mailing list archives
[NSE] password guessers for vulnerability scanners and exploitation frameworks
From: Vlatko Kosturjak <kost () linux hr>
Date: Thu, 10 Nov 2011 03:09:05 +0100
Some time ago, I've sent link to the NSE scripts for guessing passwords on
popular vulnerability scanners on github:
I have rewritten all those scripts to use new brute library. I have used
some existing NSE examples (mostly from Patrick) from Nmap SVN while doing
As I see people are doing already done job (Henry OMP, Patrick NTP),
I'm sending these scripts directly to the mailing list now - hopefully for
So, the scripts are (I guess they are self descriptive):
Since Nmap does not detect all the services correctly, I'm sending patch to the
nmap services probes against the latest SVN version.
Still, there are some issues - mainly with nessus-xmlrpc-brute.nse as I have
to force SSL in http.post by modifying NSE source in order to execute the
script correctly. Looks like Nmap is trying to talk HTTP to the HTTPS server
when using http.post in NSE although it detected it as ssl tunneled service
in version scan phase.
If these scripts look fine, i have some *enum scripts ready to send as well
(but these scripts depend on the scripts in attachment).
BTW Patrick, I see you have problems with threads in NTP brute. I have tested
my version of the script and I'm not experiencing that. Could you tell me
what I need to do to reproduce that? Also, if you check my script - I have
sacrificed robustness of the script for the speed.
Let me know your comments,
Vlatko Kosturjak - KoSt
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/