sidBuster - Oracle sid brute forcer


sidBuster is designed to brute force Oracle sids when they can not be obtained via the tns listener, as is the case for Oracle 10 and when a tns password has been set. Without knowing the database sid, attempts to identify default accounts and weak password will fail, other tools such as oscanner will attempt to guess the sid, based on a list of known sids, but if that fails you are unable to proceed any further in the attempt to gain access to the database.

The program is based on the connection method from oscanner, and combined with the threading model and brute force algorithm from DirBuster. Connection attempts currently peaks at 120 attempts/second. This is result of either Oracle limiting the connections, or the java database api, I am currently investigating which is the case.

sirBuster takes advantage of java 1.5 therefore you will need java version 1.5 (or version 5 as it has now become) in order to run this program. This can be obtained from


+ Multi Threaded

+ Command line interface

+ Confirmed to work on Oracle 10 and Oracle express

+ In the end it will find the sid, it might just take some time!


sidBuster can be downloaded from here

Example usage

java -jar sidBuster-0.1.jar -h