ftp-brute.nse overhaul

[Ron <ron () skullsecurity net>]

Hi all,

I was investigating a way to improve the ftp scripts today, when I 
noticed that ftp-brute.nse was only checking one account. So, as I love 
doing, I took it apart and put it back together. Now it uses the unpwdb 
database.

I ran into an issue that I was hoping somebody could test on other 
servers and give opinions on: vsftp responds *very* slowly (about 1 
second/request), so to run through all 2000 combinations of 
usernames/passwords would take hours. For that reason, for now, I 
artificially limited the checks to the first 10 usernames + passwords 
(with a script-arg to increase that).

So, I'm wondering:
* Is this the case on servers besides vsftp as well? If other servers 
are faster, I'll add some code to detect the behaviour and change the limits
* Is this an acceptable solution? Or does somebody have a better way of 
doing it?
* Should this type of function be built right into unpwdb, or done on a 
per-script basis? I'd like to revamp unpwdb at some point
* Would this be a case to experiment with multi-threaded scripts? Does 
that capability exist yet? (I haven't looked into Lua threading)

I checked in my changes for now, since they are a significant 
improvement over what was there, but this can still use some work

Ron

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org