http-joomla-brute
脚本使用类型:
portrule
脚本所属分类:
intrusive, brute
脚本下载地址: http://nmap.org/svn/scripts/http-joomla-brute.nse
Performs brute force password auditing against Joomla web CMS installations.
This script initially reads the session cookie and parses the security token to perfom the brute force password auditing. It uses the unpwdb and brute libraries to perform password guessing. Any successful guesses are stored using the credentials library.
Joomla's default uri and form names:
/administrator/index.php
username
passwd
sets the http-variable name that holds the username used to authenticate. Default: username
sets the number of threads. Default: 3
Other useful arguments when using this script are:
Based on Patrik Karlsson's http-form-brute
Path to authentication script. Default: /administrator/index.php
Virtual Hostname Header
sets the http-variable name that holds the password used to authenticate. Default: passwd
执行格式
nmap -sV --script http-joomla-brute --script-args 'userdb=users.txt,passdb=passwds.txt,http-joomla-brute.hostname=domain.com, http-joomla-brute.threads=3,brute.firstonly=true' <target> nmap -sV --script http-joomla-brute <target>
PORT STATE SERVICE REASON 80/tcp open http syn-ack | http-joomla-brute: | Accounts | xdeadbee:i79eWBj07g => Login correct | Statistics |_ Perfomed 499 guesses in 301 seconds, average tps: 0
Author: Paulino Calderon
License: VER007 整理 http://www.ver007.com