Home page logo
/

nmap-dev logo Nmap Development mailing list archives

RE: [RFC] Username/Password NSE library
From: "Thomas Buchanan" <TBuchanan () thecompassgrp net>
Date: Tue, 24 Jun 2008 14:11:31 -0500

-----Original Message-----
From: nmap-dev-bounces () insecure org 
[mailto:nmap-dev-bounces () insecure org] On Behalf Of Kris Katterjohn
Sent: Monday, June 23, 2008 2:24 AM
To: Fyodor
Cc: Nmap Dev
Subject: Re: [RFC] Username/Password NSE library


Kris,

I've used your username/password library to refactor my HTTP Auth brute
forcing library (results to come after a little more testing), and it
seems to work very nicely.  One feature that would be nice, but
certainly not essential, is the ability to reset or rewind the lists.
Consider the typical process for brute forcing:

for each username
  for each password
    try login
  end
end

The issue that I see is that for each new username, you have to create a
new password closure.  While not difficult or particularly
time-consuming, it would be nice just to create the closure only once
(and perform error checking, etc.), then reset the existing list each
iteration and have it start over fresh.

Like I said, this feature isn't really necessary, but would be nice to
have if it's not too difficult to implement.

Thanks,

Thomas

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault