Script vnc-brute

Script types: portrule
Categories: intrusive, brute
Download: https://svn.nmap.org/nmap/scripts/vnc-brute.nse

Script Summary

Performs brute force password auditing against VNC servers.

See also:

• realvnc-auth-bypass.nse

Script Arguments

vnc-brute.bruteusers

If set, allows the script to iterate over usernames for auth types that require it (plain, Apple Remote Desktop (30), SASL (not supported), and ATEN) Default: false, since most VNC auth types are password-only.

brute.credfile, brute.delay, brute.emptypass, brute.firstonly, brute.guesses, brute.mode, brute.passonly, brute.retries, brute.start, brute.threads, brute.unique, brute.useraspass

See the documentation for the brute library.

creds.[service], creds.global

See the documentation for the creds library.

passdb, unpwdb.passlimit, unpwdb.timelimit, unpwdb.userlimit, userdb

See the documentation for the unpwdb library.

Example Usage

nmap --script vnc-brute -p 5900 <host>

Script Output

PORT     STATE  SERVICE REASON
5900/tcp open   vnc     syn-ack
| vnc-brute:
|   Accounts
|_    123456 => Valid credentials

Requires

• brute
• creds
• shortport
• stdnse
• vnc

---

Author:

• Patrik Karlsson

License: Same as Nmap--See https://nmap.org/book/man-legal.html