[NSE] Duplicate credential storage?

[nnposter () users sourceforge net]

I have noticed that nmap.registry holds two parallel structures for
credentials: "creds" and "credentials". The former is abstracted out
through the creds library and the latter is used directly by just a few
scripts.

Specifically, two scripts (http-brute, and http-form-brute) are
populating structure credentials.http, while they also utilize the creds
library so they are storing the credentials twice. In the entire script
collection only one script (http-domino-enum-passwords) seems to consume
the credentials.http structure.

I would like to solicit opinions whether the redundancy serves a
particular purpose or whether it is just a leftover. In case of the
latter, the attached patch converts the one script to use the creds
library and retires the credentials.http structure.

The patch does not touch script backorifice-brute, which populates
registry structure credentials.backorifice, although it would be very
easy to do so. As far as I can tell none of the scripts consume
credentials.backorifice. It looks like script backorifice-info was meant
to but it was not implemented.


Cheers,
nnposter

Attachment: registry-credentials.patch
Description:

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/