Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: RFC on Ncrack, A new network authentication cracker
From: Lionel Cons <lionel.cons () cern ch>
Date: Tue, 28 Apr 2009 13:27:00 +0200

Fyodor <fyodor () insecure org> writes:
I'm proposing a new tool: Ncrack, and I'd love to get your feedback on

IMHO, this is a very good idea.

o It needs to be faster than its competitors such as THC Hydra, Cain &
  Abel, etc.  The speed should be quite tunable so you can specify a
  slow rate for the times when that is desirable.

I would value more reliability (e.g. detecting a service that
temporarily blocks new attempts) rather than speed. Also, like Nmap,
it should have flexible timing and rate limiting options.

o It needs to have great username and password lists.

I find this "out of scope". The question of which dictionaries to use
should be tool independent. There are already many sources and several
good tools to generate yet more passwords (e.g. john --incremental).

However, Ncrack could somehow filter the raw source of passwords and
adapt it to the service it talks to. If the remote end does not care
about case, Ncrack should take this into account.

o Ncrack needs to support the major authenticated protocols, such as
  ssh, msrpc, http, imap, pop3, SNMP, telnet, ftp, etc.

I would add VNC and databases like LDAP, MS-SQL, MySQL, Oracle...

As Ithilgore pointed out, it should support some kind of module or
plugin mechanism so that services requiring specific libraries
(e.g. Oracle) can easily be built when the required libraries are

I would also add that Ncrack should not re-invent Nmap's wheel and
rely on it to detect which services are available on which port.



Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]