Home page logo

nmap-dev logo Nmap Development mailing list archives

[NSE] How brute scripts and UN/PW scripts interact with creds
From: Brendan Byrd <sineswiper () gmail com>
Date: Fri, 23 Dec 2011 22:04:34 -0500

While looking into scanning a large batch of hosts with different SNMP
community strings, I seem to be faced with a potential problem with just
how NSE scripts treat UN/PWs in general.  We have creds, a library for
storing UN/PWs for various hosts, but it doesn't appear to be long-term,
and there is not a lot of interaction with it and other scripts.
Currently, creds doesn't have a "saveToFile" function, so I created one.

However, now we run into the issue of wasted cycles trying to load a
growing creds file against thousands of script sessions.  Every since
instance of snmp-brute would be reading the whole file and then writing the
whole file.  If there is an nmap.registry.creds check, then we at least
don't have to read the file more than once, but when do we write to it?  At
the end of each instance?  Is there a function that could be added to the
library to write the file on NMap exit?

There's also the matter of database size.  Is the Lua code fast enough to
look through, say, 10K hosts in a Lua table among thousands of script
checks?  If not, then some sort of mini-database format, or maybe a better
type of lookup, would need to be created.

And finally, adoption of creds within the scripts, both brute crackers for
writing UN/PW, and version scanning / querying scripts for reading them.  I
don't see it used often enough.

Any thoughts or solutions to some of these?

Brendan Byrd/SineSwiper <SineSwiper () GMail com>
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]