File http-default-accounts
Script types:
portrule
Categories:
discovery, auth, safe
Download: http://nmap.org/svn/scripts/http-default-accounts.nse
User Summary
Tests for access with default credentials used by a variety of web applications and devices.
It works similar to http-enum, we detect applications by matching known paths and launching a login routine using default credentials when found. This script depends on a fingerprint file containing the target's information: name, category, location paths, default credentials and login routine.
You may select a category if you wish to reduce the number of requests. We have categories like:
web- Web applicationsrouter- Routersvoip- VOIP devicessecurity
Please help improve this script by adding new entries to nselib/data/http-default-accounts.lua
Remember each fingerprint must have:
name- Descriptive namecategory- Categorylogin_combos- Table of login combinationspaths- Paths table containing the possible location of the targetlogin_check- Login function of the target
Default fingerprint file: /nselib/data/http-default-accounts-fingerprints.lua This script was based on http-enum.
Script Arguments
http-default-accounts.category
Selects a category of fingerprints to use.
Other useful arguments relevant to this script: http.pipeline Sets max number of petitions in the same request. http.useragent User agent for HTTP requests
http-default-accounts.fingerprintfile
Fingerprint filename. Default:http-default-accounts-fingerprints.lua
http-default-accounts.basepath
Base path to append to requests. Default: "/"
http-max-cache-size, http.pipeline, http.useragent
See the documentation for the http library.Example Usage
nmap -p80 --script http-default-accounts host/ip
Script Output
PORT STATE SERVICE REASON 80/tcp open http syn-ack |_http-default-accounts: [Cacti] credentials found -> admin:admin Path:/cacti/ Final times for host: srtt: 94615 rttvar: 71012 to: 378663
Requires
Author: Paulino Calderon
License: Same as Nmap--See http://nmap.org/book/man-legal.html
