Nmap Development mailing list archives
Re: [RFC] Username/Password NSE library
From: Fyodor <fyodor () insecure org>
Date: Wed, 18 Jun 2008 00:01:23 -0700
On Tue, Jun 17, 2008 at 10:12:16PM -0500, Kris Katterjohn wrote:
Here are some ideas (not mutually exclusive of course): 1) The ability to grab a username or password at a time
OK.
2) The ability to grab the full table of usernames or passwords, or a table of a certain size
You might be able to get by with either #1 or #2. Though my initial thought is that #1 would be better in that case.
3) Maybe the ability to grab just "administrator" usernames
Maybe, though as you mentioned theyse may generally be at the top of the username list anyway. And a smart script which only wants admin usernames may be better off using its own list because the script may know if it is likely to be used against Windows, certain devices with common admin names, etc. So it may be able to exclude administrator names from other platforms.
4) The ability to grab common default username/password pairs for networking devices
I think these lists would be specific to a certain script which scans such a device/service, so I'd rather let the script use its own lists. It would be nice if the library tells whether it is using a user-provided or default list. I'd generally probably use more entries from a user-provided list (perhaps all of them), while a default list can be limited to a much smaller number. Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [RFC] Username/Password NSE library Kris Katterjohn (Jun 17)
- Re: [RFC] Username/Password NSE library Brandon Enright (Jun 17)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 17)
- Re: [RFC] Username/Password NSE library Andrew J. Bennieston (Jun 18)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 17)
- Re: [RFC] Username/Password NSE library Tom Sellers (Jun 17)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 17)
- Re: [RFC] Username/Password NSE library Fyodor (Jun 18)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 18)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 19)
- Re: [RFC] Username/Password NSE library Fyodor (Jun 19)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 19)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 23)
- RE: [RFC] Username/Password NSE library Thomas Buchanan (Jun 24)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 24)
- Re: [RFC] Username/Password NSE library Fyodor (Jun 24)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 17)
- Re: [RFC] Username/Password NSE library Brandon Enright (Jun 17)
- Re: [RFC] Username/Password NSE library Philip Pickering (Jun 18)
- <Possible follow-ups>
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 24)