Writing brute-force password auditing scripts
Brute-force password auditing has become a major strength of NSE. The brute
library allows developers to quickly write scripts to perform custom brute-force attacks. Nmap offers libraries such as unpwd
, which gives access to a flexible username and password database to further customize the attacks, and the creds
library, which provides an interface to manage the valid credentials found.
This recipe will guide you through the process of writing your brute-force script with the NSE brute
, unpwdb
, and creds
libraries to perform brute-force password auditing against web applications.
How to do it...
Let's write an NSE script to brute-force WordPress accounts:
- Create the
http-wordpress-brute.nse
file and fill in the required information tags:description = [[ performs brute force password auditing against Wordpress CMS/blog installations. This script uses the unpwdb and brute libraries to perform password guessing. Any...