Nmap Development mailing list archives

[RFC] Username/Password NSE library

From: Kris Katterjohn <katterjohn () gmail com>
Date: Tue, 17 Jun 2008 15:46:09 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey everyone,

I've started working on a username and password NSE library.  This library
will separately hand out usernames and/or passwords to scripts for use with
brute forcing or whathaveyou.

I'll probably have one set of functions return a closure to return the
usernames or passwords one-at-a-time, and possibly another set of functions to
return the whole username or password table.

Unless some portability problem arises, the library will read usernames and
passwords from lists/databases kept in the nselib directory (I was thinking
maybe in a "data" subdirectory, and so other libraries' stuff can be stored
out of the way).

This library will also support script arguments to allow users to select their
own username and/or password databases to read from.

Now I need opinions on good username and password lists to ship and use by
default.  There is an ordered password list shipped with John the Ripper which
has 3107 entries.  The license[1] pretty much says we can distribute it if we
give credit and also ship the license.  Are there any ideas on a better list?

What about a good username list?

Any other comments are appreciated.

Thanks,
Kris Katterjohn

[1] http://www.openwall.com/wordlists/LICENSE.shtml

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSFgikP9K37xXYl36AQLVAhAAmcS3sBZXrfaKgsCekBcPHCt0ZZbmBaS+
9jNSLPxxo97kNn0JuX86KQtTBOzIrY0aoRUeFbUA4guJdS1ddGWkmjNzrCGQ3D9f
4H+T0xdbL92GITkHCS1ctFIzFDaKQAuuM2Hc9HfStc79M0h7grAO1cOqHc9e9/40
JD3Ykw5cHzEkpVL6+PTcsrM95fDL1RKknZ1inKdyNOcq2QtaAxrR+e79eTxj3s77
GX2PAYUh/QeaIp0pZ62AY9T770RNkvDiUkbsqhgXz0B0VbK8nBeXXmE6kDLdI1sM
hZ7Hf6PiSNM5W7v+aWSQRAjoEc4NvQ+fDYgCKQdcXPS4pHxzgyNOR4Q7vi4hs0sa
chMYiujHsySu9NpKHZyONqka3NBeiFlZb31tbfx96iJ+50/HNRej0UL0hx+Lt8yo
8WU5lG2oGZIFd8p1ScMBhFXmXkjYAxBa9a7JA4eKCAHpW1AJ9fCZx5vWHH6zJ+TY
xmMZ5BjlsISP68D5d9YXQycC6/RWbt1sLDd3+y+ZmljuOv/1CtqLWu+ea+8yF+XS
atbSfrJlxQGFFcQ9b/N9fAwWXbNTdB69zRavrDx0VFMogsjV+d1lQmYY+K+HQOLH
Wj+ylFrqisZszxJb/WaxgwLnLTD2v+TZz11v4etw5EG9WOs1peu+9ZACfhFgySZi
MAc6FOywO4Y=
=udCM
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

[RFC] Username/Password NSE library Kris Katterjohn (Jun 17)
- Re: [RFC] Username/Password NSE library Brandon Enright (Jun 17)
  - Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 17)
    - Re: [RFC] Username/Password NSE library Andrew J. Bennieston (Jun 18)
- Re: [RFC] Username/Password NSE library Tom Sellers (Jun 17)
  - Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 17)
    - Re: [RFC] Username/Password NSE library Fyodor (Jun 18)
    - Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 18)
    - Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 19)
    - Re: [RFC] Username/Password NSE library Fyodor (Jun 19)
    - Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 19)

(Thread continues...)