[NSE] Patch to add a password mangling mode to the library brute

[Paulino Calderon <paulino () calderonpale com>]

Hi list,

This is a patch for the NSE library 'brute' to add support to basic
password mangling in all brute scripts. It adds a new brute mode called
'pass-mangling' and the script argument 'brute.mangling-rule' which
supports the rules 'digits', 'strings', 'special' and 'all'.

Rule 'digits':
-Appends common digits found in passwords such as:
[0-9]
[00-99]
123
1234
12345

Rule 'strings':
-Performs common string operations like reverse, repetition,
capitalization, camelization, leetify, etc.

Rule 'special':
-Appends common special characters

For example, the password 'secret' would yield the following additional
combinations using the mangling rule 'all':
secret2014
secret2015
secret2013
secret2012
secret2011
secret2010
secret2009
secret0
secret1
secret2
...
secret9
secret00
secret01
...
secret99
secret123
secret1234
secret12345
s3cr3t
SECRET
S3CR3T
secret
terces
Secret
S3cr3t
secretsecret
secretsecretsecret
secret$
secret#
secret!
secret.
secret@

I'm working on more advanced password mangling rules, doing more research
and improving the documentation at the moment but this initial set should
cover the base. I also wanted to see if anyone else have good ideas for
mangling rules to include with this.

Happy holidays!

Attachment: brute_lua.patch
Description:

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/