Home page logo
/

nmap-dev logo Nmap Development mailing list archives

[NSE] Multi-threaded telnet-brute
From: nnposter () users sourceforge net
Date: Wed, 7 Aug 2013 1:55:30 +0000

I have put together another revision of telnet-brute.nse with the
objective of utilizing nselib/brute.lua.

Notable features:

- Multi-threaded (thanks to nselib/brute.lua)

- Can automatically reduce number of threads if it senses that the
  target supports less than what brute.lua wants to use. Without this
  feature the script tends to bail out because brute.lua default of 10
  threads is too much for a lot of telnet targets. This saves the user
  the trouble of finding out how much the target can take before
  launching the script.

- Uses connection pooling for sending multiple login attempts across
  the same connection. This significantly improves performance.

- Supports password-only logins.

Other changes:

- Fixed support for Windows telnet service.
  Added support for Netgear RM356.
  
- Improved accuracy of target state detection.

Tested on:

- Cisco IOS
- Linux telnetd
- Windows telnet service
- Digital Sprite 2
- Nortel Contivity
- Netgear RM356
- Hummingbird telnetd

I would very much appreciate if the community tested the script against
additional target types. If you find the script does not work in your
particular environment then please run it single-threaded (i.e.,
--script-args brute.threads=1) and send me the full nmap output with
debug level 3 (-ddd). Feel free to edit the output to replace the
individual password characters but please do not alter the output
otherwise.

Any constructive feedback is very welcome.


Cheers,
nnposter

Attachment: telnet-brute.nse
Description:

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]