Script cvs-brute

Script types: portrule
Categories: intrusive, brute

Script Summary

Performs brute force password auditing against CVS pserver authentication.

Script Arguments


string containing the name of the repository to brute if no repo was given the script checks the registry for any repositories discovered by the cvs-brute-repository script. If the registry contains any discovered repositories, the script attempts to brute force the credentials for the first one.

passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb

See the documentation for the unpwdb library.


See the documentation for the creds library.

brute.credfile, brute.delay, brute.emptypass, brute.firstonly, brute.guesses, brute.mode, brute.passonly, brute.retries, brute.start, brute.threads, brute.unique, brute.useraspass

See the documentation for the brute library.

Example Usage

nmap -p 2401 --script cvs-brute <host>

Script Output

2401/tcp open  cvspserver syn-ack
| cvs-brute:
|   Accounts
|     hotchner:francisco - Account is valid
|     reid:secret - Account is valid
|   Statistics
|_    Performed 544 guesses in 14 seconds, average tps: 38



  • Patrik Karlsson

License: Same as Nmap--See