Microsoft SQL Server Audit tool

Use the Tools } Microsoft SQL Server Audit tool to perform a security audit on a particular Microsoft SQL server installation. This tool allows you to test the password vulnerability of the ``sa" account (i.e. root administrator), and any other SQL user accounts configured on the SQL Server. During the audit process, this tool will perform dictionary attacks on the SQL server accounts using the credentials specified in the `passwords.txt' dictionary file. However, you can also direct the `SQL Server Audit' tool to use other dictionary files. You can also customize your dictionary file by adding new passwords to the default list.

To perform an SQL Server Audit:

1. Click on the Tools } SQL Server Audit node.

2. Specify the IP address of the SQL server that you wish to audit.

NOTE: By default, this tool will check the vulnerability of the administrator/sa account. If you want to perform dictionary attacks on all the other SQL user accounts, select the `Audit all SQL user accounts' option and specify the SQL Server logon credentials. These credentials are required to authenticate to the SQL server when retrieving the respective list of user accounts.

3. Click on the Retrieve button to start the process.