Re: [NSE] Request for feedback on account status reported by *-brute scripts

[Tom Sellers <nmap () fadedcode net>]

On 9/9/2011 7:54 PM, Tom Sellers wrote:
> All,
>       I would like to standardize on the following strings when reporting account
> status from the account brute force attack NSE scripts:
>
> Invalid credentials
> Valid credentials
> Valid credentials, account locked
> Valid credentials, account disabled
> Valid credentials, account expired
> Valid credentials, account cannot log in at current time
> Valid credentials, account cannot log in from current host
> Valid credentials, password must be changed at next logon
>
> If there are no objections I will make the changes to the scripts.  I will only
> change the values where the new text makes contextual sense.
>
> This is a short term goal.  My longer term goal will be to add support to each of
> the scripts for the creds library or convert them to Patrik's wicked useful brute
> library which has support for creds.


The changes mentioned above have been implemented for most scripts.  In the case
of some of the scripts only the example text was updated as they used the 'creds'
library which handles the strings internally.  There are a few scripts that I
did not adjust because either the changes did not make sense in context or it
would be easier to just migrate them to the 'creds' library.

This change WILL affect anyone who was programmatically parsing the scripts'
results. When the process is complete, however, it should make that effort easier.


Tom



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/