Nmap Development mailing list archives
NSE script for finding user and admin login pages
From: Rewanth Cool <ravatheruler4 () gmail com>
Date: Sun, 16 Apr 2017 16:03:24 +0530
I wrote a NSE script that finds the existing user and admin login pages in a website. Exposing the admin login page is not a good practice and it can lead to several attacks like brute force, sqli and etc. Even if attacker manages to find the admin username and password, if he can't find the admin login page its of no use. But exposing them to the outside world is really a bad idea. Few websites use the common user login pages for logging in as admin also. That's why I wrote a script that finds the user login pages also. I made a PR on #848 <https://github.com/nmap/nmap/pull/848> regarding the same. I worked on it for more than 15 hrs, made 23 commits, tested it thoroughly against various websites and then only I made this PR #848 <https://github.com/nmap/nmap/pull/848>. To the best of my knowledge this NSE script is fully functional, error free and is ready for a merge. Best regards, Rewanth.
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- NSE script for finding user and admin login pages Rewanth Cool (Apr 16)
- <Possible follow-ups>
- Re: NSE script for finding user and admin login pages Varunram Ganesh via dev (Apr 16)
- Re: NSE script for finding user and admin login pages Rewanth Cool (Apr 16)
- Re: NSE script for finding user and admin login pages Paulino Calderon (Apr 16)
- Re: NSE script for finding user and admin login pages Rewanth Cool (Apr 17)
- Re: NSE script for finding user and admin login pages nnposter (Apr 17)
- Re: NSE script for finding user and admin login pages Rewanth Cool (Apr 16)