Updated Brute Force Search Tool
Name:
USP_SQLBruteForce
Compatibility:
Works with SQL Server 2012 and newer versions. This will not work in SQL Server 2008 because it makes use of concat, iif, and throw. These could be updated to use standard string concatenation, case statements, and raiseerror instead to make it work on older versions of SQL Server, however I will not be providing that here.
Description:
Searches a database for a value in any or all tables, supports number, date, and text searches along with fuzzy searches like begins with, ends with, contains, and now includes pattern matching
Returns:
Table of matches found in database with sql to pull up the data and a count of how many times it was found in a specific table and column
Notes:
I had previously published another version of this SP and decided it was time to update it a bit. First I added in pattern matching for text searches as I have found it is fairly useful if your wanting to for example find every column in the db that contains dates in text or phone numbers in text. This makes use of patindex for this so it will allow for anything patindex allows for. I added in the ability to get printed messages to the screen as its finding results. This allows you to see the results as they are found and can be very helpful if your searches are taking 20 minutes to complete to get a start on some of the results as its still processing. Errors are now by default suppressed but can also be turned on to see any columns that errored in the search including the details of the error. The next big improvement was adding in the ability to only search specific tables, or skip specific tables. So now this supports including or excluding tables from the search. Really handy if you only want to search a few tables, or if you want to skip the tables with a lot of binary data in them. It will not allow for both at the same time however as that would be rather silly to include tables in one list then exclude them in the next. Added tons of comments into the script to allow for users to easily see whats going on in it and modify to their liking.
Why is this useful?
I spend most of my time working on transforming unknown data into our client CRM databases and over the years I have found that a brute force script can help figure out the data structure of the source database. There are many times where I only get an example value to match on and verify I got the data transformed correctly. This script allows me to take a random value and find it in the source database, then once found I can work on the transforms over to my system. It also helps locate lookup tables, find every reference to some random id im looking at, and get an overall idea how data is structured. For me I tend to use this almost daily for what I do and is why I decided to share it a few years ago.
Usage:
The following examples are also included in the script as well
--STRING SEARCHES------------------------------------------------
--exact match
--returns all table columns where there is an exact match of the search value
EXEC USP_SQLBruteForce
@SearchValue = 'test',
@SearchType = 'text';
--contains
--returns all table columns where the search value is contained in the data
EXEC USP_SQLBruteForce
@SearchValue = 'test',
@SearchType = 'text',
@IsFuzzy = 1,
@FuzzyType = 'contains';
--begins with
--returns all table columns where the data begins with the search value
EXEC USP_SQLBruteForce
@SearchValue = 'test',
@SearchType = 'text',
@IsFuzzy = 1,
@FuzzyType = 'begins';
--ends with
--returns all table columns where the data ends with the search value
EXEC USP_SQLBruteForce
@SearchValue = 'test',
@SearchType = 'text',
@IsFuzzy = 1,
@FuzzyType = 'ends';
--pattern
--returns all table columns where the pattern supplied had matches in data
EXEC USP_SQLBruteForce
@SearchValue = '[0-9][0-9][0-9][-][0-9][0-9][0-9][0-9]',
@SearchType = 'text',
@IsFuzzy = 1,
@FuzzyType = 'advanced';
--DATE SEARCH----------------------------------------------------
--returns all table columns where the date was found
EXEC USP_SQLBruteForce
@SearchValue = '01-01-1980',
@SearchType = 'date';
--NUMBER SEARCH--------------------------------------------------
--returns all table columns where the number was found
EXEC USP_SQLBruteForce
@SearchValue = '1234567890',
@SearchType = 'number';
--ADVANCED USAGE
--exact match of text in included tables only
EXEC USP_SQLBruteForce
@SearchValue = 'test',
@SearchType = 'text',
@IncludeTables = 1,
@IncludeTableList = 'table1,table2,table3';
--exact match of text excluding some tables from search
EXEC USP_SQLBruteForce
@SearchValue = 'test',
@SearchType = 'text',
@ExcludeTables = 1,
@ExcludeTableList = 'table1,table2,table3';
--search with print on
EXEC USP_SQLBruteForce
@SearchValue = 'test',
@SearchType = 'text',
@PrintResults = 1;
--search with errors and print on
EXEC USP_SQLBruteForce
@SearchValue = 'test',
@SearchType = 'text',
@PrintResults = 1,
@ErrorDsp = 1;
IF OBJECT_ID ( 'USP_SQLBruteForce', 'P' ) IS NOT NULL
DROP PROCEDURE [dbo].USP_SQLBruteForce;
GO
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
/*********************************************************************************************
SQLBruteForce v3 (2018-04-20)
(C) 2018, John Imel
DESCRIPTION:
searches a database for a value in any or all tables, supports number, datetime, and text searches along with
fuzzy searches like begins with, ends with, contains, and advanced which allows for pattern searches
RETURN:
table of matches found in database with sql to pull up the data and a count of how many times it was found in a specific table and column
LICENSE:
SQLBruteForce is free to download and use for personal, educational, and internal
corporate purposes, provided that this header is preserved. Redistribution is allowed as long as this
header is preserved and is provided for free with no additional costs, any other redistribution or sale
of SQLBruteForce, in whole or in part, is prohibited without the author's express
written consent.
