Ncrack revived

[Fotis Hantzis <ithilgore.ryu.l () gmail com>]

Hello nmap-dev,
it's been a while since I last updated Ncrack but I have been actively
working on it for quite some time now. I already updated the SSH module by
porting the latest openssh code (7.1) to the internal Ncrack ssh library
(currently only on svn). Now it is working against all latest ssh servers.
The analysis of how this was originally accomplished back when I originally
built the first version of the Ncrack SSH module is here for anyone
interested:
http://sock-raw.org/papers/openssh_library

I am aware that currently many people are using NSE for some of your
brute-forcing tasks, but Ncrack still remains a highly specialized tool for
this purpose, with a lot of useful features. Some of its main advantages
are:

* Intelligent core networking engine:

Ncrack knows when to back off to avoid DoS-ing a service and when to
increase its network connections by constantly trying to find a golden
ration between efficiency (speed) and reliability.
For example other competitors led to the shutdown of the FTP service while
Ncrack managed to maintain a balance and find the credentials correctly:
https://hackertarget.com/brute-forcing-passwords-with-ncrack-hydra-and-medusa/

* Service recognition through Nmap:

Ncrack can automatically get input from the normal (-oN) or XML (-oX) Nmap
output, recognize which ports are open and brute-force the equivalent
services that its modules support.

*  Fine-grained timing control:

Ncrack provides a variety of timing options with which you can optimize
your brute-force scans. Alongside the generic timing templates (T0 - T5),
you can specify the upper and lower limit of network connections per
service, the total number of connections, the authentication tries per
connection, the delay between each connection initiation and others which
give the penetration tester total control of a brute-force attack allowing
him to be flexible both in terms of stealth and performance.

Other features include:
* Stop current session and restore it later.
* Built-in lists of most frequently used usernames and passwords.
* Various modes of username/password list iteration (username first,
password first, pairwise)

It would be great if nmap-dev voiced their opinion on which new features
they would like to see in Ncrack:

- Which new protocols should Ncrack support? (prioritization list)
- What new features would be most helpful for the pentester?
- Any other ideas for improvement

For anyone that would like to help improve Ncrack by building more protocol
modules, I have written an extensive guide on how this can easily be
accomplished: https://nmap.org/ncrack/devguide.html

Cheers,
Ithilgore
(Fotis Hantzis)

-- 
http://sock-raw.org

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/