File http-proxy-brute

脚本使用类型: portrule
脚本所属分类: brute, intrusive, external
脚本下载地址: http://nmap.org/svn/scripts/http-proxy-brute.nse

User Summary

Performs brute force password guessing against HTTP proxy servers.

Script Arguments

http-proxy-brute.url

sets an alternative URL to use when brute forcing (default: http://scanme.insecure.org)

http-proxy-brute.method

changes the HTTP method to use when performing brute force guessing (default: HEAD)

passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb

http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

Example Usage

执行格式

nmap --script http-proxy-brute -p 8080 <host>

Script Output

PORT     STATE SERVICE
8080/tcp open  http-proxy
| http-proxy-brute: 
|   Accounts
|     patrik:12345 - Valid credentials
|   Statistics
|_    Performed 6 guesses in 2 seconds, average tps: 3

Requires

• base64
• brute
• creds
• http
• shortport
• stdnse

Author: Patrik Karlsson

License: VER007 整理 http://www.ver007.com