PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-24 16:39:03 +00:00
Code Issues Projects Releases Wiki Activity

Adds new fingerprint and new login template.

Browse Source
This commit is contained in:
paulino
2011-07-04 20:56:06 +00:00
parent 89bf1d1661
commit e9e4b6d27d
1 changed files with 47 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
nselib/data/http-default-accounts-fingerprints.lua
View File

@@ -11,6 +11,16 @@
-- * <code>paths</code> - Paths table containing the possible location of the target
-- * <code>login_check</code> - Login function of the target
---
---
-- Requests given path using basic authentication.
-- @param host Host table
-- @param port Port table
-- @param path Path to request
-- @param user Username for Basic Auth
-- @param pass Password for Basic Auth
-- @return True if login in was successful
---
local function try_http_basic_login(host, port, path, user, pass)
local credentials = {username = user, password = pass}
local req = http.get(host, port, path, {no_cache=true, auth=credentials})
@@ -20,6 +30,29 @@ local function try_http_basic_login(host, port, path, user, pass)
return false
end
---
-- Tries to login with a http post, if the FAIL string is not found
-- we assume login in was successful
-- @param host Host table
-- @param port Port table
-- @param target Target file
-- @param failstr String shown when login in fails
-- @param params Post parameters
-- @param follow_redirects True if you want redirects to be followed
-- @return True if login in was successful
---
local function try_http_post_login(host, port, path, target, failstr, params, follow_redirects)
local req = http.post(host, port, path..target, {no_cache=true}, nil, params)
local status = ( req and tonumber(req.status) ) or 0
if follow_redirects and ( status > 300 and status < 400 ) then
req = http.get(host, port, url.absolute(path, req.header.location), { no_cache = true})
end
if not(http.response_contains(req, failstr)) then
return true
end
return false
end
fingerprints = {}
---
@@ -35,11 +68,7 @@ table.insert(fingerprints, {
{username = "admin", password = "admin"}
},
login_check = function (host, port, path, user, pass)
local req = http.post(host, port, path.."index.php", {no_cache=true}, nil, {action="login", login_username=user, login_password=pass})
if not(http.response_contains(req, 'Invalid User Name/Password')) then
return true
end
return false
return try_http_post_login(host, port, path, "index.php", "Invalid User Name/Password", {action="login", login_username=user, login_password=pass}, false)
end
})
@@ -63,4 +92,16 @@ table.insert(fingerprints, {
---
--ROUTERS
---
table.insert(fingerprints, {
name = "Arris 2307",
category = "routers",
paths = {
{path = "/logo_t.gif"}
},
login_combos = {
{username = "", password = ""}
},
login_check = function (host, port, path, user, pass)
return try_http_post_login(host, port, path, "login.cgi", "Login Error !!", {action="submit", page="", logout="", pws=pass})
end
})