Nmap Development mailing list archives
[NSE] Duplicate credential storage?
From: nnposter () users sourceforge net
Date: Mon, 16 Feb 2015 22:23:25 +0000
I have noticed that nmap.registry holds two parallel structures for credentials: "creds" and "credentials". The former is abstracted out through the creds library and the latter is used directly by just a few scripts. Specifically, two scripts (http-brute, and http-form-brute) are populating structure credentials.http, while they also utilize the creds library so they are storing the credentials twice. In the entire script collection only one script (http-domino-enum-passwords) seems to consume the credentials.http structure. I would like to solicit opinions whether the redundancy serves a particular purpose or whether it is just a leftover. In case of the latter, the attached patch converts the one script to use the creds library and retires the credentials.http structure. The patch does not touch script backorifice-brute, which populates registry structure credentials.backorifice, although it would be very easy to do so. As far as I can tell none of the scripts consume credentials.backorifice. It looks like script backorifice-info was meant to but it was not implemented. Cheers, nnposter
Attachment:
registry-credentials.patch
Description:
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Duplicate credential storage? nnposter (Feb 16)
- Re: [NSE] Duplicate credential storage? Daniel Miller (Feb 19)