Writing a brute force script

Brute force password auditing has become a major strength of the Nmap Scripting Engine. The library brute allows developers to quickly write scripts to perform their custom brute force attacks. Nmap offers libraries such as unpwd, which give access to a flexible username and password database to further customize the attacks, and the library creds, which provides an interface to manage the valid credentials found.

This recipe will guide you through the process of writing your own brute force script by using the NSE libraries brute, unpwdb, and creds to perform brute force password auditing against Wordpress installations.

How to do it...

Let's write an NSE script to brute force Wordpress accounts:

  1. Create the file http-wordpress-brute.nse ...

Get Nmap 6: Network Exploration and Security Auditing Cookbook now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.