Summary
Attempts to enumerate valid Oracle user names against unpatched Oracle 11g servers (this bug was fixed in Oracle's October 2009 Critical Patch Update).
SYNTAX:
userdb: The filename of an alternate username database.
passdb: The filename of an alternate password database.
tns.sid: specifies the Oracle instance to connect to
unpwdb.userlimit: The maximum number of usernames 'usernames' will return (default unlimited).
unpwdb.passlimit: The maximum number of passwords 'passwords' will return (default unlimited).
oracle-enum-users.sid: the instance against which to attempt user enumeration
unpwdb.timelimit: The maximum amount of time that any iterator will run before stopping. The value is in seconds by default and you can follow it with 'ms', 's', 'm', or 'h' for
milliseconds, seconds, minutes, or hours. For example, 'unpwdb.timelimit=30m' or 'unpwdb.timelimit=.5h' for 30 minutes. The default depends on the timing template level (see the module description). Use the value '0' to disable the time limit.