Nmap Development mailing list archives

Re: [NSE] Patch to add a password mangling mode to the library brute

From: Patricio Castagnaro <pcastagnaro () gmail com>
Date: Tue, 30 Dec 2014 11:55:10 -0300

Great Paulino!

I use Mutator <https://bitbucket.org/alone/mutator> created by
@AloneInTheShell <https://twitter.com/@AloneInTheShell>, wich basically
generates a dictionary with mutations from a word. Maybe you want take a
gander to this tool.

Kind regards!


*Lic. Patricio Castagnaro*
*MSN/Gtalk/Mail* *pcastagnaro () gmail com <pcastagnaro () gmail com>*
*Twitter* @*pcastagnaro* <https://twitter.com/pcastagnaro>
*Skype:*
* pcastagnaro**LinkedIn* *http://ar.linkedin.com/in/pcastagnaro
<http://ar.linkedin.com/in/pcastagnaro>*
*Google+* *https://plus.google.com/+PatricioCastagnaro
<https://plus.google.com/+PatricioCastagnaro>*

Think before you print

2014-12-26 5:10 GMT-03:00 Paulino Calderon <paulino () calderonpale com>:

Hi list,

This is a patch for the NSE library 'brute' to add support to basic
password mangling in all brute scripts. It adds a new brute mode called
'pass-mangling' and the script argument 'brute.mangling-rule' which
supports the rules 'digits', 'strings', 'special' and 'all'.

Rule 'digits':
-Appends common digits found in passwords such as:
[0-9]
[00-99]
123
1234
12345

Rule 'strings':
-Performs common string operations like reverse, repetition,
capitalization, camelization, leetify, etc.

Rule 'special':
-Appends common special characters

For example, the password 'secret' would yield the following additional
combinations using the mangling rule 'all':
secret2014
secret2015
secret2013
secret2012
secret2011
secret2010
secret2009
secret0
secret1
secret2
...
secret9
secret00
secret01
...
secret99
secret123
secret1234
secret12345
s3cr3t
SECRET
S3CR3T
secret
terces
Secret
S3cr3t
secretsecret
secretsecretsecret
secret$
secret#
secret!
secret.
secret@

I'm working on more advanced password mangling rules, doing more research
and improving the documentation at the moment but this initial set should
cover the base. I also wanted to see if anyone else have good ideas for
mangling rules to include with this.

Happy holidays!


_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[NSE] Patch to add a password mangling mode to the library brute Paulino Calderon (Dec 26)
- Re: [NSE] Patch to add a password mangling mode to the library brute Patricio Castagnaro (Dec 30)