Nmap Development mailing list archives
Re: [NSE] new scripts and libraries: http
From: David Fifield <david () bamsoftware com>
Date: Mon, 6 Sep 2010 15:42:02 -0600
On Thu, Aug 19, 2010 at 10:54:40PM +0200, Patrik Karlsson wrote:
On 13 aug 2010, at 06.48, David Fifield wrote:Could the cached credentials in in nmap.registry.credentials.http be indexed by the domain and realm? My idea is to introduce a more capable default http.get function that is capable of following redirects and using cached authentication automatically. If it knows the domain and realm it can do this just like a web browser.I didn't change this because I wanted to check what your thoughts are on implementing a creds.lua library instead. Now all scripts are in charge of storing their credentials in the registry for other scripts to use. There is no standard way of doing so. Not even my own scripts use the same place or method. We could create a library that would basically have a function to store the credentials: function store_credentials( host, service, username, password, state, info ) We could then have a few different functions to fetch credentials like e.g. get_credentials_for_service( host, service ) get_credentials_for_host( host ) In addition it would be very easy to write a postrule script that would print all found credentials at the end of a scan sorted per host and service.
Yes, that's a great idea. I'm eager to see such a patch. On the Metasploit blog I saw this post: http://blog.metasploit.com/2010/08/redesigning-credential-cracking.html. I think that is a good basis for design because they already have a schema for what information they've found necessary to record.
Btw, did you get to the bottom of the theading and mutex bug?
Not yet. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] new scripts and libraries: brute library, (continued)
- Re: [NSE] new scripts and libraries: brute library Patrik Karlsson (Aug 19)
- Re: [NSE] new scripts and libraries: brute library David Fifield (Aug 20)
- Re: [NSE] new scripts and libraries: brute library Patrik Karlsson (Aug 20)
- Re: [NSE] new scripts and libraries: brute library David Fifield (Aug 21)
- Re: [NSE] new scripts and libraries: vnc Patrik Karlsson (Aug 14)
- Re: [NSE] new scripts and libraries: vnc Henri Salo (Aug 14)
- Re: [NSE] new scripts and libraries: vnc Patrik Karlsson (Aug 14)
- Re: [NSE] new scripts and libraries: http Patrik Karlsson (Aug 19)
- Re: [NSE] new scripts and libraries: http David Fifield (Sep 06)
- Message not available
- Re: [NSE] new scripts and libraries: http DePriest, Jason R. (Sep 06)
- Re: [NSE] new scripts and libraries: http David Fifield (Sep 06)
- Re: [NSE] new scripts and libraries: svn Patrik Karlsson (Aug 18)
- Re: [NSE] new scripts and libraries: svn David Fifield (Aug 18)
- Re: [NSE] new scripts and libraries: svn Patrik Karlsson (Aug 18)
- Re: [NSE] new scripts and libraries: svn Patrick Donnelly (Aug 19)
- Re: [NSE] new scripts and libraries: svn Patrik Karlsson (Aug 19)
- Re: [NSE] new scripts and libraries: svn David Fifield (Aug 19)