Nmap Development mailing list archives
Re: HTTP Brute Force NSE script
From: David Fifield <david () bamsoftware com>
Date: Wed, 1 Apr 2009 08:57:07 -0600
On Wed, Apr 01, 2009 at 04:13:07AM -0300, João wrote:
Today I was studying about coding in NSE and for such task I've tried to develop a simple script. I've based myself in the other scripts that are available with nmap and I've written a small script for performing HTTP Brute Forcing based on wordlists. Of course it is very slow by now. I've used only functions that are already done in nselib. Soon I'll try to write a few more functions to improve performance (such as pipelined http requests).
Thanks João, this script looks very well written. Were you aware of the http-auth.nse script (http://nmap.org/nsedoc/scripts/http-auth.html)? It seems to do almost exactly the same thing. Maybe you can comment on advantages each script has over the other? We had a patch submitted to add MD5 authentication to http-auth.nse, but it needed some work and we haven't seen an updated copy. http://seclists.org/nmap-dev/2008/q4/0603.html http://seclists.org/nmap-dev/2009/q1/0151.html
For the script work properly, the user is supposed to have two wordlists on the same dir as the script. The files are passwords.lst and usernames.lst, and they both have a list of usernames and passwords (kind of obvious :-).
For user name and password guessing the preferred approach is to use the unpwdb module. http://nmap.org/nsedoc/modules/unpwdb.html However I have resisted adding new authentication credentials to http-auth.nse because while it's easy to just add a load of passwords, all they do is slow a scan down unless they are passwords that are actually used. I would prefer to see a list of credentials that is tailored for HTTP services, such as default passwords for weblog software and home router admin pages, with numbers giving a general idea of how often they are used. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- HTTP Brute Force NSE script João (Apr 01)
- Re: HTTP Brute Force NSE script David Fifield (Apr 01)
- Re: HTTP Brute Force NSE script Ron (Apr 01)
- Re: HTTP Brute Force NSE script João (Apr 01)
- Re: HTTP Brute Force NSE script Thomas Buchanan (Apr 02)
- Re: HTTP Brute Force NSE script David Fifield (Apr 01)