Skip to content

gglessner/DB2client

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
jar
jar
 
 
.gitattributes
.gitattributes
 
 
DB2client.py
DB2client.py
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

DB2client

A comprehensive Python3 penetration testing utility for auditing IBM DB2 database security.

Author: Garland Glessner gglessner@gmail.com
License: GNU General Public License v3.0
Version: 1.0.0

Overview

DB2client is a professional penetration testing tool designed for authorized security assessments of IBM DB2 database systems. The tool uses JDBC drivers for database connectivity, making it easy to deploy without requiring system-level DB2 client installation.

The tool performs comprehensive security auditing including TLS configuration analysis, authentication testing, authorization verification, version detection, and CVE vulnerability checking.

Features

  • Easy Installation: No system-level DB2 client installation required
  • TLS Configuration Testing: Analyzes SSL/TLS protocols, cipher suites, and certificate information
  • Client Certificate Support: Mutual TLS authentication for DB2 z/OS environments
  • Custom Truststore Support: Use custom certificate validation with truststore files
  • Secure Password Handling: Secure prompting for keystore/truststore passwords
  • Large-Scale Authentication Testing: Load usernames and passwords from files
  • Interactive Database Shell: SQL command execution with DB> prompt for penetration testing
  • Server Metadata Analysis: Comprehensive database capabilities and configuration information
  • Authentication Security: Tests for weak credentials and authentication bypass vulnerabilities
  • Authorization Analysis: Examines privilege escalation opportunities and access controls
  • Version Detection: Fingerprints DB2 version and build information
  • CVE Vulnerability Checking: Built-in database of known DB2 CVEs with severity ratings
  • Production-Safe: Implements rate limiting and timeouts to prevent resource starvation
  • Comprehensive Reporting: Generates detailed security assessment reports

Installation

Prerequisites

  1. DB2 JDBC Driver (REQUIRED)

    IMPORTANT: This tool does NOT require system-level DB2 client installation. You only need the JDBC driver JAR file.

    Download DB2 JDBC Driver:

    • Download jcc-12.1.2.0.jar (or newer) from IBM's website
    • Place the JAR file in the jar/ directory of this project
    • The tool will automatically detect and use the driver

    Alternative Driver Locations:

    • The tool searches for drivers in: jar/, current directory, drivers/ subdirectory
    • Supported drivers: jcc-12.1.2.0.jar, db2jcc4.jar, db2jcc.jar

  2. Python Dependencies:

    pip install -r requirements.txt

Quick Install

git clone <repository-url>
cd DB2Client
pip install -r requirements.txt
# Place jcc-12.1.2.0.jar in the jar/ directory

NOTE: This tool is designed for easy installation. No system-level DB2 client installation required!

Usage

Basic Scan (Connectivity & Version Detection Only)

python DB2client.py <hostname>

Note: Basic scan only tests connectivity and version detection. Authentication testing requires explicit credentials.

Authentication Testing

Authentication testing is opt-in only and requires explicit credentials:

# Test with specific credentials
python DB2client.py <hostname> -u admin -P password

# Test with multiple credentials
python DB2client.py <hostname> -u admin dbadmin -P password admin123

# Test with credential files
python DB2client.py <hostname> --user-list users.txt --pass-list passwords.txt

Important: The tool will NOT test default/weak credentials unless you explicitly provide them.

Client Certificate Formats

The tool supports two certificate formats for mutual TLS authentication:

JKS/PKCS12 Keystore (Recommended for DB2):

  • Binary format containing certificate and private key
  • Password required for security
  • Directly supported by DB2 JDBC driver
  • Example: --client-keystore /path/to/keystore.jks --client-keystore-password secret

PEM Format (Text-based):

  • Text files containing certificate and private key separately
  • No password required (files are not encrypted)
  • Requires conversion to keystore format for DB2 JDBC
  • Example: --client-cert /path/to/cert.pem --client-key /path/to/key.pem

Note: While PEM files don't require passwords, DB2 JDBC driver works best with JKS/PKCS12 keystores.

