Nmap Development mailing list archives
CouchDB and MongoDB
From: Martin Holst Swende <martin () swende se>
Date: Wed, 03 Feb 2010 22:07:03 +0100
Hi, I have now implemented the following : - json.lua is heavily reworked (and now according to specs :)) - except for Unicode collapsing into UTF-8, which is not done. If you have any good pointers on how to do that it is welcome. There is an issue with js null vs lua nil (which are different - lua nil is more like javascript undefined), which forced me to introduce json.NULL - more info about that is found in the code. - Both mongodb-scripts and couchdb scripts reports service version back to nmap. -- However, couchdb as it is in the matchlines matches as "httpd". I'm not saying that is wrong, since http is the protocol used, but it may be misleading. Can it somehow be both? (There is an html web-interface for couchdb on http://localhost:5984/_utils/ , which other http-scripts could be interested in). One snag is that the portrule for couchdb should really not use "httpd" to match against, since it will give a lot of false positives - which means that the portrule must match on port only, and miss couchdb:s on other ports. So, maybe that should be changed to 'couchdb' ? Or, how should I set the portrule? - Made json, mongo and couch a bit less verbose. Attaching the files (but also available from http://martin.swende.se/hgwebdir.cgi/nsescripts/) Also, I have been looking a bit at bruteforcing, and have the following suggestion for a function which maybe could be added to unpwd, so that iterating can be done on a concatenation of both the passwords and arbitrary lists - usernames, hostnames, service names etc: --- Iterator that iterates over a table and another closure -- Usage -- for element in concat_iterate({"a","b"},try{unpwdb.usernames()}) do -- print(element) -- end function concat_iterate (t1,t2) local i = 0 -- reset the other iterator here t2('reset') local n = table.getn(t1) local f = function () i = i + 1 if i <= n then return t1[i] end return t2(n-i) end return f end function test() _,usernames = unpwdb.usernames() _,passwords = unpwdb.passwords() for username in usernames do for password in concat_iterate({username},passwords) do stdnse.print_debug( string.format("Trying %s/%s ...", username, password ) ) end --iterator("reset") Not needed anymore end end test() Regards, /Martin
Attachment:
couchdb.tar.gz
Description:
Attachment:
mongodb.tar.gz
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- MongoDB scripts Martin Holst Swende (Jan 19)
- Re: MongoDB scripts David Fifield (Jan 25)
- Re: MongoDB scripts Martin Holst Swende (Jan 25)
- Re: MongoDB scripts Martin Holst Swende (Jan 27)
- Re: MongoDB scripts David Fifield (Jan 29)
- Re: CouchDB scripts David Fifield (Jan 29)
- Re: CouchDB scripts Martin Holst Swende (Jan 31)
- Re: CouchDB scripts David Fifield (Feb 01)
- Re: CouchDB scripts David Fifield (Feb 01)
- CouchDB and MongoDB Martin Holst Swende (Feb 03)
- Re: CouchDB and MongoDB David Fifield (Feb 15)
- Re: CouchDB and MongoDB Martin Holst Swende (Feb 22)
- Re: CouchDB and MongoDB David Fifield (Feb 23)
- Re: CouchDB and MongoDB Martin Holst Swende (Feb 27)
- Re: CouchDB and MongoDB David Fifield (Feb 28)
- Re: MongoDB scripts Martin Holst Swende (Jan 25)
- Re: MongoDB scripts David Fifield (Jan 25)
- Re: CouchDB and MongoDB Patrick Donnelly (Feb 28)
- Re: CouchDB and MongoDB Martin Holst Swende (Mar 01)
- Re: CouchDB and MongoDB Patrick Donnelly (Mar 01)
- Lua and LPeg David Fifield (Mar 05)
- Re: Lua and LPeg Patrick Donnelly (Mar 05)