics wholesale.


Script to show details of database links from dba_db_links.


Script to show the hit ratio of the dictionary cache.


Script to show the hit ratio of the buffer cache.


Script to show the break down of the SGA in terms of type, status and size.


Script to show the sizing of the SGA and the current use.


Script to show free space for each tablespace in the database.


Shows the size of the SQL, the free memory and the percentage free memory in the SGA. Also shows the three key hit ratio's i.e. the buffer cache, the dictionary cache and the library cache. Finally the numbers of memory and disk sorts are shown with the percentage sorts done in memory.


This script shows the three SGA hit ratio's with slightly different detail to the report above.


Dates of the oldest and newest analyze done on the table.


This 'C' program can be used to lock the shared memory segments allocated to Oracle in core. This can be used as a workaround for the init.ora parameter LOCK_SGA that will not work on Solaris due to only root being allowed to lock memory in core. This 'C' program can be SUID root or be run as root. Ideally it would be run in a shell script right after the database has been started. This will help prevent the SGA from being paged out.


This script will display all of the initialisation parameters including the hidden ones.


This script will display all of the undocumented hidden initialisation parameters.


Checks the number of wait stats on the class "free list".


Displays the free memory in the SGA.

Archivearrow more

Security Services

Pentest offers a thorough, yet adaptive range of security services to help customers address vulnerabilities in their network or applications. Services include: Secure Coding Workshops, SAST tools, Manual Penetration Testing and Security Audits.

read more arrow more

Database Services

Pentest offers a complete Database Security Assessment Service (DSAS) to businesses that rely on the security of the information held within their databases or have concerns relating to the security compliance of these systems.

read more arrow more

© Copyright Pentest Limited 2001 - 2017 All Rights Reserved. Privacy statement