Script cvs-brute-repository

Script types: portrule
Categories: intrusive, brute
Download: https://svn.nmap.org/nmap/scripts/cvs-brute-repository.nse

Script Summary

Attempts to guess the name of the CVS repositories hosted on the remote server. With knowledge of the correct repository name, usernames and passwords can be guessed.

Script Arguments

cvs-brute-repository.repofile

a file containing a list of repositories to guess

cvs-brute-repository.nodefault

when set the script does not attempt to guess the list of hardcoded repositories

passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb

See the documentation for the unpwdb library.

creds.[service], creds.global

See the documentation for the creds library.

brute.credfile, brute.delay, brute.emptypass, brute.firstonly, brute.guesses, brute.mode, brute.passonly, brute.retries, brute.start, brute.threads, brute.unique, brute.useraspass

See the documentation for the brute library.

Example Usage

nmap -p 2401 --script cvs-brute-repository <host>

Script Output

PORT     STATE SERVICE    REASON
2401/tcp open  cvspserver syn-ack
| cvs-brute-repository:
|   Repositories
|     /myrepos
|     /demo
|   Statistics
|_    Performed 14 guesses in 1 seconds, average tps: 14

Requires

• brute
• coroutine
• creds
• cvs
• io
• shortport
• stdnse
• table
• unpwdb

---

Author:

• Patrik Karlsson

License: Same as Nmap--See https://nmap.org/book/man-legal.html