File xmpp-brute
Script types:
portrule
Categories:
brute, intrusive
Download: http://nmap.org/svn/scripts/xmpp-brute.nse
User Summary
Performs brute force password auditing against XMPP (Jabber) instant messaging servers.
Script Arguments
xmpp-brute.servername
needed when host name cannot be automatically determined (eg. when running against an IP, instead of hostname)
xmpp-brute.auth
authentication mechanism to use LOGIN, PLAIN, CRAM-MD5 or DIGEST-MD5
passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb
See the documentation for the unpwdb library.smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.Example Usage
nmap -p 5222 --script xmpp-brute <host>
Script Output
PORT STATE SERVICE 5222/tcp open xmpp-client | xmpp-brute: | Accounts | CampbellJ:arthur321 - Valid credentials | CampbellA:joan123 - Valid credentials | WalkerA:auggie123 - Valid credentials | Statistics |_ Performed 6237 guesses in 5 seconds, average tps: 1247
Requires
Author: Patrik Karlsson
License: Same as Nmap--See http://nmap.org/book/man-legal.html