PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-08 05:31:31 +00:00
Code Issues Projects Releases Wiki Activity
6,322 Commits 2 Branches 0 Tags
20575e01b92192a37293a1ce0137a16103661295
Commit Graph

30 Commits

Author SHA1 Message Date
patrik
20575e01b9 Fixed bug that would prevent brute library from stopping to guess passwords 
for an account, even when the correct password was found. [Patrik]
 2011-12-30 20:14:48 +00:00
patrik
8728f181d2 Reverting commit r27082 due to incompatibility with Lua 5.2 [Patrik] 2011-11-13 13:11:39 +00:00
patrik
776a11146e Added code to brute library that picks up the executing SCRIPT_NAME using getfenv [Patrik] 2011-11-13 12:56:29 +00:00
patrik
4edf096715 o [NSE] Added new functionality and fixed some bugs in the brute library: 
- Added support for restricting the amount of guesses performed by the
    brute library against users, to prevent account lockouts.
  - Added support to guess the username as password as incorrectly
    suggested as default behavior by the documentation.
  - Added support to guess an empty string as password if not present
    in the dictionary. [Patrik]
 2011-11-13 09:51:15 +00:00
patrik
77380bd9b0 o [NSE] Fixed bug that would prevent brute scripts from running if no service 
field was present in the port table. [Patrik]
 2011-11-10 20:42:47 +00:00
patrik
cbf71a1668 o [NSE] Fixed a bug where the brute library would not abort even after all 
retries were exhausted [Patrik]
 2011-11-02 09:48:33 +00:00
patrik
6c864bd9f8 Changed command line processing to assume cred mode if credfile was supplied 
and no mode was explicitly given [Patrik]
 2011-09-02 06:12:39 +00:00
patrik
5e954c65a9 Added support for comments in the credential_iterator [Patrik] 2011-07-25 17:59:05 +00:00
patrik
2faca7aed1 Added support for scripts to report invalid (non-existing) accounts back 
to the brute library. This way, they're removed from further guessing.
[Patrik]
 2011-07-21 05:56:58 +00:00
patrik
4356fe16a5 * fixed a bug that would result in unnecessary connects and disconnect for 
discovered accounts

* documented engine options

* added new engine option (nostore) that instructs the library not to store
  the discovered credentials in the credential database
 2011-07-13 20:49:20 +00:00
patrik
aadac7c8d5 * Fixed a bug in the brute library prevented additional passwords from 
being found if run in passonly mode.

* Fixed a bug in the brute library preventing detection of duplicate
  credential entries requested from the iterator.
 2011-07-12 21:23:12 +00:00
gorjan
25f00f01ec Another possible fix for the NSEDoc arguments in the brute.lua library 2011-07-10 16:20:49 +00:00
patrik
880f927fc0 fixed a statistic bug, cleaned up some code 
fixed a setMode bug that wouldn't accept mode 'creds'
changed the creds iterator to take a file handle instead of a table
[Patrik]
 2011-07-07 09:58:54 +00:00
gorjan
519d93da6d Fix for the NSEDoc missing @args 2011-07-06 20:19:20 +00:00
patrik
3a3ae7ede1 Added command line support to the creds library 
Changed getCredentials to allow a bitmask filter
Changed getCredentials to return an iterator instead of a table
Modified the brute library to support the changes
[Patrik]
 2011-07-06 12:16:43 +00:00
patrik
f4bf440b14 o [NSE] Added credential storage library (creds.lua) and modified the brute 
library and scripts to make use of it. [Patrik]
 2011-06-19 17:18:29 +00:00
patrik
b62cebc7b3 o [NSE] Fixed a problem in oracle-brute that would fail due to connection 
exhaustion. Fixed some debugging messages in the brute library [Patrik]
 2011-03-19 08:26:33 +00:00
patrik
eaf01310e7 Replaced an empty password with <empty> in a debug message. 2011-03-13 01:22:32 +00:00
david
5d07bded42 Typo fix. 2011-03-12 23:56:43 +00:00
patrik
72b7fcc299 Fixed bug so that empty passwords are printed as <empty> in script results. 
Bug reported by Toni Ruottu http://seclists.org/nmap-dev/2011/q1/789
 2011-03-12 23:50:57 +00:00
david
9f79aad78f Pass the driver_options whenever constructing a driver in brute.lua. This could 
be required, for example, when running the check method.
 2010-09-27 01:20:52 +00:00
patrik
e3781bb25d Changed the code to be more iterator oriented. Scripts can now add their own 
iterators. Mutliple iterators may be added and the library provides a number
of common ones. [Patrik]
 2010-09-14 19:43:53 +00:00
patrik
8cd97c4103 added additional documentation regarding the Error object 2010-08-20 17:58:13 +00:00
patrik
b5f645c2c7 Added more documentation regarding the Account and Error object. 2010-08-19 22:08:08 +00:00
david
66e1254649 Require -d2 to print out each guess in brute.lua, not just -d1. 2010-08-18 17:13:57 +00:00
david
018c6c5171 Remove the brute.emptypass script argument. We already include the 
empty password in our password list. If you want to turn it off, it
would be better to provide an interface that allows an iterator to throw
out certain passwords.
 2010-08-18 16:01:00 +00:00
david
f7b4d9146c Revise NSEDoc in brute.lua. 2010-08-18 15:52:32 +00:00
david
3c89e089fc Change calls in these forms: 
socket:connect(host.ip, port.number)
socket:connect(host.ip, port.number, port.protocol)

to this:

socket:connect(host, port)

connect can take host and port tables now, and the default protocol is
taken from the port table if possible.
 2010-08-16 18:59:30 +00:00
patrik
40a66945bb changed so that the error message of the Error object is returned when a 
script signals the engine to abort.
 2010-08-14 17:14:32 +00:00
patrik
5f58469ba7 o [NSE] Added a new brute library that provides a basic framework and logic 
for password guessing scripts. [Patrik]
 2010-08-14 14:56:40 +00:00