Nmap Development mailing list archives
Sergey. [Status Report 01/17]
From: Sergey Khegay <g.sergeykhegay () gmail com>
Date: Thu, 5 May 2016 14:32:06 -0400
[Report 01/17] Hello Nmap Community, My name is Sergey, I am a MS Computer Science student at New York University Tandon School of Engineering. I am going to work on improvement of NSE brute-force performance and add additional support of such protocols like ssh and rdp. Currently there are more than 60 brute-forcing scripts but there is still room for improvement of NSE's parallelism, performance and protocol support. My mentor is Fotis Hantzis, Ncrack's author. This is my first status report. I would highly appreciate any feedback from the community. My IRC chat nickname is scier. My email is g.sergeykhegay (at) gmail.com So far I have managed to: - Learn about NSE Parallelism and Ncrack Information. - Set up a testing environment o I use a Vagrant VM to benchmark performance locally. o Amazon EC2 Virtual Server is used for remote testing. o In both environments I run vsftpd daemon. o I use Ncrack and THC-Hydra for comparison. o A script is written to automate testing. o I use Ncrack's default password and username lists. Mostly hugely minimized version of latter. The correct credentials are just appended to the lists. (student:gsoc2016) - I studied the internals of the brute.lua. o So far there is no any kind of adaptivity to the working condition. o The script just spawns pre-specified number of coroutines without any adaptation en route. - On the question of adaptability. This is a bit more tricky. I like the Ncrack's approach, but it seems that right now it is hard to implement it in the brute.lua not breaking other scripts that depend on the library. I need to dig a bit more into internals of the NSE. Probably I am going to try to change some parts and look how it works. Goals: o: Conduct performance testing and see where NSE falls back. o: Make minor iterative changes to brute.lua see how it works. o: Study more about the internals of the NSE, especially parallelism part. Best regards, Sergey.
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Sergey. [Status Report 01/17] Sergey Khegay (May 05)