O'Reilly logo

Mastering the Nmap Scripting Engine by Paulino Calderón Pale

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Username and password lists used in brute-force attacks

The brute library and all the NSE scripts depending on it use two separate databases to retrieve usernames and passwords when performing brute-force password-auditing attacks. The dictionaries distributed with Nmap are somewhat small since it wouldn't be practical to include and distribute large files. It is up to the users to either replace the dictionaries or provide different dictionaries via the library arguments, given that the default username and password dictionaries are only 72 KB and 46 KB in size, respectively.

Keep in mind that the effectiveness of all your brute-force attacks depends on how good your dictionaries are.

Username dictionaries

Usernames are stored in your Nmap data ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required