Advanced Options

python DB2client.py <hostname> -p 50000 -d SAMPLE -v -o report.txt

TLS and Client Certificate Options

# Enable TLS encryption for DB2 connection
python DB2client.py <hostname> --enable-tls

# Perform TLS configuration analysis
python DB2client.py <hostname> --tls-check

# Use JKS keystore for mutual TLS authentication (DB2 z/OS) - password required
python DB2client.py <hostname> --enable-tls --client-keystore /path/to/keystore.jks --client-keystore-password secret

# Use PEM certificate files (no password required, but requires conversion to keystore for DB2)
python DB2client.py <hostname> --enable-tls --client-cert /path/to/cert.pem --client-key /path/to/key.pem

Command Line Arguments

positional arguments:
  host                  DB2 server hostname or IP address

optional arguments:
  -h, --help           show this help message and exit
  -p PORT, --port PORT DB2 port (default: 50000)
  -d DATABASE, --database DATABASE
                       Database name to test
  -u USERNAMES [USERNAMES ...], --usernames USERNAMES [USERNAMES ...]
                       Custom usernames to test (enables authentication testing)
  -P PASSWORDS [PASSWORDS ...], --passwords PASSWORDS [PASSWORDS ...]
                       Custom passwords to test (enables authentication testing)
  --user-list USER_LIST
                       File containing usernames to test (one per line) - enables authentication testing
  --pass-list PASS_LIST
                       File containing passwords to test (one per line) - enables authentication testing
  -o OUTPUT, --output OUTPUT
                       Output file for report
  -v, --verbose        Verbose output
  --timeout TIMEOUT    Connection timeout (default: 30)
  --jdbc-driver PATH   Path to DB2 JDBC driver (jcc-12.1.2.0.jar)
  --enable-tls         Enable TLS encryption for DB2 database connection
  --client-cert PATH   Path to client certificate file (PEM format) for mutual TLS authentication
  --client-key PATH    Path to client private key file (PEM format) for mutual TLS authentication
  --client-keystore PATH
                       Path to client keystore file (JKS/PKCS12 format) for mutual TLS authentication
  --client-keystore-password PASSWORD
                       Password for client keystore
  --client-truststore PATH
                       Path to client truststore file (JKS/PKCS12 format) for TLS certificate validation
  --client-truststore-password PASSWORD
                       Password for client truststore
  --tls-check          Perform TLS configuration analysis and certificate checking (requires cryptography library)
  --cve-check          Perform CVE vulnerability checking
  --db-shell           Launch interactive database shell after successful authentication
  --server-info        Display comprehensive server metadata and capabilities
  --version            show program version number and exit

Examples

Standard Security Audit

python DB2client.py 192.168.1.100 -d PROD_DB -v

Custom Credential Testing

python DB2client.py db2server.company.com \
    -u admin dbadmin sa \
    -P password admin123 db2pass \
    -o security_report.txt

Large-Scale Credential Testing with Files

# Create username and password files
echo -e "admin\ndbadmin\nsa\ntest\nguest" > usernames.txt
echo -e "password\nadmin\n123456\npassword123\ndb2" > passwords.txt

# Run comprehensive authentication testing
python DB2client.py db2server.company.com \
    --user-list usernames.txt \
    --pass-list passwords.txt \
    -o comprehensive_auth_report.txt

Combined Credential Sources

You can combine command-line credentials with file-based credentials:

python DB2client.py db2server.company.com \
    -u admin dbadmin \
    --user-list additional_users.txt \
    -P password admin123 \
    --pass-list common_passwords.txt \
    -o combined_auth_report.txt

File Format for User/Password Lists

User and password list files should contain one entry per line:

# usernames.txt
admin
dbadmin
sa
test
guest

# passwords.txt
password
admin
123456
password123
db2

File Requirements:

  • UTF-8 encoding
  • One username/password per line
  • Empty lines are ignored
  • Whitespace is automatically stripped

TLS-Encrypted Connection

python DB2client.py 10.0.0.50 --enable-tls -v

TLS Configuration Analysis

python DB2client.py 10.0.0.50 --tls-check

CVE Vulnerability Checking

python DB2client.py 10.0.0.50 --cve-check

Client Certificate Authentication (DB2 z/OS)

python DB2client.py db2zos.company.com \
    --enable-tls \
    --client-keystore /path/to/client.jks \
    --client-keystore-password mypassword \
    -d PROD_DB

Custom Truststore for Certificate Validation

python DB2client.py db2server.company.com \
    --enable-tls \
    --client-truststore /path/to/truststore.jks \
    --client-truststore-password trustpass \
    -d PROD_DB

