nexpose-brute
脚本使用类型:
portrule
脚本所属分类:
intrusive, brute
脚本下载地址: http://nmap.org/svn/scripts/nexpose-brute.nse
Performs brute force password auditing against a Nexpose vulnerability scanner using the API 1.1. By default it only tries three guesses per username to avoid target account lockout.
执行格式
nmap --script nexpose-brute -p 3780 <ip>
PORT STATE SERVICE REASON VERSION 3780/tcp open ssl/nexpose syn-ack NeXpose NSC 0.6.4 | nexpose-brute: | Accounts | nxadmin:nxadmin - Valid credentials | Statistics |_ Performed 5 guesses in 1 seconds, average tps: 5 As the Nexpose application enforces account lockout after 4 incorrect login attempts, the script performs only 3 guesses per default. This can be altered by supplying the <code>brute.guesses</code> argument a different value or 0 (zero) to guess the whole dictionary.
Author: Vlatko Kosturjak
License: VER007 整理 http://www.ver007.com