One important feature of NSE, (sadly) often forgotten, is the ability to perform brute-force password-auditing attacks against numerous services, applications, and protocols. As experienced penetration testers, we know that weak credentials are found in many IT environments, and it is impossible to find them all manually without boring yourself to death. The brute
NSE category attempts to ease this pain by grouping over 50 different scripts to work with a variety of applications, services, and protocols such as these:
HTTP, HTTPS, and application-specific scripts for web applications
SMTP, POP, and IMAP for mail delivery systems
Oracle, IBM DB2, MySQL, MS SQL, Cassandra, and MongoDB for database management systems
SVN and CVS for source code control systems
Many other interesting protocols such as SIP, VMWare Authorization, and other application-specific daemons
In this chapter, we will cover the following topics:
Adjusting execution modes...