Nmap Development mailing list archives
Re: [RFC] Username/Password NSE library
From: Kris Katterjohn <katterjohn () gmail com>
Date: Tue, 17 Jun 2008 22:12:16 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tom Sellers wrote:
Kris Katterjohn wrote:Now I need opinions on good username and password lists to ship and use by default. There is an ordered password list shipped with John the Ripper which has 3107 entries. The license[1] pretty much says we can distribute it if we give credit and also ship the license. Are there any ideas on a better list? What about a good username list?I suggest checking some of the Internet lists of default username/password pairs. It is ridiculous how often I come across equipment that has been install and left in its default state.
What type of API and functionality would you guys like from this library? When Fyodor and I first discussed this, it seemed pretty simple: you can grab usernames or passwords one-at-a-time. But now you guys are thinking of good, but different, ideas on how this library would work. I think pairs like this would be nice, but it doesn't fit into the current design; but is certainly OK by me. Here are some ideas (not mutually exclusive of course): 1) The ability to grab a username or password at a time 2) The ability to grab the full table of usernames or passwords, or a table of a certain size 3) Maybe the ability to grab just "administrator" usernames 4) The ability to grab common default username/password pairs for networking devices
It may also make sense to order this list such that more common software/devices occur first. If you like I can gather some of this information and condense it down.
It'd be great if you could do that. It's better to have too many than miss out.
If you think these usernames and passwords would not be appropriate for your application I may roll them into generic scripts based on protocol, such as ftp, http, ssh, etc. Thanks, Tom
Thanks, Kris Katterjohn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBSFh9D/9K37xXYl36AQKwsxAAj+uyPItqK0uqj31H/q7mEC31CHxHWmMC KI3MSa9q1gCXYrbuEkEbANWc2QXSt10gGpl951ksTn7YjGno0/LQSanTYnMCkyJE Rg7EHNraH5F6zohFDZCzK1PiVrvrdfkEoCfIYNRWG/LQBrPas91MIFvv/udZHkkH VShJcGI03aXyHbz5oM9/6ub2SrbX7B7QS6XvXX65GC1QyGbGhP9sfd9ICzNy+yp+ 0wz7+5il40Ji1f7xnUzM7ns6dI7RjJcv9HnfQ7sUIm3cV7ZTDNj3gbDfna755Eh1 oHgBrolVqLDVjjqkBpK8aF+TVlm9pQF6HBTgSPvkcaqDoTkC3SP8Ikhb1dwUzbvp MkHfQrz1B+y7WpJSfoQUJkJ6n897SRr/mFtk1PADLE3KU2DQTASH3cnhHy/hFG3z fjaurfo3fqJtBy8y1IIv1qYK1HW+FrbFwQkkiHFHazleotanNcCs/+8AZbN0RDPZ JV3RX4U/Yg+S8bQanJfDV6xx7ckDn9TFdHpBS1XoN53QHlYaQ2E00sseCKtA0XYP A2r7SqrQs417R/KtrvbO2kmZBMuEZz62vunq2n/cBF+TNBZ+ons+eF+BqUUqrWIr Dx0I6vCcigdPlNeR5XyCxNcgU3eYiBT0fp2RhVFNpkCgKb1JCYL0gCR3VSTUHKzb 2X5h5Y3LHJ4= =PM6N -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [RFC] Username/Password NSE library Kris Katterjohn (Jun 17)
- Re: [RFC] Username/Password NSE library Brandon Enright (Jun 17)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 17)
- Re: [RFC] Username/Password NSE library Andrew J. Bennieston (Jun 18)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 17)
- Re: [RFC] Username/Password NSE library Tom Sellers (Jun 17)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 17)
- Re: [RFC] Username/Password NSE library Fyodor (Jun 18)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 18)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 19)
- Re: [RFC] Username/Password NSE library Fyodor (Jun 19)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 19)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 23)
- RE: [RFC] Username/Password NSE library Thomas Buchanan (Jun 24)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 24)
- Re: [RFC] Username/Password NSE library Fyodor (Jun 24)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 17)
- Re: [RFC] Username/Password NSE library Brandon Enright (Jun 17)
- Re: [RFC] Username/Password NSE library Philip Pickering (Jun 18)