Nmap Development mailing list archives
Re: [RFC] NSE script - HTTP authentication
From: "Eddie Bell" <ejlbell () gmail com>
Date: Tue, 29 May 2007 16:31:42 +0100
Hi thomas On 25/05/07, Thomas Buchanan <tbuchanan () thecompassgrp net> wrote:
3. What is the general opinion of writing scripts that attempt to log in with known username/password combinations? I suspect that in certain cases, this type of activity could be construed as illegal if permission has not been obtained from the owner / operator of the targeted systems.
I think this will be ok as intrusive scripts by their very definition are intrusive :) I tested the script and it seems to work well. The only thing I noticed was in the xml output only the first line is logged. I do not think this has anything to do with your script. I think it may be a problem with the nse logging code. In plain text I get this: HTTP Auth: HTTP Service requires authentication Auth type: Basic, realm = DSL-524T HTTP server may accept user="admin" with password="admin" for Basic authentication but the xml gives me this <script id="HTTP Auth" output="HTTP Service requires authentication" /> With my finger script I don't get any output and the tags seem a little messed up " /></port>t protocol="tcp" portid="79"> <state state="open" reason="syn-ack" reason_ttl="64"/> <service name="finger" method="table" conf="3" /> <script id="Finger Results" output=" </ports> I'm going to take a look at this tomorrow. thanks - eddie _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [RFC] NSE script - HTTP authentication Thomas Buchanan (May 25)
- Re: [RFC] NSE script - HTTP authentication Thomas Buchanan (May 25)
- RE: [RFC] NSE script - HTTP authentication Sina Bahram (May 25)
- RE: [RFC] NSE script - HTTP authentication Thomas Buchanan (May 25)
- RE: [RFC] NSE script - HTTP authentication Sina Bahram (May 25)
- RE: [RFC] NSE script - HTTP authentication Thomas Buchanan (May 25)
- Re: [RFC] NSE script - HTTP authentication Eddie Bell (May 29)
- Re: [RFC] NSE script - HTTP authentication Thomas Buchanan (May 29)
- Re: [RFC] NSE script - HTTP authentication Eddie Bell (May 30)
- Re: [RFC] NSE script - HTTP authentication Thomas Buchanan (May 29)