Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: Default time limits for unpwdb
From: David Fifield <david () bamsoftware com>
Date: Wed, 24 Mar 2010 21:09:49 -0600

On Tue, Mar 23, 2010 at 12:45:06PM -0500, Ron wrote:
On Tue, 23 Mar 2010 11:23:46 -0600 David Fifield
<david () bamsoftware com> wrote:
Here's another patch that adds these script arguments:

-- @args unpwdb.userlimit The maximum number of usernames
--                        <code>usernames</code> will return
--                        (default unlimited).
-- @args unpwdb.passlimit The maximum number of passwords
--                        <code>passwords</code> will return
--                        (default unlimited).
-- @args unpwdb.timelimit The maximum amount of time (in seconds)
that any
--                        iterator will run before stopping.

Does it look good? If so I can commit it today. The next step is to
increase the size of passwords.lst, so scripts that want to go into
more depth can do so.

I haven't looked at the code, but the concept is sound. As long as it
defaults to some kind of limit, we can probably make the list
arbitrarily long. As we sort of mentioned, some protocols are fast
(SMB is bruteforced fast++), and some are slow (vsftpd forces a 2
second delay between attempts). For that reason, I think time is more

I committed this, and increased the size of the password database to
5000. I hope that this won't have any unexpected effects (scripts taking
up to the time of the time limit when they would not have before).

The default time limits come from the unpwdb.timelimit function. They
depend on the timing template level.

-T3 or lower: 10 minutes
-T4:           5 minutes
-T5:           3 minutes

David Fifield
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]