Nmap Development mailing list archives
Re: HTTP Brute Force NSE script
From: Thomas Buchanan <tbuchanan () thecompassgrp net>
Date: Thu, 02 Apr 2009 09:39:37 -0500
João wrote:
Hey David, thanks a lot for the feedback. On Wed, Apr 1, 2009 at 11:57 AM, David Fifield <david () bamsoftware com> wrote:On Wed, Apr 01, 2009 at 04:13:07AM -0300, João wrote:Today I was studying about coding in NSE and for such task I've tried to develop a simple script. I've based myself in the other scripts that are available with nmap and I've written a small script for performing HTTP Brute Forcing based on wordlists.Yes. Actually I've used http-auth.nse as a reference for the authorization requests. http-auth-nse only checks if the server requires authorization and attempts two pairs of login/password. The script I've written collects pairs from files with usernames and passwords. The basic advantage is having files for that, and not keeping the data inside the script.
Hi João,Last June [1], I submitted a patch to remove the password guessing from http-auth and move it to its own separate script, which used the unpwdb library. These changes were never accepted, and I didn't have time to pursue it any further, but there might be some things in that thread that are of use to you.
I still think that the discovery of web services and urls that require authentication should be separate from the actual brute forcing. I'd encourage you to continue working on these scripts. I would love to see http-auth (or one of the other web server discovery scripts) extended so that it looks for common subfolders (for example, many Windows servers have a /printer/ directory) or other urls that require authentication, then passes that list off to the http brute forcing script. I think this could be accomplished using the NSE concept of runlevels and possibly the use of the registry to retain information between script runs.
It would also be great to see any http brute forcing scripts extended to support multiple types of authentication. As David indicated, there have been efforts to integrate Digest authentication brute forcing, but the current status is unknown. I'd be very curious to see if Ron's work with SMB and NTLM would allow us to do http brute forcing against Windows servers that require NTLM authentication. Sadly I don't have time to look into that myself.
Anyway, good luck with your GSoC application, and happy coding! Thomas [1] http://seclists.org/nmap-dev/2008/q2/0850.html _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- HTTP Brute Force NSE script João (Apr 01)
- Re: HTTP Brute Force NSE script David Fifield (Apr 01)
- Re: HTTP Brute Force NSE script Ron (Apr 01)
- Re: HTTP Brute Force NSE script João (Apr 01)
- Re: HTTP Brute Force NSE script Thomas Buchanan (Apr 02)
- Re: HTTP Brute Force NSE script David Fifield (Apr 01)