Re: New NSE script: http-default-accounts.nse - Default account access checker

[Gutek <ange.gutek () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Le 02/07/2011 01:47, Paulino Calderon a écrit :
> Hi nmap-dev,
>
> I'm attaching http-default-accounts.nse , the purpose of this script is
> to help us check for applications or devices left with default
> credentials. It works similar to http-enum by matching known paths to
> detect applications and it is less invasive than a brute force attack.
If this could be of any help, please find attached my own routers
default credentials database (various sources). I can't provide a patch
following your fingerprints format because I don't know case by case the
login process (form, basic...) for each of them.
Plus, although most of the time the login page sits on root, it's not
always true and I don't collect those paths.

Anyway, feel free to use it for this script or any future one.

Regards,

A.G.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk4O0DcACgkQ3aDTTO0ha7iqAQCcC6A0rqwNXCMtZ1EpYiNv+N/B
h3QAnRzswv6MO8vDGNP98LmqI0VhZbip
=DGXh
-----END PGP SIGNATURE-----

Attachment: routers-default-logins.lst
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/