Nmap Development mailing list archives
Re: Ncrack revived
From: Daniel Miller <bonsaiviking () gmail com>
Date: Wed, 4 Nov 2015 07:49:40 -0600
Ithilgore, This is exciting news! For me, Ncrack's primary use has been as an SSH brute-forcer, since NSE doesn't have that capability. I think it's greatest strength going forward as part of the Nmap Project will be its single-purpose design: NSE may support more protocols, but it has these primary weaknesses: 1. A brute-force NSE script stops a network scan until it completes. This means that Nmap's primary purpose is hindered in some way. 2. A brute NSE script can only handle as many hosts at a time as the current hostgroup size. At the moment, NSE parallelization isn't the most intelligent and probably under-utilizes the network. I think Ncrack could be improved by deliberately addressing these deficiencies in NSE. One option would be an RPC listener of some sort for a running Ncrack process to accept new targets. This would let us make a NSE script to pass along targets as discovered, letting the Nmap scan continue while Ncrack handles the brute-forcing, maybe even on a different computer. I'm not familiar enough with Ncrack's architecture to know whether it would easily support a pipelined approach (different targets starting at different times) but it would at least have a better chance of batching in an appropriate size group. Dan On Wed, Nov 4, 2015 at 2:10 AM, Fotis Hantzis <ithilgore.ryu.l () gmail com> wrote:
Hello nmap-dev, it's been a while since I last updated Ncrack but I have been actively working on it for quite some time now. I already updated the SSH module by porting the latest openssh code (7.1) to the internal Ncrack ssh library (currently only on svn). Now it is working against all latest ssh servers. The analysis of how this was originally accomplished back when I originally built the first version of the Ncrack SSH module is here for anyone interested: http://sock-raw.org/papers/openssh_library I am aware that currently many people are using NSE for some of your brute-forcing tasks, but Ncrack still remains a highly specialized tool for this purpose, with a lot of useful features. Some of its main advantages are: * Intelligent core networking engine: Ncrack knows when to back off to avoid DoS-ing a service and when to increase its network connections by constantly trying to find a golden ration between efficiency (speed) and reliability. For example other competitors led to the shutdown of the FTP service while Ncrack managed to maintain a balance and find the credentials correctly: https://hackertarget.com/brute-forcing-passwords-with-ncrack-hydra-and-medusa/ * Service recognition through Nmap: Ncrack can automatically get input from the normal (-oN) or XML (-oX) Nmap output, recognize which ports are open and brute-force the equivalent services that its modules support. * Fine-grained timing control: Ncrack provides a variety of timing options with which you can optimize your brute-force scans. Alongside the generic timing templates (T0 - T5), you can specify the upper and lower limit of network connections per service, the total number of connections, the authentication tries per connection, the delay between each connection initiation and others which give the penetration tester total control of a brute-force attack allowing him to be flexible both in terms of stealth and performance. Other features include: * Stop current session and restore it later. * Built-in lists of most frequently used usernames and passwords. * Various modes of username/password list iteration (username first, password first, pairwise) It would be great if nmap-dev voiced their opinion on which new features they would like to see in Ncrack: - Which new protocols should Ncrack support? (prioritization list) - What new features would be most helpful for the pentester? - Any other ideas for improvement For anyone that would like to help improve Ncrack by building more protocol modules, I have written an extensive guide on how this can easily be accomplished: https://nmap.org/ncrack/devguide.html Cheers, Ithilgore (Fotis Hantzis) -- http://sock-raw.org _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Ncrack revived Fotis Hantzis (Nov 04)
- Re: Ncrack revived Jacek Wielemborek (Nov 04)
- Re: Ncrack revived Daniel Miller (Nov 04)
- Re: Ncrack revived Fotis Hantzis (Nov 04)
- Re: Ncrack revived Jacek Wielemborek (Nov 05)
- Re: Ncrack revived Fotis Hantzis (Nov 04)