NSEDoc

• Index
• NSE Documentation

Categories

• auth
• default
• discovery
• dos
• exploit
• external
• intrusive
• malware
• safe
• version
• vuln

Scripts

• afp-showmount
• asn-query
• auth-owners
• auth-spoof
• banner
• citrix-brute-xml
• citrix-enum-apps
• citrix-enum-apps-xml
• citrix-enum-servers
• citrix-enum-servers-xml
• couchdb-databases
• couchdb-stats
• daap-get-library
• daytime
• db2-das-info
• db2-info
• dhcp-discover
• dns-random-srcport
• dns-random-txid
• dns-recursion
• dns-service-discovery
• dns-zone-transfer
• finger
• ftp-anon
• ftp-bounce
• ftp-brute
• html-title
• http-auth
• http-date
• http-enum
• http-favicon
• http-headers
• http-iis-webdav-vuln
• http-malware-host
• http-methods
• http-open-proxy
• http-passwd
• http-trace
• http-userdir-enum
• http-vmware-path-vuln
• iax2-version
• imap-capabilities
• ipidseq
• irc-info
• ldap-brute
• ldap-rootdse
• lexmark-config
• mongodb-databases
• mongodb-info
• ms-sql-info
• mysql-brute
• mysql-databases
• mysql-empty-password
• mysql-info
• mysql-users
• mysql-variables
• nbstat
• nfs-showmount
• ntp-info
• oracle-sid-brute
• p2p-conficker
• pjl-ready-message
• pop3-brute
• pop3-capabilities
• pptp-version
• realvnc-auth-bypass
• robots.txt
• rpcinfo
• skypev2-version
• smb-brute
• smb-check-vulns
• smb-enum-domains
• smb-enum-groups
• smb-enum-processes
• smb-enum-sessions
• smb-enum-shares
• smb-enum-users
• smb-os-discovery
• smb-psexec
• smb-security-mode
• smb-server-stats
• smb-system-info
• smbv2-enabled
• smtp-commands
• smtp-open-relay
• smtp-strangeport
• sniffer-detect
• snmp-brute
• snmp-netstat
• snmp-processes
• snmp-sysdescr
• snmp-win32-services
• snmp-win32-shares
• snmp-win32-software
• snmp-win32-users
• socks-open-proxy
• sql-injection
• ssh-hostkey
• sshv1
• ssl-cert
• ssl-enum-ciphers
• sslv2
• telnet-brute
• upnp-info
• whois
• x11-access

Libraries

• afp
• asn1
• base64
• bin
• bit
• citrixxml
• comm
• datafiles
• dns
• http
• imap
• ipOps
• json
• ldap
• listop
• match
• mongodb
• msrpc
• msrpcperformance
• msrpctypes
• mysql
• netbios
• nmap
• nsedebug
• openssl
• packet
• pcre
• pop3
• proxy
• shortport
• smb
• smbauth
• snmp
• ssh1
• ssh2
• stdnse
• strbuf
• strict
• tab
• unpwdb
• url

Library unpwdb

Username/password database library.

The usernames and passwords functions return multiple values for use with exception handling via nmap.new_try. The first value is the Boolean success indicator, the second value is the closure.

The closures can take an argument of "reset" to rewind the list to the beginning.

You can select your own username and/or password database to read from with the script arguments userdb and passdb, respectively. Comments are allowed in these files, prefixed with "#!comment:". Comments cannot be on the same line as a username or password because this leaves too much ambiguity, e.g. does the password in "mypass #!comment: blah" contain a space, two spaces, or do they just separate the password from the comment?

Author:

Kris Katterjohn 06/2008

Copyright© Same as Nmap--See http://nmap.org/book/man-legal.html

Source: http://nmap.org/svn/nselib/unpwdb.lua

Script Arguments

userdb

The filename of an alternate username database.

passdb

The filename of an alternate password database.

Functions

passwords ()	Returns a function closure which returns a new password with every call until the password list is exhausted (in which case it returns nil).
timelimit ()	Returns the suggested number of seconds to attempt a brute force attack, based on Nmap's timing values (-T4 etc.) and whether or not a user-defined list is used.
usernames ()	Returns a function closure which returns a new username with every call until the username list is exhausted (in which case it returns nil).

Functions

passwords ()

Returns a function closure which returns a new password with every call until the password list is exhausted (in which case it returns nil).

Return values:

1. boolean Status.
2. function The passwords iterator.

timelimit ()

Returns the suggested number of seconds to attempt a brute force attack, based on Nmap's timing values (-T4 etc.) and whether or not a user-defined list is used.

You can use the script argument notimelimit to make this function return nil, which means the brute-force should run until the list is empty. If notimelimit is not used, be sure to still check for nil return values on the above two functions in case you finish before the time limit is up.

usernames ()

Returns a function closure which returns a new username with every call until the username list is exhausted (in which case it returns nil).

Return values:

1. boolean Status.
2. function The usernames iterator.