MSSQL Enumeration/Audit

[0xTen]

Would be awesome if there was a feature similar to metasploit's mssql_enum module, that allows to, for example, check if xp_cmdshell is enabled, easily list linked servers, check permission's in each of those linked servers, etc. Sqlmap already covers some of those, but specially the ones related to linked servers would be very helpful.

msf auxiliary(admin/mssql/mssql_enum) > run

[*] 10.13.38.11:1433 - Running MS SQL Server Enumeration...
[*] 10.13.38.11:1433 - Version:
[*]	Microsoft SQL Server 2017 (RTM) - 14.0.1000.169 (X64) 
[*]		Aug 22 2017 17:04:49 
[*]		Copyright (C) 2017 Microsoft Corporation
[*]		Standard Edition (64-bit) on Windows Server 2016 Standard 10.0 <X64> (Build 14393: ) (Hypervisor)
[*] 10.13.38.11:1433 - Configuration Parameters:
[*] 10.13.38.11:1433 - 	C2 Audit Mode is Not Enabled
[*] 10.13.38.11:1433 - 	xp_cmdshell is Enabled
[*] 10.13.38.11:1433 - 	remote access is Enabled
[*] 10.13.38.11:1433 - 	allow updates is Not Enabled
[*] 10.13.38.11:1433 - 	Database Mail XPs is Not Enabled
[*] 10.13.38.11:1433 - 	Ole Automation Procedures are Enabled
[*] 10.13.38.11:1433 - Databases on the server:
[*] 10.13.38.11:1433 - 	Database name:master
[*] 10.13.38.11:1433 - 	Database Files for master:
[*] 10.13.38.11:1433 - 		C:\Program Files\Microsoft SQL Server\MSSQL14.POO_PUBLIC\MSSQL\DATA\master.mdf
[*] 10.13.38.11:1433 - 		C:\Program Files\Microsoft SQL Server\MSSQL14.POO_PUBLIC\MSSQL\DATA\mastlog.ldf
[*] 10.13.38.11:1433 - 	Database name:tempdb
[*] 10.13.38.11:1433 - 	Database Files for tempdb:
[*] 10.13.38.11:1433 - 		C:\Program Files\Microsoft SQL Server\MSSQL14.POO_PUBLIC\MSSQL\DATA\tempdb.mdf
[*] 10.13.38.11:1433 - 		C:\Program Files\Microsoft SQL Server\MSSQL14.POO_PUBLIC\MSSQL\DATA\templog.ldf
[*] 10.13.38.11:1433 - 		C:\Program Files\Microsoft SQL Server\MSSQL14.POO_PUBLIC\MSSQL\DATA\tempdb_mssql_2.ndf
[*] 10.13.38.11:1433 - 		C:\Program Files\Microsoft SQL Server\MSSQL14.POO_PUBLIC\MSSQL\DATA\tempdb_mssql_3.ndf
[*] 10.13.38.11:1433 - 		C:\Program Files\Microsoft SQL Server\MSSQL14.POO_PUBLIC\MSSQL\DATA\tempdb_mssql_4.ndf
[*] 10.13.38.11:1433 - 	Database name:POO_PUBLIC
[*] 10.13.38.11:1433 - 	Database Files for POO_PUBLIC:
[*] 10.13.38.11:1433 - 		C:\Program Files\Microsoft SQL Server\MSSQL14.POO_PUBLIC\MSSQL\DATA\poo_public_dat.mdf
[*] 10.13.38.11:1433 - 		C:\Program Files\Microsoft SQL Server\MSSQL14.POO_PUBLIC\MSSQL\DATA\poo_public_log.ldf
[*] 10.13.38.11:1433 - System Logins on this Server:
[*] 10.13.38.11:1433 - 	sa
[*] 10.13.38.11:1433 - 	external_user
[*] 10.13.38.11:1433 - Disabled Accounts:
[*] 10.13.38.11:1433 - 	No Disabled Logins Found
