mirror of
https://github.com/nmap/nmap.git
synced 2025-12-10 17:59:04 +00:00
Sergey's GSOC 2016 brute.lua improvements. Closes #518
This commit is contained in:
dmiller
@@ -1,5 +1,11 @@
|
|||||||
# Nmap Changelog ($Id$); -*-text-*-
|
# Nmap Changelog ($Id$); -*-text-*-
|
||||||
|
|
||||||
|
o [NSE][GH#518] Brute scripts are faster and more accurate. New feedback and
|
||||||
|
adaptivity mechanisms in brute.lua help brute scripts use resources more
|
||||||
|
efficiently, dynamically changing number of threads based on protocol
|
||||||
|
messages like FTP 421 errors, network errors like timeouts, etc.
|
||||||
|
[Sergey Khegay]
|
||||||
|
|
||||||
o [GH#353] New option --defeat-icmp-ratelimit dramatically reduces UDP scan
|
o [GH#353] New option --defeat-icmp-ratelimit dramatically reduces UDP scan
|
||||||
times in exchange for labeling unresponsive (and possibly open) ports as
|
times in exchange for labeling unresponsive (and possibly open) ports as
|
||||||
"closed|filtered". Ports which give a UDP protocol response to one of Nmap's
|
"closed|filtered". Ports which give a UDP protocol response to one of Nmap's
|
||||||
|
|||||||
14
nse_nsock.cc
14
nse_nsock.cc
@@ -1065,6 +1065,19 @@ static int l_pcap_receive (lua_State *L)
|
|||||||
return yield(L, nu, "PCAP RECEIVE", FROM, 0, NULL);
|
return yield(L, nu, "PCAP RECEIVE", FROM, 0, NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* This function also has a binding in stdnse.lua */
|
||||||
|
static int l_get_stats (lua_State *L) {
|
||||||
|
lua_newtable(L);
|
||||||
|
int idx = lua_gettop(L);
|
||||||
|
|
||||||
|
/* the only field so far is
|
||||||
|
connect_waiting - number of threads waiting for connection */
|
||||||
|
lua_pushinteger(L, nseU_tablen(L, CONNECT_WAITING));
|
||||||
|
lua_setfield(L, idx, "connect_waiting");
|
||||||
|
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
LUALIB_API int luaopen_nsock (lua_State *L)
|
LUALIB_API int luaopen_nsock (lua_State *L)
|
||||||
{
|
{
|
||||||
static const luaL_Reg metatable_index[] = {
|
static const luaL_Reg metatable_index[] = {
|
||||||
@@ -1092,6 +1105,7 @@ LUALIB_API int luaopen_nsock (lua_State *L)
|
|||||||
{"new", l_new},
|
{"new", l_new},
|
||||||
{"sleep", l_sleep},
|
{"sleep", l_sleep},
|
||||||
{"parse_ssl_certificate", l_parse_ssl_certificate},
|
{"parse_ssl_certificate", l_parse_ssl_certificate},
|
||||||
|
{"get_stats", l_get_stats},
|
||||||
{NULL, NULL}
|
{NULL, NULL}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
1045
nselib/brute.lua
1045
nselib/brute.lua
File diff suppressed because it is too large
Load Diff
@@ -9,6 +9,8 @@ description = [[
|
|||||||
Performs brute force password auditing against FTP servers.
|
Performs brute force password auditing against FTP servers.
|
||||||
|
|
||||||
Based on old ftp-brute.nse script by Diman Todorov, Vlatko Kosturjak and Ron Bowes.
|
Based on old ftp-brute.nse script by Diman Todorov, Vlatko Kosturjak and Ron Bowes.
|
||||||
|
|
||||||
|
06.08.16 - Modified by Sergey Khegay to support new brute.lua adaptability mechanism.
|
||||||
]]
|
]]
|
||||||
|
|
||||||
---
|
---
|
||||||
@@ -52,7 +54,7 @@ Driver = {
|
|||||||
end,
|
end,
|
||||||
|
|
||||||
connect = function( self )
|
connect = function( self )
|
||||||
self.socket = nmap.new_socket()
|
self.socket = brute.new_socket()
|
||||||
local status, err = self.socket:connect(self.host, self.port)
|
local status, err = self.socket:connect(self.host, self.port)
|
||||||
self.socket:set_timeout(arg_timeout)
|
self.socket:set_timeout(arg_timeout)
|
||||||
if(not(status)) then
|
if(not(status)) then
|
||||||
@@ -65,7 +67,6 @@ Driver = {
|
|||||||
local status, err
|
local status, err
|
||||||
local res = ""
|
local res = ""
|
||||||
|
|
||||||
|
|
||||||
status, err = self.socket:send("USER " .. user .. "\r\n")
|
status, err = self.socket:send("USER " .. user .. "\r\n")
|
||||||
if(not(status)) then
|
if(not(status)) then
|
||||||
return false, brute.Error:new("Couldn't send login: " .. err)
|
return false, brute.Error:new("Couldn't send login: " .. err)
|
||||||
@@ -87,7 +88,11 @@ Driver = {
|
|||||||
stdnse.debug1("Successful login: %s/%s", user, pass)
|
stdnse.debug1("Successful login: %s/%s", user, pass)
|
||||||
return true, creds.Account:new( user, pass, creds.State.VALID)
|
return true, creds.Account:new( user, pass, creds.State.VALID)
|
||||||
elseif(string.match(line, "^530")) then
|
elseif(string.match(line, "^530")) then
|
||||||
return false, brute.Error:new( "Incorrect password" )
|
return false, brute.Error:new( "Incorrect password" )
|
||||||
|
elseif(string.match(line, "^421")) then
|
||||||
|
local err = brute.Error:new("Too many connections")
|
||||||
|
err:setReduce(true)
|
||||||
|
return false, err
|
||||||
elseif(string.match(line, "^220")) then
|
elseif(string.match(line, "^220")) then
|
||||||
elseif(string.match(line, "^331")) then
|
elseif(string.match(line, "^331")) then
|
||||||
else
|
else
|
||||||
@@ -108,18 +113,13 @@ Driver = {
|
|||||||
self.socket:close()
|
self.socket:close()
|
||||||
return true
|
return true
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
action = function( host, port )
|
action = function( host, port )
|
||||||
|
|
||||||
local status, result
|
local status, result
|
||||||
local engine = brute.Engine:new(Driver, host, port)
|
local engine = brute.Engine:new(Driver, host, port)
|
||||||
engine.options.script_name = SCRIPT_NAME
|
engine.options.script_name = SCRIPT_NAME
|
||||||
|
|
||||||
|
|
||||||
status, result = engine:start()
|
status, result = engine:start()
|
||||||
|
|
||||||
return result
|
return result
|
||||||
end
|
end
|
||||||
|
|||||||
Reference in New Issue
Block a user