Nmap Development mailing list archives
[NSE] http gitweb projects enum
From: riemann <riemann () opendz org>
Date: Fri, 20 Apr 2012 04:39:27 +0100
Hi list, This a script to enumerate public projects diplayed with gitweb. Also in most case the author column in project list can be used in bruteforce operation as a username, are there any solution to add a list of user collected by this script to unpawdb and use it in an other script? This is what proposed from djalal harouni after some private talk about the probleme What do you think of this proposition: Can we add support for in memory usernames/passwords addition ? add them to the 'usertable' or 'passtable' tables of unpwdb.lua library and give them precedence over the usernames/passwords that areretrieved from a file ? should we link them to their host ? or just use 'nmap.registry[self.host.ip].unpawdb_entries' ? We can consider the
creds.lua library but that one seems more for reporting only (output), but I'm not sure, perhaps we should just add the state LIKELY_VALID and push them there for output and avoid updating unpwdb.lua entries for input ? Well public cvs,svn,git logs are for diffs not for crack-me...Note: the creds.lua library has the logic to attach entries to their host.
If we push them into unpwdb.lua tables then all the brute scriptswill use them automatically... a positive point, but abuses will eat memory...
Thoughts ? Thx.
Attachment:
http-gitweb-projects-enum.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] http gitweb projects enum riemann (Apr 19)
- Re: [NSE] http gitweb projects enum Patrik Karlsson (Apr 20)