Create a new brute category for brute forcing scripts, move the *-bru…

…te scripts from auth category to brute. document it. I don't know what to do with dns-brute so I left it alone (it wasn't in auth category either)
prime9 · Sep 30, 2011 · c9d610c · c9d610c
1 parent 35ae1ad
commit c9d610c
Show file tree

Hide file tree

Showing 35 changed files with 84 additions and 66 deletions.
diff --git a/CHANGELOG b/CHANGELOG
@@ -306,6 +306,14 @@ o [NSE] Added more than 100 new signatures to http-enum (many for
   known vulnerabilities). They are in the categories: general,
   attacks, cms, security, management and database [Paulino]
 
+o [NSE] Moved our brute force authentication cracking scripts
+  (*-brute) from the "auth" category into a new "brute"
+  category. Nmap's brute force capabilities have grown tremendously!
+  You can see all 32 of them at
+  http://nmap.org/nsedoc/categories/brute.html.  It isn't clear
+  whether dns-brute should be in the brute category, so for now it
+  isn't. [Fyodor]
+
 o [NSE] Updated account status text in brute force password discovery 
   scripts in an effort to make the reporting more consistent across
   all scripts.  This will have an impact on any code that parses these

diff --git a/docs/scripting.xml b/docs/scripting.xml
@@ -231,6 +231,7 @@ Black Hat Briefings in 2010.</para>
     Currently defined categories are
     <literal>auth</literal>,
     <literal>broadcast</literal>,
+    <literal>brute</literal>,
     <literal>default</literal>.
     <literal>discovery</literal>,
     <literal>dos</literal>,
@@ -252,8 +253,7 @@ Black Hat Briefings in 2010.</para>
             <option>auth</option>
           </term>
           <listitem>
-            <para>These scripts try to determine authentication credentials
-            on the target system, often through a brute-force attack.  Examples include <literal>snmp-brute</literal>, <literal>http-auth</literal>, and <literal>ftp-anon</literal>.</para>
+            <para>These scripts deal with authentication credentials (or bypassing them) on the target system.  Examples include <literal>x11-access</literal>, <literal>ftp-anon</literal>, and <literal>oracle-enum-users</literal>.  Scripts which use brute force attacks to determine credentials are placed in the <literal>brute</literal> category instead.</para>
           </listitem>
         </varlistentry>
 
@@ -272,6 +272,16 @@ Black Hat Briefings in 2010.</para>
           </listitem>
         </varlistentry>
 
+        <varlistentry>
+          <term>
+            <indexterm><primary sortas="brute script category">&ldquo;<literal>brute</literal>&rdquo; script category</primary></indexterm>
+            <option>brute</option>
+          </term>
+          <listitem>
+            <para>These scripts use brute force attacks to guess authentication credentials of a remote server.  Nmap contains scripts for brute forcing dozens of protocols, including <literal>http-brute</literal>, <literal>oracle-brute</literal>, <literal>snmp-brute</literal>, etc.</para>
+          </listitem>
+        </varlistentry>
+
         <varlistentry>
           <term>
             <indexterm><primary sortas="default script category">&ldquo;<literal>default</literal>&rdquo; script category</primary></indexterm>

diff --git a/scripts/afp-brute.nse b/scripts/afp-brute.nse
@@ -26,7 +26,7 @@ Performs password guessing against Apple Filing Protocol (AFP).
 
 author = "Patrik Karlsson"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"intrusive", "auth"}
+categories = {"intrusive", "brute"}
 
 require 'shortport'
 require 'stdnse'

diff --git a/scripts/backorifice-brute.nse b/scripts/backorifice-brute.nse
@@ -34,7 +34,7 @@ the script against).
 
