Nmap Development mailing list archives
Re: New NSE script: http-default-accounts.nse - Default account access checker
From: Gutek <ange.gutek () gmail com>
Date: Sat, 02 Jul 2011 10:00:55 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Le 02/07/2011 01:47, Paulino Calderon a écrit :
Hi nmap-dev, I'm attaching http-default-accounts.nse , the purpose of this script is to help us check for applications or devices left with default credentials. It works similar to http-enum by matching known paths to detect applications and it is less invasive than a brute force attack.
If this could be of any help, please find attached my own routers default credentials database (various sources). I can't provide a patch following your fingerprints format because I don't know case by case the login process (form, basic...) for each of them. Plus, although most of the time the login page sits on root, it's not always true and I don't collect those paths. Anyway, feel free to use it for this script or any future one. Regards, A.G. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk4O0DcACgkQ3aDTTO0ha7iqAQCcC6A0rqwNXCMtZ1EpYiNv+N/B h3QAnRzswv6MO8vDGNP98LmqI0VhZbip =DGXh -----END PGP SIGNATURE-----
Attachment:
routers-default-logins.lst
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- New NSE script: http-default-accounts.nse - Default account access checker Paulino Calderon (Jul 01)
- Re: New NSE script: http-default-accounts.nse - Default account access checker Gutek (Jul 02)
- Re: New NSE script: http-default-accounts.nse - Default account access checker - CALL FOR FINGERPRINTS Paulino Calderon (Jul 16)
- Re: New NSE script: http-default-accounts.nse - Default account access checker - CALL FOR FINGERPRINTS Shinnok (Jul 23)
- Re: New NSE script: http-default-accounts.nse - Default account access checker - CALL FOR FINGERPRINTS Shinnok (Jul 23)
- Re: New NSE script: http-default-accounts.nse - Default account access checker - CALL FOR FINGERPRINTS Hani Benhabiles (Jul 23)
- Re: New NSE script: http-default-accounts.nse - Default account access checker - CALL FOR FINGERPRINTS Paulino Calderon (Jul 23)
- Re: New NSE script: http-default-accounts.nse - Default account access checker - CALL FOR FINGERPRINTS Shinnok (Jul 23)