*********************************************************************************************/
CREATE PROCEDURE USP_SQLBruteForce
--REQUIRED PARAMETERS-------------------------------
--SEARCH TERM
@SearchValue varchar(255),
--SEARCH TYPE supports the following: number, date, text
@SearchType varchar(8),
--OPTIONAL PARAMETERS----------------------------------
--is this a fuzzy search or exact match? 1 = fuzzy 0 = exact match only works for text searches
@IsFuzzy BIT = 0,
--type of fuzzy search to perform, Supports the following begins, ends, contains, advanced
@FuzzyType varchar(8) = '',
--Show or Hide errors encountered, 1 = show, 0 = hide
@ErrorDsp BIT = 0,
--Print results to screen, uses nowait option of raise error to print results as they are found
@PrintResults BIT = 0,
--limit search to specific tables 1 = limit, 0 = dont limit
@IncludeTables BIT = 0,
--CSV list of tables you want to search through
@IncludeTableList varchar(4000) = '',
--Exclude tables from search 1 = exclude, 0 = dont exclude
@ExcludeTables BIT = 0,
--CSV list of tables you want to exclude from search
@ExcludeTableList varchar(4000) = ''
as
BEGIN
--set nocount on to suppress messages back to client
SET NOCOUNT ON
--DECLARATIONS-------------------------------------------
DECLARE
@SearchStringLength int,
@ReturnSQLStatement nvarchar(4000),
@ReturnSQLStatementCount nvarchar(4000),
@ResultsCounter int,
@TableName varchar(200),
@ColumnName varchar(200),
@SchemaName varchar(200),
@ErrorText nvarchar(4000),
@ParmDefinition nvarchar(50),
@ExcludeListText varchar(4000),
@IncludeListText varchar(4000);
--table variables
declare @coltypes table(typename varchar(200) not null, typecategory varchar(200) not null primary key (typename, typecategory));
declare @collist table (tableid int identity primary key, schemaname varchar(200) not null, tablename varchar(200) not null, columnname varchar(200) not null, columnlength int, columntype varchar(200) unique clustered (schemaname,tablename, columnname));
declare @results table (resultid int identity primary key, resultsql nvarchar(4000), resultcntsql nvarchar(4000), schemaname varchar(200) not null, tablename varchar(200) not null, columnname varchar(200) not null);
--Temp table creation
if(OBJECT_ID('tempdb..#finalresults') is not null)
drop table #finalresults;
--used to hold the matches
create table #finalresults(resultid int identity primary key, resultsql varchar(4000), resultcnt int, schemaname varchar(200) not null, tablename varchar(200) not null, columnname varchar(200));
if(OBJECT_ID('tempdb..#errorresults') is not null)
drop table #errorresults;
--used to hold the errors
create table #errorresults(resultid int identity primary key, schemaname varchar(200) not null, tablename varchar(200) not null, columnname varchar(200), resultsql varchar(4000), errortxt nvarchar(4000));
--END DECLARATIONS---------------------------------------
--Initialize Variables and helper tables-----------------
SET @ParmDefinition = N'@cntvalOUT int OUTPUT';
SET @SearchStringLength = LEN(@SearchValue);
--helper table to reduce columns being searched through
--you can always add to this table or remove to customize which columns should be searched
insert into @coltypes(typename, typecategory)
values
('text','text'),
('date','date'),
('datetime2','date'),
('datetimeoffset','date'),
('tinyint','number'),
('smallint','number'),
('int','number'),
('smalldatetime','date'),
('real','number'),
('money','number'),
('datetime','date'),
('float','number'),
('ntext','text'),
('decimal','number'),
('smallmoney','number'),
('bigint','number'),
('varchar','text'),
('char','text'),
('nvarchar','text'),
('nchar','text'),
('name','text'),
('uniqueidentifier','text');
--END Initialize Variables-------------------------------
--START CHECKS-------------------------------------------
--do we have a search value?
