Nmap Development mailing list archives
[NSE] How brute scripts and UN/PW scripts interact with creds
From: Brendan Byrd <sineswiper () gmail com>
Date: Fri, 23 Dec 2011 22:04:34 -0500
While looking into scanning a large batch of hosts with different SNMP community strings, I seem to be faced with a potential problem with just how NSE scripts treat UN/PWs in general. We have creds, a library for storing UN/PWs for various hosts, but it doesn't appear to be long-term, and there is not a lot of interaction with it and other scripts. Currently, creds doesn't have a "saveToFile" function, so I created one. However, now we run into the issue of wasted cycles trying to load a growing creds file against thousands of script sessions. Every since instance of snmp-brute would be reading the whole file and then writing the whole file. If there is an nmap.registry.creds check, then we at least don't have to read the file more than once, but when do we write to it? At the end of each instance? Is there a function that could be added to the library to write the file on NMap exit? There's also the matter of database size. Is the Lua code fast enough to look through, say, 10K hosts in a Lua table among thousands of script checks? If not, then some sort of mini-database format, or maybe a better type of lookup, would need to be created. And finally, adoption of creds within the scripts, both brute crackers for writing UN/PW, and version scanning / querying scripts for reading them. I don't see it used often enough. Any thoughts or solutions to some of these? -- Brendan Byrd/SineSwiper <SineSwiper () GMail com> _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] How brute scripts and UN/PW scripts interact with creds Brendan Byrd (Dec 23)
- Re: [NSE] How brute scripts and UN/PW scripts interact with creds Patrik Karlsson (Dec 25)
- Re: [NSE] How brute scripts and UN/PW scripts interact with creds Brendan Byrd (Dec 28)
- Re: [NSE] How brute scripts and UN/PW scripts interact with creds Patrik Karlsson (Dec 28)
- Re: [NSE] How brute scripts and UN/PW scripts interact with creds Brendan Byrd (Dec 28)
- Re: [NSE] How brute scripts and UN/PW scripts interact with creds Patrik Karlsson (Dec 29)
- Re: [NSE] How brute scripts and UN/PW scripts interact with creds David Fifield (Dec 29)
- Re: [NSE] How brute scripts and UN/PW scripts interact with creds Patrik Karlsson (Dec 29)
- Re: [NSE] How brute scripts and UN/PW scripts interact with creds Patrik Karlsson (Dec 29)
- Re: [NSE] How brute scripts and UN/PW scripts interact with creds Brendan Byrd (Dec 29)
- Re: [NSE] How brute scripts and UN/PW scripts interact with creds Brendan Byrd (Dec 28)
- Re: [NSE] How brute scripts and UN/PW scripts interact with creds Patrik Karlsson (Dec 25)