■ ■ ■ ■ ■ ■
tools/nmaps-nse-scripts-for-ethical-password-testing.md
| | 1 | + | # 🔑 Nmap's NSE Scripts for Ethical Password Testing |
| | 2 | + | |
| | 3 | + |  Nmap is a powerful network scanning and reconnaissance tool, and its NSE scripts can automate a wide range of tasks, including brute-force attacks to guess authentication credentials. Here's a summary of what you've shared: |
| | 4 | + | |
| | 5 | + | Nmap's NSE scripts allow users to perform dictionary brute-force attacks on secured services. Some of the services covered include: |
| | 6 | + | |
| | 7 | + | 1. **FTP Password Cracking** Using the `ftp-brute.nse` script to perform brute-force password auditing against FTP servers. Example: |
| | 8 | + | |
| | 9 | + | ``` |
| | 10 | + | nmap -p21 --script ftp-brute.nse --script-args userdb=users.txt,passdb=pass.txt 192.168.1.150 |
| | 11 | + | ``` |
| | 12 | + | 2. **SSH Password Cracking** Using the `ssh-brute.nse` script to perform brute-force password guessing against SSH servers. Example: |
| | 13 | + | |
| | 14 | + | ``` |
| | 15 | + | nmap -p22 --script ssh-brute.nse --script-args userdb=users.txt,passdb=pass.txt 192.168.1.150 |
| | 16 | + | ``` |
| | 17 | + | 3. **Telnet Password Cracking** Using the `telnet-brute.nse` script to perform brute-force password auditing against Telnet servers. Example: |
| | 18 | + | |
| | 19 | + | ``` |
| | 20 | + | nmap -p23 --script telnet-brute.nse --script-args userdb=users.txt,passdb=pass.txt 192.168.1.150 |
| | 21 | + | ``` |
| | 22 | + | 4. **SMB Password Cracking** Using the `smb-brute.nse` script to attempt to guess SMB username/password combinations. Example: |
| | 23 | + | |
| | 24 | + | ``` |
| | 25 | + | nmap -p445 --script smb-brute.nse --script-args userdb=users.txt,passdb=pass.txt 192.168.1.150 |
| | 26 | + | ``` |
| | 27 | + | 5. **Postgres Password Cracking** Using the `pgsql-brute` script to perform brute-force password auditing against PostgreSQL servers. Example: |
| | 28 | + | |
| | 29 | + | ``` |
| | 30 | + | nmap -p5432 --script pgsql-brute --script-args userdb=users.txt,passdb=pass.txt 192.168.1.150 |
| | 31 | + | ``` |
| | 32 | + | 6. **MySQL Password Cracking** Using the `mysql-brute` script to perform brute-force password auditing against MySQL servers. Example: |
| | 33 | + | |
| | 34 | + | ``` |
| | 35 | + | nmap -p3306 --script mysql-brute --script-args userdb=users.txt 192.168.1.150 |
| | 36 | + | ``` |
| | 37 | + | 7. **HTTP-form Password Cracking** Using the `http-form-brute` script to perform brute-force password auditing against HTTP form-based authentication. Example: |
| | 38 | + | |
| | 39 | + | ``` |
| | 40 | + | nmap -p80 --script=http-form-brute --script-args "userdb=users.txt,passdb=pass.txt,http-form-brute.path=/dvwa/login.php" 192.168.1.150 |
| | 41 | + | ``` |
| | 42 | + | 8. **Ms-SQL Password Cracking** Using the `ms-sql-brute` script to perform brute-force password auditing against Microsoft SQL servers. Example: |
| | 43 | + | |
| | 44 | + | ``` |
| | 45 | + | nmap -p1433 --script ms-sql-brute --script-args userdb=users.txt,passdb=pass.txt 192.168.1.146 |
| | 46 | + | ``` |
| | 47 | + | |
| | 48 | + | Please note that while Nmap's NSE scripts can be useful for security professionals and ethical hackers in testing the security of systems, it's essential to ensure that you have proper authorization and are abiding by relevant laws and regulations before performing any security testing or penetration testing activities. Unauthorized access or malicious use of these techniques can lead to legal consequences. |
| | 49 | + | |
Adwaith
committed
with
gitbook-bot
1 year ago
1 parent 6b20efa8