IF(LEN(@SearchValue) = 0)
BEGIN
THROW 51000,'No search value set!! Cant search for nothing silly:) so please populate @SearchValue and retry',1;
END
--make sure searchtype chosen is supported
IF(LEN(@SearchType) = 0 OR @SearchType NOT IN ('text','date','number'))
BEGIN
THROW 51000,'Incorrect SearchType!! @SearchType only supports values of text, date, or number.',1;
END
--make sure fuzzytype chosen is supported
IF(@IsFuzzy = 1 and @FuzzyType NOT IN ('begins','ends','contains','advanced'))
BEGIN
THROW 51000,'Incorrect FuzzyType!! @FuzzyType only supports values of begins, ends, contains, advanced.',1;
END
--make sure @IncludeTableList has a value if @IncludeTables is set to 1
IF(@IncludeTables = 1 and len(@IncludeTableList) = 0)
BEGIN
THROW 51000,'Table Include List Empty!! If @IncludeTables set to 1 then you must have AT least one table name in @IncludeTableList.',1;
END
--make sure @ExcludeTableList has a value if @ExcludeTables is set to 1
IF(@ExcludeTables = 1 and len(@ExcludeTableList) = 0)
BEGIN
THROW 51000,'Table Exclude List Empty!! If @ExcludeTables set to 1 then you must have AT least one table name in @ExcludeTableList.',1;
END
--make sure @ExcludeTables and @IncludeTables are not both set to 1
IF(@ExcludeTables = 1 and @IncludeTables = 1)
BEGIN
THROW 51000,'Detected inclusion and exclusions both set to true!! You cannot set both @ExcludeTables = 1 and @IncludeTables = 1 only one can be used at a Time.',1;
END
--END CHECKS---------------------------------------------
--Build up a list of tables and columns tht will be searched through
insert into @collist(schemaname,tablename,columnname,columnlength,columntype)
select distinct ss.name,t.name, c.name, c.max_length, tt.name
from sys.tables t
inner join sys.columns c on t.object_id = c.object_id
inner join sys.types tt on c.user_type_id = tt.user_type_id
inner join sys.schemas ss on t.schema_id = ss.schema_id
inner join @coltypes ct on tt.name = ct.typename and ct.typecategory = @SearchType
where 1 = 1
AND c.is_computed = 0
--filter these results by include and exclude lists
IF @IncludeTables = 1
BEGIN
--convert list to have pipes surrounding values
SET @IncludeListText = CONCAT( '|', REPLACE(REPLACE(REPLACE(@IncludeTableList,' ,',','),', ',','),',','|,|'), '|')
--remove records from results
DELETE FROM @collist WHERE charindex('|' + tablename + '|', @IncludeListText, 1) = 0
END
IF @ExcludeTables = 1
BEGIN
--convert list to have pipes surrounding values
SET @ExcludeListText = CONCAT( '|', REPLACE(REPLACE(REPLACE(@ExcludeTableList,' ,',','),', ',','),',','|,|'), '|')
--remove records from results
DELETE FROM @collist WHERE charindex('|' + tablename + '|', @ExcludeListText, 1) > 0
END
--now with the table and column list lets start building out the sql needed to perform the search and place into a table variable
if @SearchType = 'text'
BEGIN
--BEGIN TEXT SEARCH QUERY BUILD----------------------
--check isfuzzy
if(@IsFuzzy = 0)
BEGIN
--exact match
insert into @results(resultsql,resultcntsql,schemaname,tablename,columnname)
select
CONCAT(
'select ',
'[' + columnname + '], *',
' FROM ',
'[' + schemaname + '].',
'[' + tablename + ']',
' WHERE ',
'[' + columnname + ']',
