Nmap Development mailing list archives
Re: [RFC] Username/Password NSE library
From: Kris Katterjohn <katterjohn () gmail com>
Date: Tue, 24 Jun 2008 15:11:01 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Fyodor wrote:
Hi Kris. That's an interesting idea, but I think a manual reset function would be better. As you point out, the implicit reset is a pain if your script only tries, say, the first 100 passwords for each username. You shouldn't have to cycle through thousands more passwords just to get to the beginning again for the next username. Also, I think the code is easier to read and understand if the script has to call reset manually than if it relies on magic side effects like this.
OK, following with the thread mutex string parameters, I've added the single optional argument of "reset" to the closure for this. All this does is reset the list, it does not return a username or password. I've attached a new library with this functionality.
Cheers, -F
Thanks, Kris Katterjohn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBSGFU0f9K37xXYl36AQJlxQ//UDXFOn8J3ZseuNQDxbgoxLoWBMxiIDZp PKjE+RqE5W/gfDMwWggJEUvJpCIhGLLcycfpBL/G9YFRyAyboewH3IqcB6rcLEzZ 2AFPFiwRsANPummvH5sANPlX6VPpYMkOHphf/3kt9Tf6lbbAPrtz+kvYgV734tM5 yB5oEbQyfrFf2q9VUIC7EVExClMOhqvqkvcEK/WsGFeWXeoZ2pu2M6/2nl8IXYqR 9cQ49qbMk9ukRYNxwwgDvaFOp5A6TCEAPg9FEQ2iTQL+ytac+9Q8f/cFyYlzi9y1 Pfnwlrb8r29fgfCRjntzmtS2JPpcInQBHcSzNk1raaJ+FTN0NXyuSQCKxsZR7qGr JJV90nswn+51tcoSrMPm/+ZxihO4N+7StbpBRNJYFbPd+K8Ym6hNHy8lizQwfGqU R/wBfBSjWxlnBTgaUvJiHbYDvHJaGOu4M5b7rWbWizJuAUTt3jiljIokS6BD4+FC wEzfZ7VIgjodORIJNT9/dNf/W7w1YEdFsYz1zyG8k2Dod37DdS16Y7Y7/i9VYPKI LmeBzBhYB51UN88g5CC5TASJmEcKDdtvx+W69PZCi3t7hwznXV1iZUjdiwddGQBB mB6rbZ4aEjYBPzdkBu7JFL2owS6CH5pVFfVceiSFgfBLJYpFWt85d3hsJ3uc7qcu MRyFqGbpRJU= =Cfy2 -----END PGP SIGNATURE-----
-- Kris Katterjohn 06/2008 module(..., package.seeall) ---- Username/Password DB Library -- -- usernames() - Returns a closure which returns a new username with every call -- until the username list is exhausted (in which case it returns nil) -- -- passwords() - Returns a closure which returns a new password with every call -- until the password list is exhausted (in which case it returns nil) -- -- These functions return multiple values for use with exception handling via -- nmap.new_try(). The first value is the boolean success indicator, the -- second value is the closure, and the last value is a boolean value indicating -- whether or not the list read from is user-defined (true) or not (false). -- -- The closures can take a parameter of "reset" to rewind the list to the -- beginning. -- -- You can select your own username and/or password database to read from with -- the script arguments userdb and passdb, respectively. The databases are -- read line-by-line and recorded verbatim, so no comments are allowed (this -- could get confused with a real username or password). -- ---- local usertable = {} local passtable = {} local userfile = function() if nmap.registry.args.userdb then return true, nmap.registry.args.userdb end return false, nmap.fetchfile("nselib/usernames.lst") end local passfile = function() if nmap.registry.args.passdb then return true, nmap.registry.args.passdb end return false, nmap.fetchfile("nselib/passwords.lst") end local filltable = function(filename, table) if #table ~= 0 then return true end local file = io.open(filename, "r") if not file then return false end while true do local l = file:read() if not l then break end table[#table + 1] = l end file:close() return true end local closure = function(table) local i = 1 return function(cmd) if cmd == "reset" then i = 1 return end local elem = table[i] if elem then i = i + 1 end return elem end end usernames = function() local custom, path = userfile() if not path then return false, "Cannot find username list", custom end if not filltable(path, usertable) then return false, "Error parsing username list", custom end return true, closure(usertable), custom end passwords = function() local custom, path = passfile() if not path then return false, "Cannot find password list", custom end if not filltable(path, passtable) then return false, "Error parsing password list", custom end return true, closure(passtable), custom end
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: [RFC] Username/Password NSE library, (continued)
- Re: [RFC] Username/Password NSE library Fyodor (Jun 18)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 18)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 19)
- Re: [RFC] Username/Password NSE library Fyodor (Jun 19)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 19)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 23)
- RE: [RFC] Username/Password NSE library Thomas Buchanan (Jun 24)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 24)
- Re: [RFC] Username/Password NSE library Fyodor (Jun 24)
- Re: [RFC] Username/Password NSE library Philip Pickering (Jun 18)
- RE: [RFC] Username/Password NSE library Thomas Buchanan (Jun 24)
- Re: [RFC] Username/Password NSE library Patrick Donnelly (Jun 24)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 24)
- Re: [RFC] Username/Password NSE library Patrick Donnelly (Jun 25)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 25)
- Re: [RFC] Username/Password NSE library Patrick Donnelly (Jun 25)
- RE: [RFC] Username/Password NSE library Thomas Buchanan (Jun 25)
- Re: [RFC] Username/Password NSE library Patrick Donnelly (Jun 25)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 25)
- Re: [RFC] Username/Password NSE library Patrick Donnelly (Jun 25)