In versions before 6.x, the credentials found by NSE were stored in the Nmap registry. The creds
library was created to provide an interface to easily read and write user credentials stored in this registry. Each account is linked to a state, similar to the brute.Account
class, so it allows type filtering.
From an NSE script, you could list all the accounts found with one call:
tostring(creds.Credentials:new(SCRIPT_NAME, host, port))
You can also iterate through them and perform specific actions according to type:
local c = creds.Credentials:new(creds.ALL_DATA, host, port) for cred in c:getCredentials(creds.State.VALID) do doSomething(cred.user, cred.pass) end
You can easily write them to a file:
local c = creds.Credentials:new( SCRIPT_NAME, host, port ) status, err = c:saveToFile("credentials-dumpfile-csv","csv")
New credentials can be written globally or linked to a specific service. For example, to add credentials specific to the HTTP service, we...