 author = "Gorjan Petrovski"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"intrusive", "auth"}
+categories = {"intrusive", "brute"}
 
 require("nmap")
 require("bin")

diff --git a/scripts/cvs-brute-repository.nse b/scripts/cvs-brute-repository.nse
@@ -27,7 +27,7 @@ With knowledge of the correct repository name, usernames and passwords can be gu
 
 author = "Patrik Karlsson"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"intrusive", "auth"}
+categories = {"intrusive", "brute"}
 
 require 'cvs'
 require 'brute'

diff --git a/scripts/cvs-brute.nse b/scripts/cvs-brute.nse
@@ -27,7 +27,7 @@ Performs brute force password auditing against CVS pserver authentication.
 
 author = "Patrik Karlsson"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"intrusive", "auth"}
+categories = {"intrusive", "brute"}
 dependencies = {"cvs-brute-repository"}
 
 require 'cvs'

diff --git a/scripts/domcon-brute.nse b/scripts/domcon-brute.nse
@@ -25,7 +25,7 @@ Performs brute force password auditing against the Lotus Domino Console.
 
 author = "Patrik Karlsson"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"intrusive", "auth"}
+categories = {"intrusive", "brute"}
 
 require 'shortport'
 require 'brute'

diff --git a/scripts/dpap-brute.nse b/scripts/dpap-brute.nse
@@ -22,7 +22,7 @@ Performs brute force password auditing against an iPhoto Library.
 
 author = "Patrik Karlsson"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"intrusive", "auth"}
+categories = {"intrusive", "brute"}
 
 require("base64")
 require("shortport")

diff --git a/scripts/drda-brute.nse b/scripts/drda-brute.nse
@@ -18,7 +18,7 @@ Performs password guessing against databases supporting the IBM DB2 protocol suc
 
 author = "Patrik Karlsson"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories={"intrusive", "auth"}
+categories={"intrusive", "brute"}
 
 require "stdnse"
 require "shortport"

diff --git a/scripts/ftp-brute.nse b/scripts/ftp-brute.nse
@@ -28,7 +28,7 @@ author = "Diman Todorov, Vlatko Kosturjak, Ron Bowes"
 
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
 
-categories = {"auth", "intrusive"}
+categories = {"brute", "intrusive"}
 
 require "shortport"
 require "stdnse"

diff --git a/scripts/http-brute.nse b/scripts/http-brute.nse
@@ -35,7 +35,7 @@ Performs brute force password auditing against http basic authentication.
 
 author = "Patrik Karlsson"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"intrusive", "auth"}
+categories = {"intrusive", "brute"}
 
 require 'shortport'
 require 'http'

diff --git a/scripts/http-form-brute.nse b/scripts/http-form-brute.nse
@@ -67,7 +67,7 @@ Performs brute force password auditing against http form-based authentication.
 
 author = "Patrik Karlsson"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"intrusive", "auth"}
+categories = {"intrusive", "brute"}
 
 require 'shortport'
 require 'http'

diff --git a/scripts/http-joomla-brute.nse b/scripts/http-joomla-brute.nse
@@ -48,7 +48,7 @@ Joomla's default uri and form names:
 
 author = "Paulino Calderon"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"intrusive", "auth"}
+categories = {"intrusive", "brute"}
 
 require 'shortport'
 require 'http'

diff --git a/scripts/http-wordpress-brute.nse b/scripts/http-wordpress-brute.nse
@@ -47,7 +47,7 @@ Wordpress default uri and form names:
 
 author = "Paulino Calderon"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"intrusive", "auth"}
+categories = {"intrusive", "brute"}
 
 require 'shortport'
 require 'http'

diff --git a/scripts/informix-brute.nse b/scripts/informix-brute.nse
@@ -28,7 +28,7 @@ Performs brute force password auditing against IBM Informix Dynamic Server.
 