iif(c.columntype in ('text','ntext','uniqueidentifier'),' LIKE ',' = '),
''''+@SearchValue+''''
) AS resultsql,
CONCAT(
'select ',
'@cntvalOUT = COUNT(1)',
' FROM ',
'[' + schemaname + '].',
'[' + tablename + ']',
' WHERE ',
'[' + columnname + ']',
iif(c.columntype in ('text','ntext','uniqueidentifier'),' LIKE ',' = '),
''''+@SearchValue+''''
) AS resultcntsql,
c.schemaname,
c.tablename,
c.columnname
from @collist c
where 1 = 1
and (
c.columntype in ('text','ntext','uniqueidentifier')
OR
c.columnlength = -1
OR
--added to remove columns shorter than the search value
c.columnlength >= @SearchStringLength
)
--end exact match
END
ELSE
BEGIN
--fuzzy match
IF(@FuzzyType = 'begins')
BEGIN
--begin begins with
insert into @results(resultsql,resultcntsql,schemaname,tablename,columnname)
select concat(
'select ',
'[' + columnname + '], *',
' FROM ',
'[' + schemaname + '].',
'[' + tablename + ']',
' WHERE ',
'[' + columnname + ']',
' LIKE ',
''''+@SearchValue+'%'''
),concat(
'select ',
'@cntvalOUT = COUNT(1)',
' FROM ',
'[' + schemaname + '].',
'[' + tablename + ']',
' WHERE ',
'[' + columnname + ']',
' LIKE ',
''''+@SearchValue+'%'''
),c.schemaname,c.tablename,c.columnname
from @collist c
where 1 = 1
and (
c.columntype in ('text','ntext','uniqueidentifier')
or
c.columnlength = -1
or
c.columnlength >= @SearchStringLength
)
--end begins with
END
ELSE IF(@FuzzyType = 'ends')
BEGIN
--begin ends with
insert into @results(resultsql,resultcntsql,schemaname,tablename,columnname)
select concat(
'select ',
'[' + columnname + '], *',
' FROM ',
'[' + schemaname + '].',
'[' + tablename + ']',
' WHERE ',
'[' + columnname + ']',
' LIKE ',
''''+@SearchValue+'%'''
),concat(
'select ',
'@cntvalOUT = COUNT(1)',
' FROM ',
'[' + schemaname + '].',
'[' + tablename + ']',
' WHERE ',
'[' + columnname + ']',
' LIKE ',
'''%'+@SearchValue+''''
),c.schemaname,c.tablename,c.columnname
from @collist c
where 1 = 1
and (
c.columntype in ('text','ntext','uniqueidentifier')
or
c.columnlength = -1
or
c.columnlength >= @SearchStringLength
)
--end ends with
END
ELSE IF(@FuzzyType = 'contains')
BEGIN
--begin contains
insert into @results(resultsql,resultcntsql,schemaname,tablename,columnname)
select concat(
'select ',
'[' + columnname + '], *',
' FROM ',
'[' + schemaname + '].',
'[' + tablename + ']',
' WHERE ',
'charindex('''+@SearchValue+''',[' + columnname + '],1) > 0'
),concat(
'select ',
'@cntvalOUT = COUNT(1)',
' FROM ',
'[' + schemaname + '].',
'[' + tablename + ']',
' WHERE ',
'charindex('''+@SearchValue+''',[' + columnname + '],1) > 0'
),c.schemaname,c.tablename,c.columnname
from @collist c
where 1 = 1
and (
c.columntype in ('text','ntext','uniqueidentifier')
or
c.columnlength = -1
or
c.columnlength >= @SearchStringLength
)
--end contains
END
ELSE IF(@FuzzyType = 'advanced')
BEGIN
--begin advanced
insert into @results(resultsql,resultcntsql,schemaname,tablename,columnname)
select concat(
'select ',
'[' + columnname + '], *',
' FROM ',
'[' + schemaname + '].',
'[' + tablename + ']',
' WHERE ',
'patindex('''+@SearchValue+''',[' + columnname + ']) > 0'
),concat(
'select ',
'@cntvalOUT = COUNT(1)',
' FROM ',
'[' + schemaname + '].',
'[' + tablename + ']',
' WHERE ',
