Nmap Development mailing list archives
Re: [RFC] Username/Password NSE library
From: Kris Katterjohn <katterjohn () gmail com>
Date: Thu, 19 Jun 2008 16:54:57 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Fyodor wrote:
On Tue, Jun 17, 2008 at 10:12:16PM -0500, Kris Katterjohn wrote:Here are some ideas (not mutually exclusive of course): 1) The ability to grab a username or password at a timeOK.2) The ability to grab the full table of usernames or passwords, or a table of a certain sizeYou might be able to get by with either #1 or #2. Though my initial thought is that #1 would be better in that case.3) Maybe the ability to grab just "administrator" usernamesMaybe, though as you mentioned theyse may generally be at the top of the username list anyway. And a smart script which only wants admin usernames may be better off using its own list because the script may know if it is likely to be used against Windows, certain devices with common admin names, etc. So it may be able to exclude administrator names from other platforms.4) The ability to grab common default username/password pairs for networking devicesI think these lists would be specific to a certain script which scans such a device/service, so I'd rather let the script use its own lists. It would be nice if the library tells whether it is using a user-provided or default list. I'd generally probably use more entries from a user-provided list (perhaps all of them), while a default list can be limited to a much smaller number.
So what are your thoughts on how long the default lists should be? The general consensus seems to be fairly small (a few hundred).
Cheers, -F
Thanks, Kris Katterjohn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBSFrVsP9K37xXYl36AQJZvQ//VpnKNpAPqnnolcfNJKz5fUMetWKMPM8F w9CMiH4GN+w3NOQzCwwGPXlvGSbXy7qe/EqiYNb7Xd3MUDz3tXf+7lijFPTc9WX3 eD9VMpULi4mE0QS7kS4QoFzsyYeXxmuiAPFPG//8V86sIUM9A1y77d0OywHTSD8X 2TKG3tXnKyiEKjzy4mEx5lNupNi9Fdgja5VJ3WvLwHgAA+VxMybjXIxl9mYnzXka cKOsObupZ30+38NneUKu6Qn1IE5wfif9jL5POIUMDRi1I0EJd77SrkjaXi0/cll8 /XDmymbyJpRXKDkuKKw81sAEF8jL6Jew1zTP0tD6BadKMQP5JOlZTyEaaB6XZlu8 0si0tcO7DtbfyojCZKY1n+NbI46oiVEzYVtjfz7aZV6kEgFp04K6QDPl+EgQbaCi a8FJDG6j0zBc0KEmq64VhDPorqPp5xh2Kw7QpVrtPEkMipWkCqkSHVsf2dhLt1cG kP1Nh628XegQQyOoHBfiqYd0t33MthqtL1azdkt3svuy9ACUgst0MuiHAvAD3gHr H+MLRFlulyyvlwoU6Q8DvG8noRF2pH4vgWwX14arazmNou8CG8I5ZwIDMHL1QwCQ k9O61Tzzr/W8Vu7fLp04lDUf/+EO39BQyCbH5EqESU2P1z14vE8m61rzCFhwF5nK vGQZzKVdh1c= =rMSZ -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [RFC] Username/Password NSE library Kris Katterjohn (Jun 17)
- Re: [RFC] Username/Password NSE library Brandon Enright (Jun 17)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 17)
- Re: [RFC] Username/Password NSE library Andrew J. Bennieston (Jun 18)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 17)
- Re: [RFC] Username/Password NSE library Tom Sellers (Jun 17)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 17)
- Re: [RFC] Username/Password NSE library Fyodor (Jun 18)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 18)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 19)
- Re: [RFC] Username/Password NSE library Fyodor (Jun 19)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 19)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 23)
- RE: [RFC] Username/Password NSE library Thomas Buchanan (Jun 24)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 24)
- Re: [RFC] Username/Password NSE library Fyodor (Jun 24)
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 17)
- Re: [RFC] Username/Password NSE library Brandon Enright (Jun 17)
- Re: [RFC] Username/Password NSE library Philip Pickering (Jun 18)
- <Possible follow-ups>
- Re: [RFC] Username/Password NSE library Kris Katterjohn (Jun 24)
- RE: [RFC] Username/Password NSE library Thomas Buchanan (Jun 24)
- Re: [RFC] Username/Password NSE library Patrick Donnelly (Jun 24)