 author = "Patrik Karlsson"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"intrusive", "auth"}
+categories = {"intrusive", "brute"}
 
 require 'shortport'
 require 'brute'

diff --git a/scripts/iscsi-brute.nse b/scripts/iscsi-brute.nse
@@ -23,7 +23,7 @@ require 'creds'
 
 author = "Patrik Karlsson"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"intrusive", "auth"}
+categories = {"intrusive", "brute"}
 
 portrule = shortport.portnumber(3260, "tcp", {"open", "open|filtered"})
 

diff --git a/scripts/ldap-brute.nse b/scripts/ldap-brute.nse
@@ -69,7 +69,7 @@ This script uses some AD-specific support and optimizations:
 
 author = "Patrik Karlsson"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"intrusive", "auth"}
+categories = {"intrusive", "brute"}
 
 require 'shortport'
 require 'stdnse'

diff --git a/scripts/ms-sql-brute.nse b/scripts/ms-sql-brute.nse
@@ -66,7 +66,7 @@ be disabled using the <code>mssql.scanned-ports-only</code> script argument.
 
 author = "Patrik Karlsson"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"auth", "intrusive"}
+categories = {"brute", "intrusive"}
 
 dependencies = {"ms-sql-discover", "ms-sql-empty-password"}
 

diff --git a/scripts/mysql-brute.nse b/scripts/mysql-brute.nse
@@ -11,7 +11,7 @@ Performs password guessing against MySQL
 
 author = "Patrik Karlsson"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"intrusive", "auth"}
+categories = {"intrusive", "brute"}
 
 require 'shortport'
 require 'stdnse'

diff --git a/scripts/netbus-brute.nse b/scripts/netbus-brute.nse
@@ -12,7 +12,7 @@ Performs brute force password auditing against the Netbus backdoor ("remote admi
 
 author = "Toni Ruottu"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"auth", "intrusive"}
+categories = {"brute", "intrusive"}
 
 require("nmap")
 require("stdnse")

diff --git a/scripts/nping-brute.nse b/scripts/nping-brute.nse
@@ -19,7 +19,7 @@ documentation.
 
 author = "Toni Ruottu"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"auth", "intrusive"}
+categories = {"brute", "intrusive"}
 
 require("bin")
 require("nmap")

diff --git a/scripts/omp2-brute.nse b/scripts/omp2-brute.nse
@@ -16,7 +16,7 @@ Performs brute force password auditing against the OpenVAS manager using OMPv2.
 
 author = "Henri Doreau"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"auth", "intrusive"}
+categories = {"brute", "intrusive"}
 
 require("omp2")
 require("nmap")

diff --git a/scripts/oracle-brute.nse b/scripts/oracle-brute.nse
@@ -53,7 +53,7 @@ result in a large number of accounts being locked out on the database server.
 
 author = "Patrik Karlsson"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"intrusive", "auth"}
+categories = {"intrusive", "brute"}
 
 require 'shortport'
 require 'brute'

diff --git a/scripts/oracle-sid-brute.nse b/scripts/oracle-sid-brute.nse
@@ -30,7 +30,7 @@ author, Alexander Kornbrust (http://seclists.org/nmap-dev/2009/q4/645).
 
 author = "Patrik Karlsson"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"intrusive", "auth"}
+categories = {"intrusive", "brute"}
 
 require 'comm'
 require 'datafiles'

diff --git a/scripts/pgsql-brute.nse b/scripts/pgsql-brute.nse
@@ -24,7 +24,7 @@ Performs password guessing against PostgreSQL.
 
 author = "Patrik Karlsson"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
-categories = {"intrusive", "auth"}
+categories = {"intrusive", "brute"}
 
 require 'shortport'
 require 'stdnse'

diff --git a/scripts/pop3-brute.nse b/scripts/pop3-brute.nse
@@ -15,7 +15,7 @@ Tries to log into a POP3 account by guessing usernames and passwords.
 author = "Philip Pickering"
 license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
 
-categories = {"intrusive", "auth"}
+categories = {"intrusive", "brute"}
 
 require 'pop3'
 require 'shortport'