Script membase-brute

Script types: portrule
Categories: intrusive, brute
Download: https://svn.nmap.org/nmap/scripts/membase-brute.nse

Script Summary

Performs brute force password auditing against Couchbase Membase servers.

Script Arguments

membase-brute.bucketname

if specified, password guessing is performed only against this bucket.

creds.[service], creds.global

See the documentation for the creds library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

brute.credfile, brute.delay, brute.emptypass, brute.firstonly, brute.guesses, brute.mode, brute.passonly, brute.retries, brute.start, brute.threads, brute.unique, brute.useraspass

See the documentation for the brute library.

passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb

See the documentation for the unpwdb library.

membase.authmech

See the documentation for the membase library.

Example Usage

nmap -p 11211 --script membase-brute

Script Output

PORT      STATE SERVICE
11211/tcp open  unknown
| membase-brute:
|   Accounts
|     buckettest:toledo - Valid credentials
|   Statistics
|_    Performed 5000 guesses in 2 seconds, average tps: 2500

Requires


Author:

  • Patrik Karlsson

License: Same as Nmap--See https://nmap.org/book/man-legal.html