Nmap Development mailing list archives
Re: [NSE] Patch to add a password mangling mode to the library brute
From: Patricio Castagnaro <pcastagnaro () gmail com>
Date: Tue, 30 Dec 2014 11:55:10 -0300
Great Paulino! I use Mutator <https://bitbucket.org/alone/mutator> created by @AloneInTheShell <https://twitter.com/@AloneInTheShell>, wich basically generates a dictionary with mutations from a word. Maybe you want take a gander to this tool. Kind regards! *Lic. Patricio Castagnaro* *MSN/Gtalk/Mail* *pcastagnaro () gmail com <pcastagnaro () gmail com>* *Twitter* @*pcastagnaro* <https://twitter.com/pcastagnaro> *Skype:* * pcastagnaro**LinkedIn* *http://ar.linkedin.com/in/pcastagnaro <http://ar.linkedin.com/in/pcastagnaro>* *Google+* *https://plus.google.com/+PatricioCastagnaro <https://plus.google.com/+PatricioCastagnaro>* Think before you print 2014-12-26 5:10 GMT-03:00 Paulino Calderon <paulino () calderonpale com>:
Hi list, This is a patch for the NSE library 'brute' to add support to basic password mangling in all brute scripts. It adds a new brute mode called 'pass-mangling' and the script argument 'brute.mangling-rule' which supports the rules 'digits', 'strings', 'special' and 'all'. Rule 'digits': -Appends common digits found in passwords such as: [0-9] [00-99] 123 1234 12345 Rule 'strings': -Performs common string operations like reverse, repetition, capitalization, camelization, leetify, etc. Rule 'special': -Appends common special characters For example, the password 'secret' would yield the following additional combinations using the mangling rule 'all': secret2014 secret2015 secret2013 secret2012 secret2011 secret2010 secret2009 secret0 secret1 secret2 ... secret9 secret00 secret01 ... secret99 secret123 secret1234 secret12345 s3cr3t SECRET S3CR3T secret terces Secret S3cr3t secretsecret secretsecretsecret secret$ secret# secret! secret. secret@ I'm working on more advanced password mangling rules, doing more research and improving the documentation at the moment but this initial set should cover the base. I also wanted to see if anyone else have good ideas for mangling rules to include with this. Happy holidays! _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Patch to add a password mangling mode to the library brute Paulino Calderon (Dec 26)
- Re: [NSE] Patch to add a password mangling mode to the library brute Patricio Castagnaro (Dec 30)