Skip to content

Pentesting Grafana

Interesting resource: https://rootxsushant.medium.com/a-comprehensive-guide-for-pentesting-grafana-cfa09b2f1243

Important grafana files and directories

1
2
/var/lib/grafana/grafana.db
/etc/grafana/grafana.ini

grafana.db

Save to your local machine.

If you have SQLite installed, just run:

1
sqlite3 grafana.db

Once inside the shell:

1
2
3
4
5
6
.tables             -- list all tables
.schema             -- print schema
SELECT * FROM user;         -- dump all users
SELECT * FROM api_key;      -- list API keys
SELECT * FROM data_source;  -- view data sources (often contains creds)
SELECT * FROM user_auth_token; -- session tokens

Tools

grafana2hashcat: Original | My fork

Last update: 2025-07-14
Created: July 14, 2025 16:39:18