Home page logo
/

nmap-dev logo Nmap Development mailing list archives

[NSE] password guessers for vulnerability scanners and exploitation frameworks
From: Vlatko Kosturjak <kost () linux hr>
Date: Thu, 10 Nov 2011 03:09:05 +0100

Hello!

Some time ago, I've sent link to the NSE scripts for guessing passwords on
popular vulnerability scanners on github:
https://github.com/kost/vulnscan-pwcrack

I have rewritten all those scripts to use new brute library. I have used
some existing NSE examples (mostly from Patrick) from Nmap SVN while doing
that. 

As I see people are doing already done job (Henry OMP, Patrick NTP), 
I'm sending these scripts directly to the mailing list now - hopefully for 
inclusion.  

So, the scripts are (I guess they are self descriptive):
metasploit-xmlrpc-brute.nse
nessus-ntp-brute.nse
nessus-xmlrpc-brute.nse
nexpose-brute.nse
openvas-omp-brute.nse
openvas-otp-brute.nse

Since Nmap does not detect all the services correctly, I'm sending patch to the
nmap services probes against the latest SVN version. 

Still, there are some issues - mainly with nessus-xmlrpc-brute.nse as I have
to force SSL in http.post by modifying NSE source in order to execute the 
script correctly. Looks like Nmap is trying to talk HTTP to the HTTPS server 
when using http.post in NSE although it detected it as ssl tunneled service 
in version scan phase.

If these scripts look fine, i have some *enum scripts ready to send as well
(but these scripts depend on the scripts in attachment).

BTW Patrick, I see you have problems with threads in NTP brute. I have tested
my version of the script and I'm not experiencing that. Could you tell me 
what I need to do to reproduce that? Also, if you check my script - I have 
sacrificed robustness of the script for the speed. 

Let me know your comments,
-- 
Vlatko Kosturjak - KoSt

Attachment: metasploit-xmlrpc-brute.nse
Description:

Attachment: nessus-ntp-brute.nse
Description:

Attachment: nessus-xmlrpc-brute.nse
Description:

Attachment: nexpose-brute.nse
Description:

Attachment: nmap-service-probes.diff
Description:

Attachment: openvas-omp-brute.nse
Description:

Attachment: openvas-otp-brute.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault