Nmap Development mailing list archives

NSE script for finding user and admin login pages

From: Rewanth Cool <ravatheruler4 () gmail com>
Date: Sun, 16 Apr 2017 16:03:24 +0530

I wrote a NSE script that finds the existing user and admin login pages in
a website.

Exposing the admin login page is not a good practice and it can lead to
several attacks like brute force, sqli and etc.

Even if attacker manages to find the admin username and password, if he
can't find the admin login page its of no use. But exposing them to the
outside world is really a bad idea. Few websites use the common user login
pages for logging in as admin also. That's why I wrote a script that finds
the user login pages also.

I made a PR on #848 <https://github.com/nmap/nmap/pull/848> regarding the
same. I worked on it for more than 15 hrs, made 23 commits, tested it
thoroughly against various websites and then only I made this PR #848
<https://github.com/nmap/nmap/pull/848>.

To the best of my knowledge this NSE script is fully functional, error free
and is ready for a merge.

Best regards,
Rewanth.

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

NSE script for finding user and admin login pages Rewanth Cool (Apr 16)
- <Possible follow-ups>
- Re: NSE script for finding user and admin login pages Varunram Ganesh via dev (Apr 16)
  - Re: NSE script for finding user and admin login pages Rewanth Cool (Apr 16)
    - Re: NSE script for finding user and admin login pages Paulino Calderon (Apr 16)
    - Re: NSE script for finding user and admin login pages Rewanth Cool (Apr 17)
    - Re: NSE script for finding user and admin login pages nnposter (Apr 17)