May 2017
Intermediate to advanced
416 pages
21h 33m
English
The NSE libraries unpwdb and brute have several script arguments that users can tune for their brute force password auditing attacks.
To use different username and password lists, set the argumentsuserdb and passdb, respectively:
$ nmap -p80 --script http-wordpress-brute --script-args userdb=/var/usernames.txt,passdb=/var/passwords.txt <target>
To quit after finding one valid account, use the argument brute.firstOnly:
$ nmap -p80 --script http-wordpress-brute --script-args brute.firstOnly <target>
To set a different timeout limit, use the argument unpwd.timelimit. To run it indefinitely, set it to 0:
$ nmap -p80 --script http-wordpress-brute --script-args unpwdb.timelimit=0 <target>$ nmap -p80 --script http-wordpress-brute ...
Read now
Unlock full access