Secure Password Prompting

If you don't provide keystore or truststore passwords on the command line, the tool will securely prompt you for them without echoing to the screen:

python DB2client.py db2server.company.com \
    --enable-tls \
    --client-keystore /path/to/client.jks \
    --client-truststore /path/to/truststore.jks \
    -d PROD_DB
# Tool will prompt: "Enter password for keystore '/path/to/client.jks': "
# Tool will prompt: "Enter password for truststore '/path/to/truststore.jks': "

Comprehensive Security Assessment

python DB2client.py 192.168.1.100 \
    --enable-tls \
    --tls-check \
    -d PROD_DB \
    -u admin dbadmin sa \
    -P password admin123 db2pass \
    -v \
    -o comprehensive_report.txt

Interactive Database Shell

Launch an interactive SQL shell for penetration testing:

# Launch shell after authentication testing
python DB2client.py db2server.company.com \
    -u admin dbadmin \
    -P password admin123 \
    --db-shell

# Launch shell with specific credentials
python DB2client.py db2server.company.com \
    -u admin \
    -P password \
    --db-shell

Database Shell Features:

  • Interactive DB> prompt for SQL commands
  • Built-in help system with DB2-specific commands
  • Automatic credential reuse from authentication testing
  • Formatted result display for SELECT statements
  • Support for all SQL commands (SELECT, INSERT, UPDATE, DELETE, etc.)
  • Built-in shell commands (help, clear, exit, quit)

Server Metadata Analysis

Display comprehensive database server information and capabilities:

# Get server metadata with authentication testing
python DB2client.py db2server.company.com \
    -u admin dbadmin \
    -P password admin123 \
    --server-info

# Get server metadata only (skip other tests)
python DB2client.py db2server.company.com \
    -u admin \
    -P password \
    --server-info

Server Metadata Information:

  • Database product name and version details
  • JDBC driver information and capabilities
  • SQL feature support (stored procedures, outer joins, subqueries, etc.)
  • Transaction support and batch operations
  • Database limits (max connections, table sizes, etc.)
  • Available schemas and table types
  • Security and identifier handling preferences

Security Tests

1. Connectivity Testing

  • Network reachability verification
  • Port availability checking
  • Basic service detection

2. TLS Configuration Analysis (--tls-check)

  • SSL/TLS protocol support (TLS 1.2, 1.3 - deprecated protocols skipped)
  • Cipher suite enumeration
  • Certificate validation and information extraction
  • Weak protocol detection
  • X.509 certificate analysis using cryptography library

3. Authentication Security

The tool performs comprehensive authentication testing to identify security vulnerabilities:

Authentication Bypass Testing

  • Empty Authentication: Tests connections with empty/null usernames and passwords
  • Anonymous Access: Attempts to connect without providing credentials
  • Default Credentials: Tests common default usernames and passwords
  • Weak Credentials: Identifies easily guessable passwords

Authentication Method Analysis

  • Default Credential Testing: Tests common DB2 default accounts (db2inst1, db2admin, admin, sa, test, guest)
  • Weak Password Identification: Tests common weak passwords (password, admin, 123456, db2, etc.)
  • Account Lockout Policy Verification: Monitors for account lockout responses
  • Authentication Method Enumeration: Identifies supported authentication mechanisms

Advanced Authentication Features

  • TLS-Encrypted Authentication: Secure credential transmission with --enable-tls
  • Client Certificate Authentication: Mutual TLS for DB2 z/OS environments
  • Large-Scale Testing: File-based credential testing with --user-list and --pass-list

Authentication Bypass Detection

The tool specifically tests for authentication bypass scenarios:

# Test for authentication bypass (empty credentials)
python DB2client.py db2server.company.com -u "" -P ""

# Test with null/empty username
python DB2client.py db2server.company.com -u "" -P password

# Test with null/empty password  
python DB2client.py db2server.company.com -u admin -P ""

What the tool checks for:

  • Connections that succeed with empty credentials
  • Anonymous access without authentication
  • Misconfigured authentication settings
  • Default accounts with no passwords
  • Authentication mechanism failures

Technical Implementation

The tool automatically includes authentication bypass testing in its default credential set:

  • Empty Password Testing: The default password list includes "" (empty string)
  • Default Username Testing: Tests common DB2 default usernames
  • Comprehensive Coverage: Tests all combinations of usernames and passwords
  • Rate Limiting: Implements delays to prevent account lockouts and DoS

Default Test Credentials:

Usernames: db2inst1, db2admin, admin, test, guest, sa
Passwords: "", password, admin, db2, test, 123456, password123

This means the tool will automatically test for authentication bypass by attempting connections with empty passwords for each username, which is the most common way to detect misconfigured authentication.

