Writing brute force password auditing scripts
Brute force password auditing has become a major strength of the Nmap Scripting Engine. The library brute
allows developers to quickly write scripts to perform custom brute force attacks. Nmap offers libraries such as unpwd
, which give access to a flexible username and password database to further customize the attacks, and the library creds
, which provides an interface to manage the valid credentials found.
This recipe will guide you through the process of writing your own brute force script with the NSE libraries brute
, unpwdb
, and creds
to perform brute force password auditing against Wordpress installations.
How to do it...
Let's write an NSE script to brute force WordPress accounts:
- Create the file
http-wordpress-brute.nse
and fill the required information tags:
description = [[ performs brute force password auditing against Wordpress CMS/blog installations. This script uses the unpwdb and brute libraries to perform password...