Book Image

Mastering the Nmap Scripting Engine

By : Paulino Calderon
Book Image

Mastering the Nmap Scripting Engine

By: Paulino Calderon

Overview of this book

Table of Contents (23 chapters)
Mastering the Nmap Scripting Engine
Credits
About the Author
Acknowledgments
About the Reviewers
www.PacktPub.com
Preface
Scan Phases
Script Categories
Nmap Options Mind Map
References
Index

Username and password lists used in brute-force attacks


The brute library and all the NSE scripts depending on it use two separate databases to retrieve usernames and passwords when performing brute-force password-auditing attacks. The dictionaries distributed with Nmap are somewhat small since it wouldn't be practical to include and distribute large files. It is up to the users to either replace the dictionaries or provide different dictionaries via the library arguments, given that the default username and password dictionaries are only 72 KB and 46 KB in size, respectively.

Keep in mind that the effectiveness of all your brute-force attacks depends on how good your dictionaries are.

Username dictionaries

Usernames are stored in your Nmap data directory in the usernames.lst file. This file contains the following entries:

  • root

  • admin

  • administrator

  • webadmin

  • sysadmin

  • netadmin

  • guest

  • user

  • web

  • test

Depending on the service, certain users must be added for the scripts to be successful. For example, MS SQL Server...