Interpreting Results

When authentication bypass is detected, the tool will report it in the security assessment:

In the Report:

AUTHENTICATION ANALYSIS
CRITICAL: Weak credentials found!
  - admin/ (empty password)
  - db2inst1/ (empty password)

What This Means:

  • CRITICAL Vulnerability: The database allows connections with empty passwords
  • Immediate Action Required: Change these account passwords immediately
  • Security Risk: Unauthorized access to the database is possible
  • Compliance Issue: Most security standards prohibit empty passwords

4. Authorization Assessment

  • Current user privilege enumeration
  • System privilege escalation testing
  • Schema and table access verification
  • Administrative function access testing

5. Interactive Database Shell (--db-shell)

  • SQL Command Execution: Direct SQL command execution with formatted results
  • Database Exploration: Browse tables, schemas, and system catalogs
  • Privilege Analysis: Query system tables to understand user permissions
  • Data Extraction: Extract sensitive data for security assessment
  • System Information Gathering: Query DB2 system tables for configuration details

Useful DB2 System Tables for Penetration Testing:

  • syscat.tables - All tables in the database
  • syscat.schemata - All schemas and their owners
  • syscat.dbauth - Database-level authorities
  • syscat.tabauth - Table-level authorities
  • syscat.colauth - Column-level authorities
  • syscat.routineauth - Stored procedure/function authorities
  • syscat.indexes - All indexes and their definitions
  • syscat.views - All views and their definitions

6. Server Metadata Analysis (--server-info)

  • Database Product Information: Product name, version, and build details
  • JDBC Driver Capabilities: Driver version and supported features
  • SQL Feature Support: Comprehensive analysis of supported SQL features
  • Transaction Support: Transaction isolation levels and batch operations
  • Database Limits: Maximum connections, table sizes, and identifier lengths
  • Schema Discovery: Available schemas and their organization
  • Table Type Support: Supported table types (TABLE, VIEW, SYSTEM TABLE, etc.)
  • Security Configuration: Identifier case sensitivity and storage preferences

Key Metadata Categories:

  • Database Information: Product name, version, driver details, connection URL
  • SQL Support: Stored procedures, outer joins, subqueries, ANSI92 compliance
  • Transaction Support: Transactions, batch updates, savepoints, named parameters
  • Result Set Support: Cursor types, concurrency levels, holdability options
  • Database Limits: Connection limits, column limits, identifier lengths
  • Security Features: Case sensitivity, identifier storage, null handling

7. Version Detection

  • DB2 version and build identification
  • Service level and fixpack detection
  • Platform and edition determination
  • Network-based fingerprinting

8. CVE Vulnerability Analysis

  • Built-in CVE database with severity ratings
  • Version-specific vulnerability identification
  • CVSS score reporting
  • Patch recommendation generation

Built-in CVE Database

The tool includes a comprehensive database of known DB2 vulnerabilities:

  • Critical Vulnerabilities: Remote code execution, privilege escalation
  • High Severity: Unauthorized access, information disclosure
  • Medium Severity: Denial of service, local privilege escalation

Included CVE Examples:

  • CVE-2020-4363 (Critical, CVSS 9.8): Remote code execution
  • CVE-2019-4612 (High, CVSS 8.8): Unauthorized access to sensitive information
  • CVE-2020-4414 (High, CVSS 7.8): Local information disclosure
  • CVE-2021-20439 (Medium, CVSS 6.5): Denial of service

Production Considerations

Safety Features

  • Rate Limiting: Delays between authentication attempts to prevent account lockouts
  • Connection Limits: Restricts concurrent connections to prevent resource exhaustion
  • Timeout Controls: Configurable timeouts to prevent hanging connections
  • Credential Limiting: Limits tested usernames/passwords to prevent DoS

Best Practices

  • Always obtain written authorization before testing
  • Test during maintenance windows when possible
  • Monitor system resources during testing
  • Use read-only accounts when available
  • Document all testing activities

Report Output

The tool generates comprehensive security reports including:

  • Executive summary with risk ratings
  • Detailed technical findings
  • CVE vulnerability listings with CVSS scores
  • Security recommendations and remediation steps
  • Compliance gap analysis