[*] 10.13.38.11:1433 - No Accounts Policy is set for:
[*] 10.13.38.11:1433 - 	All System Accounts have the Windows Account Policy Applied to them.
[*] 10.13.38.11:1433 - Password Expiration is not checked for:
[*] 10.13.38.11:1433 - 	sa
[*] 10.13.38.11:1433 - 	external_user
[*] 10.13.38.11:1433 - System Admin Logins on this Server:
[*] 10.13.38.11:1433 - 	sa
[*] 10.13.38.11:1433 - Windows Logins on this Server:
[*] 10.13.38.11:1433 - 	No Windows logins found!
[*] 10.13.38.11:1433 - Windows Groups that can logins on this Server:
[*] 10.13.38.11:1433 - 	No Windows Groups where found with permission to login to system.
[*] 10.13.38.11:1433 - Accounts with Username and Password being the same:
[*] 10.13.38.11:1433 - 	No Account with its password being the same as its username was found.
[*] 10.13.38.11:1433 - Accounts with empty password:
[*] 10.13.38.11:1433 - 	No Accounts with empty passwords where found.
[*] 10.13.38.11:1433 - Stored Procedures with Public Execute Permission found:
[*] 10.13.38.11:1433 - 	sp_replsetsyncstatus
[*] 10.13.38.11:1433 - 	sp_replcounters
[*] 10.13.38.11:1433 - 	sp_replsendtoqueue
[*] 10.13.38.11:1433 - 	sp_resyncexecutesql
[*] 10.13.38.11:1433 - 	sp_prepexecrpc
[*] 10.13.38.11:1433 - 	sp_repltrans
[*] 10.13.38.11:1433 - 	sp_xml_preparedocument
[*] 10.13.38.11:1433 - 	xp_qv
[*] 10.13.38.11:1433 - 	xp_getnetname
[*] 10.13.38.11:1433 - 	sp_releaseschemalock
[*] 10.13.38.11:1433 - 	sp_refreshview
[*] 10.13.38.11:1433 - 	sp_replcmds
[*] 10.13.38.11:1433 - 	sp_unprepare
[*] 10.13.38.11:1433 - 	sp_resyncprepare
[*] 10.13.38.11:1433 - 	sp_createorphan
[*] 10.13.38.11:1433 - 	xp_dirtree
[*] 10.13.38.11:1433 - 	sp_replwritetovarbin
[*] 10.13.38.11:1433 - 	sp_replsetoriginator
[*] 10.13.38.11:1433 - 	sp_xml_removedocument
[*] 10.13.38.11:1433 - 	sp_repldone
[*] 10.13.38.11:1433 - 	sp_reset_connection
[*] 10.13.38.11:1433 - 	xp_fileexist
[*] 10.13.38.11:1433 - 	xp_fixeddrives
[*] 10.13.38.11:1433 - 	sp_getschemalock
[*] 10.13.38.11:1433 - 	sp_prepexec
[*] 10.13.38.11:1433 - 	xp_revokelogin
[*] 10.13.38.11:1433 - 	sp_execute_external_script
[*] 10.13.38.11:1433 - 	sp_resyncuniquetable
[*] 10.13.38.11:1433 - 	sp_replflush
[*] 10.13.38.11:1433 - 	sp_resyncexecute
[*] 10.13.38.11:1433 - 	xp_grantlogin
[*] 10.13.38.11:1433 - 	sp_droporphans
[*] 10.13.38.11:1433 - 	xp_regread
[*] 10.13.38.11:1433 - 	sp_getbindtoken
[*] 10.13.38.11:1433 - 	sp_replincrementlsn
[*] 10.13.38.11:1433 - Instances found on this server:
[*] 10.13.38.11:1433 - Default Server Instance SQL Server Service is running under the privilege of:
[*] 10.13.38.11:1433 - 	xp_regread might be disabled in this system
[*] Auxiliary module execution completed