Scriptnessus-xmlrpc-brute
Script types:portrule
Categories:intrusive,brute
Download:https://svn.nmap.org/nmap/scripts/nessus-xmlrpc-brute.nse
Script Summary
Performs brute force password auditing against a Nessus vulnerability scanning daemon using the XMLRPC protocol.
Script Arguments
- nessus-xmlrpc-brute.timeout
socket timeout for connecting to Nessus (default 5s)
- nessus-xmlrpc-brute.threads
sets the number of threads.
- passdb,unpwdb.passlimit,unpwdb.timelimit,unpwdb.userlimit,userdb
See the documentation for theunpwdb library.
- creds.[service],creds.global
See the documentation for thecreds library.
- brute.credfile,brute.delay,brute.emptypass,brute.firstonly,brute.guesses,brute.mode,brute.passonly,brute.retries,brute.start,brute.threads,brute.unique,brute.useraspass
See the documentation for thebrute library.
Example Usage
nmap -sV --script=nessus-xmlrpc-brute <target>
Script Output
PORT STATE SERVICE REASON8834/tcp open unknown syn-ack| nessus-xmlrpc-brute:| Accounts| nessus:nessus - Valid credentials| Statistics|_ Performed 1933 guesses in 26 seconds, average tps: 73
Requires
Author:
- Patrik Karlsson
License: Same as Nmap--Seehttps://nmap.org/book/man-legal.html