Nmap Development mailing list archives
Re: Password profiling in NSE
From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 20 Jan 2017 09:23:52 -0600
George, If we introduce an additional option for mangling, I believe there
will be more users running nmap with both options (passprofile and mangling) compared to only passprofile. It probably worth its time too, as it highly increases the chances of a successful attack.
Having said that, maybe an option that turns off mangling makes more sense. However, I understand your concern that NSE should lean towards speed and I'm fine having mangling as optional feature.
I imagine many will use it, too, but they should be kept separate because some users may wish to use mangling with a custom wordlist (i.e. not with password profiling), or with some combination of both (mangling done over profiled candidates and wordlist words alike).
Will it make things easier if I submit a PR via Github that addresses (1) and (2)?
Yes, that would be good. Varunram has already attempted this in #643, which I have not reviewed because of some unrelated commits, but since this is your code it would probably be best if you did the pull request yourself. As I said, I would prefer to see separate pulls for profiling and for mangling, and I think the profiling is the more exciting feature, but I'll review anything you put up. Dan
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Password profiling in NSE Daniel Miller (Jan 11)
- Re: Password profiling in NSE George Chatzisofroniou (Jan 20)
- Re: Password profiling in NSE Daniel Miller (Jan 20)
- <Possible follow-ups>
- Re: Password profiling in NSE Varunram Ganesh (Jan 18)
- Re: Password profiling in NSE George Chatzisofroniou (Jan 20)