Nmap Development mailing list archives
[RFC] New convention for credentials tagging via creds.lua
From: Daniel Miller <bonsaiviking () gmail com>
Date: Sat, 13 Jun 2015 22:55:25 -0500
List, Gio has put forward a proposal [1] for changing the convention of tagging credentials added or discovered during a scan via the creds.lua library [2]. Currently, adding new credentials requires the use of a parameter called "scriptname" which is always the value of SCRIPT_NAME. His proposal would be a more generic tagging system with a "service.application" scheme, allowing things like "http.joomla" and "http.wordpress" to coexist on one port. The current scheme allows this, too, but only because we have separate http-wordpress-brute and http-joomla-brute scripts. If http-form-brute were intelligent enough to brute-force multiple paths on one website, it would not be well-supported. Please leave your feedback here or on the issue page linked below. Dan [1] http://issues.nmap.org/159 [2] https://nmap.org/nsedoc/lib/creds.html
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [RFC] New convention for credentials tagging via creds.lua Daniel Miller (Jun 13)