'patindex('''+@SearchValue+''',[' + columnname + ']) > 0'
),c.schemaname,c.tablename,c.columnname
from @collist c
where 1 = 1
and (
c.columntype in ('text','ntext','uniqueidentifier')
or
c.columnlength = -1
)
--end advanced
END
END
--end check isfuzzy
--END TEXT SEARCH QUERY BUILD------------------------
END
ELSE IF @SearchType = 'date'
BEGIN
--BEGIN DATE SEARCH QUERY BUILD----------------------
insert into @results(resultsql,resultcntsql,schemaname,tablename,columnname)
select concat(
'select ',
'[' + columnname + '], *',
' FROM ',
'[' + schemaname + '].',
'[' + tablename + ']',
' WHERE ',
'try_cast([' + columnname + '] as date)',
' = ',
''''+@SearchValue+''''
),concat(
'select ',
'@cntvalOUT = COUNT(1)',
' FROM ',
'[' + schemaname + '].',
'[' + tablename + ']',
' WHERE ',
'try_cast([' + columnname + '] as date)',
' = ',
''''+@SearchValue+''''
),c.schemaname,c.tablename,c.columnname
from @collist c
where 1 = 1
--END DATE SEARCH QUERY BUILD------------------------
END
ELSE IF @SearchType = 'number'
BEGIN
--BEGIN NUMBER SEARCH QUERY BUILD----------------------
insert into @results(resultsql,resultcntsql,schemaname,tablename,columnname)
select concat(
'select ',
'[' + columnname + '], *',
' FROM ',
'[' + schemaname + '].',
'[' + tablename + ']',
' WHERE ',
'[' + columnname + ']',
' = ',
@SearchValue
),concat(
'select ',
'@cntvalOUT = COUNT(1)',
' FROM ',
'[' + schemaname + '].',
'[' + tablename + ']',
' WHERE ',
'[' + columnname + ']',
' = ',
@SearchValue
),c.schemaname,c.tablename,c.columnname
from @collist c
where 1 = 1
--END NUMBER SEARCH QUERY BUILD------------------------
END
--now we have a temp table with queries ready to be looped through
--lets do a cursor and have it do the work
--declare the cursor
DECLARE db_cursor CURSOR LOCAL FAST_FORWARD FORWARD_ONLY FOR
select resultsql,resultcntsql,schemaname,tablename,columnname from @results
OPEN db_cursor
FETCH NEXT FROM db_cursor INTO @ReturnSQLStatement, @ReturnSQLStatementCount, @SchemaName, @TableName, @ColumnName
WHILE @@FETCH_STATUS = 0
BEGIN
--use try catch to catch any errors as this can and will error from time to time
BEGIN TRY
--execute the statement adn record teh count of results in the counter
EXEC sp_executesql @ReturnSQLStatementCount, @ParmDefinition, @cntvalOUT=@ResultsCounter OUTPUT;
IF(@ResultsCounter is null)
BEGIN
set @ResultsCounter = 0;
END
--insert results into temp results table
INSERT INTO #finalresults(resultsql,resultcnt,schemaname,tablename,columnname)
SELECT @ReturnSQLStatement,@ResultsCounter, @SchemaName, @TableName, @ColumnName
--if printresults is true then print it out using raiseerror with nowait
IF @PrintResults = 1 AND @ResultsCounter > 0
BEGIN
RAISERROR (@ReturnSQLStatement, 0, 1) WITH NOWAIT;
END
END TRY
BEGIN CATCH
--error caught and error display is set to true
IF(@ErrorDsp = 1)
BEGIN
SET @ErrorText = ( select CONCAT(
'Error Number: ',
ERROR_NUMBER(),
'Severity: ',
ERROR_SEVERITY(),
'Procedure: ',
ERROR_PROCEDURE(),
'Line: ',
ERROR_LINE(),
'Message: ',
ERROR_MESSAGE()
));
--insert error into error table
INSERT INTO #errorresults(schemaname,tablename,columnname,resultsql,errortxt)
SELECT @SchemaName,@TableName,@ColumnName,@ReturnSQLStatement,@ErrorText
END
ELSE
