Nmap Development mailing list archives

Re: [NSE] DB2 library and scripts

From: Patrik Karlsson <patrik () cqure net>
Date: Wed, 12 May 2010 17:08:53 +0200

On 12 maj 2010, at 02.19, David Fifield wrote:

On Tue, May 11, 2010 at 07:57:34PM +0200, Patrik Karlsson wrote:
Hi again,

I'm attaching yet another version of the DB2-brute script.
In this version, I've used the excellent code provided by Patrick (thanks!) and changed the behavior/design 
according to Fyodor's suggestions [1].
I'm also providing some *very* simple benchmarking of this new script and the old single threaded one running 
against DB2 on Linux.

The benchmarking was performed against a Linux DB2 installation running in Virtualbox. 
The default usernames and passwords files were used, which results in 50840 username and password combinations.

These are the results of the old single threaded script:
abuse:nmap-dev patrik$ ./nmap -p 60000 --script db2-brute-st --script-args db2-brute.dbname=haxxoree 
Nmap done: 1 IP address (1 host up) scanned in 142.75 seconds
Nmap done: 1 IP address (1 host up) scanned in 135.33 seconds
Nmap done: 1 IP address (1 host up) scanned in 125.51 seconds
Average: 134,53
TPS: 377,91

These are the results of the new attached script (running 10 threads):
abuse:nmap-dev patrik$ ./nmap -p 60000 --script db2-brute --script-args db2-brute.dbname=haxxoree 
Nmap done: 1 IP address (1 host up) scanned in 107.44 seconds
Nmap done: 1 IP address (1 host up) scanned in 105.29 seconds
Nmap done: 1 IP address (1 host up) scanned in 110.32 seconds
Average: 107,68
TPS: 472,14

So this rudimentary benchmark suggests a 25% performance increase when
running with 10 threads.

I have an idea to sanity-check these results. Make 10 copies of the
unparallelized one-thread db2-brute script, and run all 10 copies
against the same server. If the process is 100% parallelizable on the
server, then it will take the same time to run all 10 in parallel as it
takes to run 1. If it is 0% parallelizable, it will take 10 times as
long. What we expect to see is a time around 10 times what you measured
with 10 thread, or about 1100 seconds. If it's much different than that,
then you're probably hitting some different bottleneck on the client.

Does that make sense?

I made a number of attempts and was extremely impressed by the results, until I realized that the unpwd time limit 
kicked in after 900 seconds.
Once I changed the timeout to unlimited these are the results:

abuseX:nmap-dev patrik$ ./nmap -p 60000 --script 
 --script-args db2-brute.dbname=haxxoree,userdb=/tmp/users.txt,passdb=/tmp/pass.txt,unpwdb.timelimit=0

Starting Nmap 5.30BETA1 ( http://nmap.org ) at 2010-05-12 16:20 CEST
Nmap scan report for ubu904-srv.labb.lo (
Host is up (0.0017s latency).
60000/tcp open  unknown

Nmap done: 1 IP address (1 host up) scanned in 1204.31 seconds


David Fifield

Patrik Karlsson

Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

Current thread: