File cvs-brute-repository
Script types:
portrule
Categories:
intrusive, brute
Download: http://nmap.org/svn/scripts/cvs-brute-repository.nse
User Summary
Attempts to guess the name of the CVS repositories hosted on the remote server. With knowledge of the correct repository name, usernames and passwords can be guessed.
Script Arguments
cvs-brute-repository.repofile
a file containing a list of repositories to guess
cvs-brute-repository.nodefault
when set the script does not attempt to guess the list of hardcoded repositories
passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb
See the documentation for the unpwdb library.Example Usage
nmap -p 2401 --script cvs-brute-repository <host>
Script Output
PORT STATE SERVICE REASON 2401/tcp open cvspserver syn-ack | cvs-brute-repository: | Repositories | /myrepos | /demo | Statistics |_ Performed 14 guesses in 1 seconds, average tps: 14
Requires
Author: Patrik Karlsson
License: Same as Nmap--See http://nmap.org/book/man-legal.html