Chapter 13. Brute Force Password Auditing Options
This appendix covers the brute force password options supported by the Nmap Scripting Engine. These configuration options sometimes are configured inside the scripts, so you may not need to adjust it to find weak credentials. However, for more comprehensive tests, we at least need to work with custom dictionaries as shown later.
When using brute force password auditing scripts, to use different username and password lists, set the arguments userdb
and passdb
:
$ nmap --script <brute force script> --script-args userdb=/var/usernames.txt,passdb=/var/passwords.txt <target>
To quit after finding one valid account, use the argument brute.firstOnly
:
$ nmap--script <brute force script> --script-args brute.firstOnly <target>
By default, the brute engine (unpwdb) uses Nmap's timing template to set the following timeout limits:
- -T3,T2,T1: 10 minutes
- -T4: 5 minutes
- -T5: 3 minutes
In order to set a different timeout limit, use the argument...