PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 13:11:28 +00:00
Code Issues Projects Releases Wiki Activity
Files
bff90f3d557ceadb64c44c62fc87d1b73a659b7d
nmap/scripts/omp2-brute.nse
tomsellers 035ae9e9b1 Updated account status text in brute force password discovery scripts in an effort to make the reporting more consistent across all scripts. This will have an impact on any code that parses these values. 
In the case of a few of these scripts the only thing that was updated was the example text as the scripts relied on the creds library which handles the strings internally.
2011-09-11 12:13:13 +00:00

82 lines
2.1 KiB
Lua
Raw Blame History

description = [[
Performs brute force password auditing against the OpenVAS manager using OMPv2.
]]
---
-- @usage
-- nmap -p 9390 --script omp2-brute <target>
--
-- @output
-- PORT STATE SERVICE REASON
-- 9390/tcp open openvas syn-ack
-- | svn-brute:
-- | Accounts
-- |_ admin:secret => Valid credentials
--
author = "Henri Doreau"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"auth", "intrusive"}
require("omp2")
require("nmap")
require("brute")
require("shortport")
require("creds")
portrule = shortport.port_or_service(9390, "openvas")
Driver = {
new = function(self, host, port)
local o = {}
setmetatable(o, self)
self.__index = self
o.host = host
o.port = port
o.session = omp2.Session:new()
return o
end,
--- Connects to the OpenVAS Manager
--
-- @return status boolean for connection success/failure
-- @return err string describing the error on failure
connect = function(self)
return self.session:connect(self.host, self.port)
end,
--- Closes connection
--
-- @return status boolean for closing success/failure
disconnect = function(self)
return self.session:close()
end,
--- Attempts to login the the OpenVAS Manager using a given username/password
-- couple. Store the credentials in the registry on success.
--
-- @param username string containing the login username
-- @param password string containing the login password
-- @return status boolean for login success/failure
-- @return err string describing the error on failure
login = function(self, username, password)
if self.session:authenticate(username, password) then
-- store the account for possible future use
omp2.add_account(self.host, username, password)
return true, brute.Account:new(username, password, creds.State.VALID)
else
return false, brute.Error:new("login failed")
end
end,
}
action = function(host, port)
local engine = brute.Engine:new(Driver, host, port)
engine.options.script_name = SCRIPT_NAME
local status, result = engine:start()
return result
end
Reference in New Issue View Git Blame Copy Permalink