Sample Report Structure

==================================================
DB2 SECURITY AUDIT REPORT
==================================================
Target: 192.168.1.100:50000
Database: SAMPLE
Scan Date: 2024-01-15 14:30:22

CONNECTIVITY TEST
Status: PASS

TLS CONFIGURATION
TLS Enabled: YES
Supported Protocols:
  - TLSv1.2 (TLSv1.2)
  - TLSv1.3 (TLSv1.3)

AUTHENTICATION ANALYSIS
No weak credentials detected in limited test

CVE VULNERABILITIES
Total CVEs: 4
Critical: 1
High: 2
Medium: 1

SECURITY RECOMMENDATIONS
1. URGENT: Apply patches for critical CVEs
2. Implement strong password policies
3. Enable database encryption
...

Troubleshooting

Common Installation Issues

Problem: Getting "JDBC driver not found" error

Solution:

  1. Download jcc-12.1.2.0.jar from IBM's website
  2. Place the JAR file in the jar/ directory of this project
  3. Verify the file is named correctly and in the right location

Problem: Client certificate authentication not working

Solution:

  • DB2 z/OS: Client certificates are supported
  • DB2 LUW: Client certificates are NOT supported
  • Use keystore format (JKS/PKCS12) instead of PEM files for better compatibility
  • Ensure the certificate is signed by a CA trusted by the DB2 server

Problem: TLS analysis not working (--tls-check)

Solution:

  • Install the cryptography library: pip install cryptography
  • Ensure the target server supports TLS on the specified port
  • Check that the server is not blocking TLS connection attempts

Problem: Connection timeouts or network errors

Solution:

  • Verify DB2 server is accessible on the specified port
  • Check firewall settings
  • Ensure DB2 instance is running and accepting connections
  • Try with --enable-tls if the server requires encrypted connections

Problem: User/password list files not loading correctly

Solution:

  • Ensure files are in UTF-8 encoding
  • Check that each username/password is on a separate line
  • Verify file paths are correct (use absolute paths if needed)
  • Remove any empty lines or special characters from the files
  • Test with small files first to verify format

Problem: Secure password prompting not working

Solution:

  • Ensure you're running in a terminal that supports hidden input
  • On Windows, use Command Prompt or PowerShell (not some IDEs)
  • If prompted for passwords, type them without echoing (this is normal)
  • Use Ctrl+C to cancel if you need to abort password entry

Legal Notice

IMPORTANT: This tool is designed for authorized security testing only. Users must:

  • Obtain explicit written permission before testing any system
  • Comply with all applicable laws and regulations
  • Use the tool responsibly and ethically
  • Not use the tool for malicious purposes

The author disclaims all liability for misuse of this tool.

License

GNU General Public License v3.0

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

Contributing

Contributions are welcome! Please:

  1. Fork the repository
  2. Create a feature branch
  3. Make your changes
  4. Add tests if applicable
  5. Submit a pull request

Support

For questions, bug reports, or feature requests:

Changelog

v1.0.0 (2024-09-09)

  • Initial Release: Complete DB2 security auditing tool using JDBC drivers
  • Easy Installation: No system-level DB2 client installation required
  • Enhanced TLS Support:
    • --enable-tls for DB2 connection encryption
    • --tls-check for TLS configuration analysis
    • Client certificate support for DB2 z/OS mutual TLS authentication
    • Custom truststore support for certificate validation
  • Modern SSL Implementation: Uses modern SSL context creation (no deprecation warnings)
  • Client Certificate Authentication: Support for keystore and PEM certificate formats
  • Secure Password Handling: Secure prompting for keystore/truststore passwords
  • Large-Scale Authentication Testing:
    • --user-list and --pass-list options for file-based credential testing
    • Support for combining command-line and file-based credentials
  • Interactive Database Shell:
    • --db-shell option for interactive SQL command execution
    • DB> prompt with built-in help and DB2-specific commands
    • Automatic credential reuse from authentication testing
  • Server Metadata Analysis:
    • --server-info option for comprehensive database capabilities analysis
    • Database product information, SQL feature support, and transaction capabilities
    • Schema discovery, table types, and database limits
  • Comprehensive Security Testing: Authentication, authorization, version detection, and CVE analysis
  • Production-Safe: Rate limiting and timeouts to prevent resource starvation
  • Professional Reporting: Detailed security assessment reports with recommendations

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages