Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: using the credentials database
From: Toni Ruottu <toni.ruottu () iki fi>
Date: Thu, 30 Jun 2011 01:17:07 +0300

What I'd like to see next, is support for feeding credentials into the
database from command line. I am sure this could be made into a really
hard design task, but maybe we do not need to support very complex use
cases. We could just support global credentials that would match all
services. How about --script-args creds.global=joe:secret,admin:123456

On Tue, Jun 28, 2011 at 12:04 AM, Patrik Karlsson <patrik () cqure net> wrote:

On Jun 27, 2011, at 4:25 PM, Toni Ruottu wrote:

Do we have examples for using the credentials stored in the database?
Do I need to use the credentials explicitly when I am developing http
info scripts, or does the http library just log in for me if
authorization is required?

 --Toni
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


Hi Toni,

I've added some documentation and a new function called getCredentials that will hopefully get you what you need.
Let me know if there's anything else you find missing :)

In regards to the http library, you need to se the credentials explicitly. Check out the http-brute script for an 
example.

//Patrik
--
Patrik Karlsson
http://www.cqure.net
http://www.twitter.com/nevdull77

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]