O'Reilly logo

Mastering the Nmap Scripting Engine by Paulino Calderón Pale

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Managing user credentials found during scans

In versions before 6.x, the credentials found by NSE were stored in the Nmap registry. The creds library was created to provide an interface to easily read and write user credentials stored in this registry. Each account is linked to a state, similar to the brute.Account class, so it allows type filtering.

From an NSE script, you could list all the accounts found with one call:

tostring(creds.Credentials:new(SCRIPT_NAME, host, port))

You can also iterate through them and perform specific actions according to type:

local c = creds.Credentials:new(creds.ALL_DATA, host, port)
for cred in c:getCredentials(creds.State.VALID) do
  doSomething(cred.user, cred.pass)
end

You can easily write them to a file:

local c ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required