Nmap Development mailing list archives
Re: [RFC] Username/Password NSE library
From: Kris Katterjohn <katterjohn () gmail com>
Date: Wed, 18 Jun 2008 11:57:21 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Fyodor wrote:
On Tue, Jun 17, 2008 at 10:12:16PM -0500, Kris Katterjohn wrote:Here are some ideas (not mutually exclusive of course): 1) The ability to grab a username or password at a timeOK.2) The ability to grab the full table of usernames or passwords, or a table of a certain sizeYou might be able to get by with either #1 or #2. Though my initial thought is that #1 would be better in that case.
Well, if it's between the two, I would definitely choose #1 (and that seems to be the general opinion).
3) Maybe the ability to grab just "administrator" usernamesMaybe, though as you mentioned theyse may generally be at the top of the username list anyway. And a smart script which only wants admin usernames may be better off using its own list because the script may know if it is likely to be used against Windows, certain devices with common admin names, etc. So it may be able to exclude administrator names from other platforms.
This sounds reasonable to me.
4) The ability to grab common default username/password pairs for networking devicesI think these lists would be specific to a certain script which scans such a device/service, so I'd rather let the script use its own lists.
This too sounds reasonable.
It would be nice if the library tells whether it is using a user-provided or default list. I'd generally probably use more entries from a user-provided list (perhaps all of them), while a default list can be limited to a much smaller number.
That's a good idea! I think the simplest way would be to have a boolean return value, probably true for a user-defined list.
Cheers, -F
Thanks, Kris Katterjohn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBSFk+b/9K37xXYl36AQL/Kw/8D/TUfZnQtQAJXnxQPFqDFmvU+poPSaj/ fZ0WVfTFwO52fv6AUQ4YVRtBB/wrVukXcK8trsn3v8w2w75Sf2LOlwphECxVMrEZ ccd12WColGLlD43TUiWoL+PX3yH1WBbMRBFFMtOeXGx0j6egMUxwiyaADlouzWsJ lEyNJRmC6wYUWyW6X+o7bZhYp6ZpCyDqiiWrUV1rYb/JpPOEoMqNgYL95Y/DvyFX O95fxZUY+camibRs5U1RI0zF+QaVdsXuQAQFIJnsk1cBPtTFiDusRAi2kETNMf4+ g5T+T4MXkH9lLUghaY9Bhzkb4SftO4UBfOI4rjfSUomggwaJMqksbxnGNsCNjXtF OjqDrbhPH1y5P/ONPFrwGpm73Y7WjIk/GdbmJnia/ZmTVDy7nMH9Nu9Z5JogbnfK sv/3REcv7rHPlMa9n4hl6SsK0ZtB7i7LT5LlcDMczb7MuNKad1HgBQP7cLYFTCn2 fmbIY0kG6zewwvaDXNVdRdrBiF0R+xe5B9q1bx4XFPZbGP/iCXrS+j9Rk2MRxuSP lj/5TeWFMIqM01jLNMbcm9fyINmdop5wBT7j5jc5qfKyxScxy1MikjruSc1v32Dz VaEldXhhDyt1uatLQR+QGUlbuSBmjMjhy0tGX/RId/exAjT/LDCpOCfxWdB1gJyC mwKj8wp1DL4= =L67G -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [RFC] Username/Password NSE library Kris Katterjohn (Jun 17)
- Re: [RFC] Username/Password NSE library Brandon Enright (Jun 17)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 17)
- Re: [RFC] Username/Password NSE library Andrew J. Bennieston (Jun 18)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 17)
- Re: [RFC] Username/Password NSE library Tom Sellers (Jun 17)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 17)
- Re: [RFC] Username/Password NSE library Fyodor (Jun 18)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 18)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 19)
- Re: [RFC] Username/Password NSE library Fyodor (Jun 19)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 19)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 23)
- RE: [RFC] Username/Password NSE library Thomas Buchanan (Jun 24)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 24)
- Re: [RFC] Username/Password NSE library Fyodor (Jun 24)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 17)
- Re: [RFC] Username/Password NSE library Brandon Enright (Jun 17)
- Re: [RFC] Username/Password NSE library Philip Pickering (Jun 18)
- <Possible follow-ups>
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 24)
- RE: [RFC] Username/Password NSE library Thomas Buchanan (Jun 24)