BEGIN
--error dispaly is set to false
IF @PrintResults = 1
BEGIN
--raise error with no wait if print results is set to true
SET @ErrorText = CONCAT('error occurred in [', @SchemaName, '].[', @TableName, '].[', @ColumnName, ']');
RAISERROR (@ErrorText, 0, 1) WITH NOWAIT;
END
ELSE
BEGIN
--simple print of error if print results set to false
PRINT CONCAT('error occurred in [', @SchemaName, '].[', @TableName, '].[', @ColumnName, ']');
END
END
END CATCH
FETCH NEXT FROM db_cursor INTO @ReturnSQLStatement, @ReturnSQLStatementCount, @SchemaName, @TableName, @ColumnName
END
CLOSE db_cursor
DEALLOCATE db_cursor
--END Cursor
--now processing is done lets return the results
select resultsql as ResultSQL,resultcnt as NumberOfMatches,schemaname,tablename,columnname
from #finalresults
where resultcnt > 0
order by resultcnt
--if errors are on then return those as well
if(@ErrorDsp = 1)
select * from #errorresults order by schemaname,tablename,columnname
--cleanup
BEGIN TRY
DROP TABLE #finalresults
DROP TABLE #errorresults
END TRY
BEGIN CATCH
PRINT 'temp tables already gone, skipping drop'
END CATCH
SET NOCOUNT OFF
END
GO
/*
--USAGE EXAMPLES--
--STRING SEARCHES------------------------------------------------
--exact match
--returns all table columns where there is an exact match of the search value
EXEC USP_SQLBruteForce
@SearchValue = 'test',
@SearchType = 'text';
--contains
--returns all table columns where the search value is contained in the data
EXEC USP_SQLBruteForce
@SearchValue = 'test',
@SearchType = 'text',
@IsFuzzy = 1,
@FuzzyType = 'contains';
--begins with
--returns all table columns where the data begins with the search value
EXEC USP_SQLBruteForce
@SearchValue = 'test',
@SearchType = 'text',
@IsFuzzy = 1,
@FuzzyType = 'begins';
--ends with
--returns all table columns where the data ends with the search value
EXEC USP_SQLBruteForce
@SearchValue = 'test',
@SearchType = 'text',
@IsFuzzy = 1,
@FuzzyType = 'ends';
--pattern
--returns all table columns where the pattern supplied had matches in data
EXEC USP_SQLBruteForce
@SearchValue = '[0-9][0-9][0-9][-][0-9][0-9][0-9][0-9]',
@SearchType = 'text',
@IsFuzzy = 1,
@FuzzyType = 'advanced';
--DATE SEARCH----------------------------------------------------
--returns all table columns where the date was found
EXEC USP_SQLBruteForce
@SearchValue = '01-01-1980',
@SearchType = 'date';
--NUMBER SEARCH--------------------------------------------------
--returns all table columns where the number was found
EXEC USP_SQLBruteForce
@SearchValue = '1234567890',
@SearchType = 'number';
--ADVANCED USAGE
--exact match of text in included tables only
EXEC USP_SQLBruteForce
@SearchValue = 'test',
@SearchType = 'text',
@IncludeTables = 1,
@IncludeTableList = 'table1,table2,table3';
--exact match of text excluding some tables from search
EXEC USP_SQLBruteForce
@SearchValue = 'test',
@SearchType = 'text',
@ExcludeTables = 1,
@ExcludeTableList = 'table1,table2,table3';
--search with print on
EXEC USP_SQLBruteForce
@SearchValue = 'test',
@SearchType = 'text',
@PrintResults = 1;
--search with errors and print on
EXEC USP_SQLBruteForce
@SearchValue = 'test',
@SearchType = 'text',
@PrintResults = 1,
@ErrorDsp = 1;
*/ 
