Home page logo
/
Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News

Sponsors


File http-default-accounts

Script types: portrule
Categories: discovery, auth, safe
Download: http://nmap.org/svn/scripts/http-default-accounts.nse

User Summary

Tests for access with default credentials used by a variety of web applications and devices.

It works similar to http-enum, we detect applications by matching known paths and launching a login routine using default credentials when found. This script depends on a fingerprint file containing the target's information: name, category, location paths, default credentials and login routine.

You may select a category if you wish to reduce the number of requests. We have categories like:

  • web - Web applications
  • routers - Routers
  • voip - VOIP devices
  • security

Please help improve this script by adding new entries to nselib/data/http-default-accounts.lua

Remember each fingerprint must have:

  • name - Descriptive name
  • category - Category
  • login_combos - Table of login combinations
  • paths - Paths table containing the possible location of the target
  • login_check - Login function of the target

In addition, a fingerprint may have:

  • target_check - Target validation function. If defined, it will be
called to validate the target before attempting any logins.

Default fingerprint file: /nselib/data/http-default-accounts-fingerprints.lua This script was based on http-enum.

Script Arguments

http-default-accounts.category

Selects a category of fingerprints to use.

Other useful arguments relevant to this script: http.pipeline Sets max number of petitions in the same request. http.useragent User agent for HTTP requests

Revision History 2013-08-13 nnposter * added support for target_check()

http-default-accounts.fingerprintfile

Fingerprint filename. Default:http-default-accounts-fingerprints.lua

http-default-accounts.basepath

Base path to append to requests. Default: "/"

http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

unittest.run

See the documentation for the unittest library.

Example Usage

nmap -p80 --script http-default-accounts host/ip

Script Output

PORT   STATE SERVICE REASON
80/tcp open  http    syn-ack
|_http-default-accounts: [Cacti] credentials found -> admin:admin Path:/cacti/
Final times for host: srtt: 94615 rttvar: 71012  to: 378663

Requires


Author: Paulino Calderon <calderon@websec.mx>

License: Same as Nmap--See http://nmap.org/book/man-legal.html

action

action (host, port)

MAIN Here we iterate through the paths to try to find a target. When a target is found the login routine is initialized to check for default credentials authentication

Parameters

  • host:
  • port:

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]