PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 13:11:28 +00:00
Code Issues Projects Releases Wiki Activity
Files
bb8be37ecea8d11f5093e085bd637afbe7029cc3
nmap/scripts/pop3-brute.nse
david 6fbc8868a9 Rename scripts (almost all of them) to make their names more consistent and 
make them look better in output. The full list of changes is
  anonFTP => ftp-anon
  ASN => asn-query
  brutePOP3 => pop3-brute
  bruteTelnet => telnet-brute
  daytimeTest => daytime
  dns-safe-recursion-port => dns-random-srcport
  dns-safe-recursion-txid => dns-random-txid
  dns-test-open-recursion => dns-recursion
  ftpbounce => ftp-bounce
  HTTPAuth => http-auth
  HTTP_open_proxy => http-open-proxy
  HTTPpasswd => http-passwd
  HTTPtrace => http-trace
  iax2Detect => iax2-version
  ircServerInfo => irc-info
  ircZombieTest => irc-zombie
  MSSQLm => ms-sql-info
  MySQLinfo => mysql-info
  popcapa => pop3-capabilities
  PPTPversion => pptp-version
  promiscuous => sniffer-detect
  RealVNC_auth_bypass => realvnc-auth-bypass
  robots => robots.txt
  showHTMLTitle => html-title
  showOwner => identd-owners
  skype_v2-version => skypev2-version
  smb-enumdomains => smb-enum-domains
  smb-enumsessions => smb-enum-sessions
  smb-enumshares => smb-enum-shares
  smb-enumusers => smb-enum-users
  smb-serverstats => smb-server-stats
  smb-systeminfo => smb-system-info
  SMTPcommands => smtp-commands
  SMTP_openrelay_test => smtp-open-relay
  SNMPcommunitybrute => snmp-brute
  SNMPsysdescr => snmp-sysdescr
  SQLInject => sql-injection
  SSH-hostkey => ssh-hostkey
  SSHv1-support => sshv1
  SSLv2-support => sslv2
  strangeSMTPport => smtp-strangeport
  UPnP-info => upnp-info
  xamppDefaultPass => xampp-default-auth
  zoneTrans => zone-transfer
2008-11-06 02:52:59 +00:00

90 lines
2.0 KiB
Lua
Raw Blame History

description = [[
Tries to log into a POP3 account by guessing usernames and passwords.
]]
author = "Philip Pickering <pgpickering@gmail.com>"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"intrusive", "auth"}
require 'pop3'
require 'shortport'
require 'unpwdb'
portrule = shortport.port_or_service({110}, "pop3")
action = function(host, port)
local pMeth = nmap.registry.args.pop3loginmethod
if (not pMeth) then pMeth = nmap.registry.pop3loginmethod end
if (not pMeth) then pMeth = method end
if (not pMeth) then pMeth = "USER" end
local login
local additional
local stat = pop3.stat
if (pMeth == "USER") then
login = pop3.login_user
elseif (pMeth == "SASL-PLAIN") then
login = pop3.login_sasl_plain
elseif (pMeth == "SASL-LOGIN") then
login = login_sasl_login
elseif (pMeth == "SASL-CRAM-MD5") then
login = login_sasl_crammd5
elseif (pMeth == "APOP") then
login = login_apop
end
local status
local line
local socket = nmap.new_socket()
if not socket:connect(host.ip, port.number) then return end -- no connection
status, line = socket:receive_lines(1)
if not stat(line) then return end -- no pop-connection
local apopChallenge = string.match(line, "<[%p%w]+>")
if pMeth == "APOP" then
additional = apopChallenge
end
local getUser
status, getUser = unpwdb.usernames()
if (not status) then return end
local currUser = getUser()
while currUser do
local getPW
status, getPW = unpwdb.passwords()
if (not status) then return end
local currPw = getPW()
while currPw do
local pstatus
local perror
pstatus, perror = login(socket, currUser, currPw, additional)
if (pstatus) then
return currUser .. " : " .. currPw
elseif (perror == pop3.err.pwError) then
currPw = getPW()
elseif (perror == pop3.err.userError) then
currPw = nil
else
return
end
end
currUser = getUser()
getPW("reset")
end
return -- "wrong pw"
end
Reference in New Issue View Git Blame Copy Permalink