Script http-proxy-brute

Script types: portrule
Categories: brute, intrusive, external
Download: https://svn.nmap.org/nmap/scripts/http-proxy-brute.nse

Script Summary

Performs brute force password guessing against HTTP proxy servers.

Script Arguments

http-proxy-brute.url

sets an alternative URL to use when brute forcing (default: http://scanme.insecure.org)

http-proxy-brute.method

changes the HTTP method to use when performing brute force guessing (default: HEAD)

creds.[service], creds.global

See the documentation for the creds library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb

See the documentation for the unpwdb library.

brute.credfile, brute.delay, brute.emptypass, brute.firstonly, brute.guesses, brute.mode, brute.passonly, brute.retries, brute.start, brute.threads, brute.unique, brute.useraspass

See the documentation for the brute library.

slaxml.debug

See the documentation for the slaxml library.

http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent

See the documentation for the http library.

Example Usage

nmap --script http-proxy-brute -p 8080 <host>

Script Output

PORT     STATE SERVICE
8080/tcp open  http-proxy
| http-proxy-brute:
|   Accounts
|     patrik:12345 - Valid credentials
|   Statistics
|_    Performed 6 guesses in 2 seconds, average tps: 3

Requires

• base64
• brute
• creds
• http
• shortport
• stdnse

---

Author:

• Patrik Karlsson

License: Same as Nmap--See https://nmap.org/book/man-legal.html