[RFC] New convention for credentials tagging via creds.lua

[Daniel Miller <bonsaiviking () gmail com>]

List,

Gio has put forward a proposal [1] for changing the convention of tagging
credentials added or discovered during a scan via the creds.lua library
[2]. Currently, adding new credentials requires the use of a parameter
called "scriptname" which is always the value of SCRIPT_NAME. His proposal
would be a more generic tagging system with a "service.application" scheme,
allowing things like "http.joomla" and "http.wordpress" to coexist on one
port. The current scheme allows this, too, but only because we have
separate http-wordpress-brute and http-joomla-brute scripts. If
http-form-brute were intelligent enough to brute-force multiple paths on
one website, it would not be well-supported.

Please leave your feedback here or on the issue page linked below.

Dan

[1] http://issues.nmap.org/159
[2] https://nmap.org/nsedoc/lib/creds.html

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/