http-default-accounts
脚本使用类型:
portrule
脚本所属分类:
discovery, auth, safe
脚本下载地址: http://nmap.org/svn/scripts/http-default-accounts.nse
Tests for access with default credentials used by a variety of web applications and devices.
It works similar to http-enum, we detect applications by matching known paths and launching a login routine using default credentials when found. This script depends on a fingerprint file containing the target's information: name, category, location paths, default credentials and login routine.
You may select a category if you wish to reduce the number of requests. We have categories like:
web - Web applications
router - Routers
voip - VOIP devices
security
Please help improve this script by adding new entries to nselib/data/http-default-accounts.lua
Remember each fingerprint must have:
name - Descriptive name
category - Category
login_combos - Table of login combinations
paths - Paths table containing the possible location of the target
login_check - Login function of the target
Default fingerprint file: /nselib/data/http-default-accounts-fingerprints.lua This script was based on http-enum.
Selects a category of fingerprints to use.
Other useful arguments relevant to this script: http.pipeline Sets max number of petitions in the same request. http.useragent User agent for HTTP requests
Fingerprint filename. Default:http-default-accounts-fingerprints.lua
Base path to append to requests. Default: "/"
执行格式
nmap -p80 --script http-default-accounts host/ip
PORT STATE SERVICE REASON 80/tcp open http syn-ack |_http-default-accounts: [Cacti] credentials found -> admin:admin Path:/cacti/ Final times for host: srtt: 94615 rttvar: 71012 to: 378663
Author: Paulino Calderon
License: VER007 整理 http://www.ver007.com
MAIN Here we iterate through the paths to try to find a target. When a target is found the login routine is initialized to check for default credentials authentication