Oracle Database Security Assesment Tool DBSAT

Oracle Database Security Assessment Tool ( DBSAT) is a new security assessment product for Oracle databases. I heard it from Pedro Lopes ( (EMEA Field Product Manager at Oracle). He told to me give a try for this new product. Firsts,  I was reluctant about the subject . But after I tried it; I saw that it is very practical tool to see your potential vulnerabilities  at Oracle databases. It is very easy to install and you will get your report directly in a second.And It gives you time to think about your security bugs, you do not need to think about how you can install and start the product.

Overview of the Product

DBSAT runs on a Oracle database server to analyze database security. It is a command line program.It runs queries to collect information about the Oracle database and database server  For each database you have install and run it.

It has two parts;

DBSAT collector; runs queries to collect data

DBSAT reporter: Produces report from collected data and gives recommendation on different formats.


I made my installation on a Oracle Vm machine Linux 7 and I used Oracle 12c database.

Create a directory to work on DBSAT files

[oracle@ol7 ~]$ mkdir /home/oracle/dbsat

[oracle@ol7 ~]$ cd  /home/oracle/dbsat

Download file from Oracle Metalink and put this file to the dbsat directory.

Oracle Database Security Assessment Tool (DBSAT) (Doc ID 2138254.1)

And Install the

[oracle@ol7 dbsat]$ unzip -d /home/oracle/dbsat

Directory Listing should be like that;

[oracle@ol7 dbsat]$ ls -lrt
total 520
-r-xr-xr-x. 1 oracle oinstall 24757 Sep 27 20:55
-r-xr-xr-x. 1 oracle oinstall 9198 Oct 7 19:09 dbsat.bat
-r-xr-xr-x. 1 oracle oinstall 229245 Oct 21 19:09
-r-xr-xr-x. 1 oracle oinstall 9039 Oct 21 19:09 dbsat
-r-xr-xr-x. 1 oracle oinstall 42135 Oct 27 21:11 sat_collector.sql
-rwxr-x—. 1 oracle dba 198362 Mar 5 10:09
drwxr-xr-x. 2 oracle oinstall 4096 Mar 5 10:12 xlsxwriter

Running DBSAT Collector

you can run DBSAT collector with a user which needs below privileges.

Role DV_SECANALYST (if Database Vault is enabled)
Role AUDIT_VIEWER (12c only)
Role CAPTURE_ADMIN (12c only)

You can create a special user with these privileges or you can use a highly privileged user like I use .

First set the Oracle environments

Run the DBSAT collector with sys user like below; Note my DB name is DB3

At the end of the data collection; you need to enter a password to protect the collected data. Do not forget this password you will enter the same password to produce report.
[oracle@ol7 ~]$ cd /home/oracle/dbsat
[oracle@ol7 dbsat]$ ./dbsat collect “sys/manager as sysdba” DB3

DBSAT Collector completed successfully.

Calling /u01/app/oracle/product/ to encrypt DB3.json…

Enter password:
Verify password:
adding: DB3.json (deflated 86%)
zip completed successfully.

Running DBSAT Reporter

DBSAT reportor onyl needs Python 2.6 or later to run.

at the end of the report , the reporter will zip the files with a password

[oracle@ol7 ~]$ cd /home/oracle/dbsat

[oracle@ol7 ~]$  ./dbsat report DB3

Calling /usr/bin/zip to encrypt the generated reports…

Enter password:
Verify password:
adding: DB3.txt (deflated 79%)
adding: DB3.html (deflated 84%)
adding: DB3.xlsx (deflated 3%)
zip completed successfully.

At the end of the process you will get two files like below. consists of collected data and contains reports.

[oracle@ol7 dbsat]$ ls -lrt  DB3*
-rw——-. 1 oracle oinstall 34030 Mar 5 16:12
-rw——-. 1 oracle oinstall 61746 Mar 5 16:17

Report Sample

Now copy the report file to your PC and open it


The report contains below parts


You can go to any parts from the summary part.

I added my report as an Excel file and pdf file




Some Documents about the DBSAT.

Oracle Database Security Assessment Tool (DBSAT) (Doc ID 2138254.1)

Database Security Assessment Tool User Guide



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s