Brute forcing HTTP authentication
Many home routers, IP webcams, and even web applications still rely on HTTP authentication these days, and penetration testers need to try a word list of weak passwords to make sure the system or user accounts are safe. Now, thanks to the NSE script
http-brute, we can perform robust dictionary attacks against HTTPAuth protected resources.
This recipe shows how to perform brute force password auditing against web servers that are using HTTP authentication.
How to do it...
Use the following Nmap command to perform brute force password auditing against a resource protected by HTTP's basic authentication:
$ nmap -p80 --script http-brute –script-args http-brute.path=/admin/ <target>
The results contain all of the valid ...