Nmap Development mailing list archives
Re: [NSE] new scripts and libraries: http
From: Patrik Karlsson <patrik () cqure net>
Date: Thu, 19 Aug 2010 22:54:40 +0200
On 13 aug 2010, at 06.48, David Fifield wrote:
On Sun, Aug 08, 2010 at 05:31:36PM +0200, Patrik Karlsson wrote:x http-brute - performs password guessing against basic authentication x http-form-brute - performs form-based password guessinghttp-brute looks good. My first idea was to make it have a default path of /, but requiring a script argument for that is fine too. In checking for a successful login, I think that it should do more than check for a 200 response. A 302 and probably others would be interesting as well. How about checking for not 4xx and not 5xx? Something like an IDS may start detecting all the requests and start returning 403, and that would ideally be detected, but that can wait until we get some actual reports.
Ok I ended up doing: if ( response.status < 400 or response.status > 599 ) then login success ... end
Could the cached credentials in in nmap.registry.credentials.http be indexed by the domain and realm? My idea is to introduce a more capable default http.get function that is capable of following redirects and using cached authentication automatically. If it knows the domain and realm it can do this just like a web browser.
I didn't change this because I wanted to check what your thoughts are on implementing a creds.lua library instead. Now all scripts are in charge of storing their credentials in the registry for other scripts to use. There is no standard way of doing so. Not even my own scripts use the same place or method. We could create a library that would basically have a function to store the credentials: function store_credentials( host, service, username, password, state, info ) We could then have a few different functions to fetch credentials like e.g. get_credentials_for_service( host, service ) get_credentials_for_host( host ) In addition it would be very easy to write a postrule script that would print all found credentials at the end of a scan sorted per host and service.
http-form-brute looks good, just like I would expect.
Thanks!
I suspect that looking for the nonexistence of uservar and passvar in the body will be more robust than looking for the nonexistence of 'type=\"password\"'.
I've changed this to reflect you suggestion.
You can commit these when you like.
Done, the scripts are in as r19893. Btw, did you get to the bottom of the theading and mutex bug?
David Fifield
//Patrik -- Patrik Karlsson http://www.cqure.net http://www.twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] new scripts and libraries: brute library, (continued)
- Re: [NSE] new scripts and libraries: brute library David Fifield (Aug 18)
- Re: [NSE] new scripts and libraries: brute library Patrik Karlsson (Aug 19)
- Re: [NSE] new scripts and libraries: brute library David Fifield (Aug 20)
- Re: [NSE] new scripts and libraries: brute library Patrik Karlsson (Aug 20)
- Re: [NSE] new scripts and libraries: brute library David Fifield (Aug 21)
- Re: [NSE] new scripts and libraries: vnc Patrik Karlsson (Aug 14)
- Re: [NSE] new scripts and libraries: vnc Henri Salo (Aug 14)
- Re: [NSE] new scripts and libraries: vnc Patrik Karlsson (Aug 14)
- Re: [NSE] new scripts and libraries: http Patrik Karlsson (Aug 19)
- Re: [NSE] new scripts and libraries: http David Fifield (Sep 06)
- Message not available
- Re: [NSE] new scripts and libraries: http DePriest, Jason R. (Sep 06)
- Re: [NSE] new scripts and libraries: http David Fifield (Sep 06)
- Re: [NSE] new scripts and libraries: svn Patrik Karlsson (Aug 18)
- Re: [NSE] new scripts and libraries: svn David Fifield (Aug 18)
- Re: [NSE] new scripts and libraries: svn Patrik Karlsson (Aug 18)
- Re: [NSE] new scripts and libraries: svn Patrick Donnelly (Aug 19)
- Re: [NSE] new scripts and libraries: svn Patrik Karlsson (Aug 19)
- Re: [NSE] new scripts and libraries: svn David Fifield (Aug 19)