Nmap http-joomla-brute 脚本示例? [英] Nmap http-joomla-brute script example?
问题描述
这是一个相对晦涩的话题,但仍然感谢任何帮助.
This is a relatively obscure topic, but any help is nevertheless appreciated.
我正在尝试对我网站的 Joomla 登录进行暴力测试.我试图使用 nmap 的 http-joomla-brute,但由于某种原因,它既不输出进程,也不实际使用我给它的密码列表进行暴力破解.这是我的脚本:
I am trying to run a brute force test on my website's Joomla login. I was trying to use nmap's http-joomla-brute, but for some reason it does not output neither the process nor does it actually do the brute force with the password list I gave it. Here is my script:
nmap -sV --script http-joomla-brute --script-args 'passdb=/Users/abc/Documents/passwords.txt,http-joomla-brute.threads=5,brute.firstonly=true' my.website.here.
我认为它只运行初始测试(这真的很烦人,顺便说一句,有没有人有办法避免/跳过它?)和默认密码列表,因为它显示类似1495密码测试"和我的密码列表是 496 MB,绝对超过 1495 个密码.我究竟做错了什么?
I think it only runs the initial testing(which is really annoying BTW, does anyone have a way to avoid/skip it?) and the default password list, because it shows something like "1495 passwords tested" and my password list is 496 MB and definitely more than 1495 passwords. What am I doing wrong?
提前致谢.
修复了部分运行的脚本,但现在它这样做了:
Fixed the script partially running, but now it does this:
Starting Nmap 6.40-2 ( http://nmap.org ) at 2014-04-02 19:39 EDT
Stats: 0:02:21 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:03:41 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:46 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:50 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:51 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:51 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:52 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:52 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:52 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:07:18 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:15:55 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:16:03 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:17:50 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:22:06 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:22:22 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
我认为这不正常.有没有办法解决这个问题?
I don't think this is normal. Is there a way to fix this?
推荐答案
查看 unpwdb 的文档NSE 库,其中 http-joomla-brute 用于管理用户名和密码.它默认为 10 分钟的时间限制,之后将停止返回凭据.如果你真的想运行它直到它完成,传递 unpwdb.timelimit=0 脚本参数来禁用计时器.
See the documentation for the unpwdb NSE library, which http-joomla-brute uses to manage usernames and passwords. It defaults to a 10-minute time limit, after which it stops returning credentials. If you really want to run it until it is finished, pass the unpwdb.timelimit=0 script argument to disable the timer.
关于您想跳过的初始检查",只需从您的调用中删除 -sV,这将删除扫描的服务版本检测阶段,并添加 -p 80 指示 Nmap 仅扫描端口 80(或运行 Joomla 应用程序的任何端口).
Regarding the "initial checks" that you would like to skip, simply drop the -sV from your invocation, which will remove the service version detection phase of the scan, and add -p 80 to instruct Nmap to only scan port 80 (or whatever port your Joomla app is running on).
这篇关于Nmap http-joomla-brute 脚本示例?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
