Nmap http-joomla-brute脚本示例?

时间:2014-04-02 06:05:05

标签: http joomla brute-force nmap

这是一个相对模糊的话题,但不过感谢任何帮助。

我正试图在我的网站Joomla登录上进行暴力测试。我试图使用nmap的http-joomla-brute,但由于某种原因,它既没有输出进程也没有实际用我给它的密码列表做暴力。这是我的剧本:

nmap -sV --script http-joomla-brute --script-args 'passdb=/Users/abc/Documents/passwords.txt,http-joomla-brute.threads=5,brute.firstonly=true' my.website.here.

我认为它只运行初始测试(这真的很烦人BTW,有没有人有办法避免/跳过它?)和默认密码列表,因为它显示了类似" 1495密码测试和#34 ;我的密码列表是496 MB,绝对超过1495个密码。我究竟做错了什么?

提前谢谢。

编辑:修复了部分运行的脚本,但现在它执行了此操作:

Starting Nmap 6.40-2 ( http://nmap.org ) at 2014-04-02 19:39 EDT
Stats: 0:02:21 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:03:41 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:46 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:50 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:51 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:51 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:52 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:52 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:52 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:07:18 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:15:55 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:16:03 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:17:50 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:22:06 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:22:22 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done

我不认为这是正常的。有办法解决这个问题吗?

1 个答案:

答案 0 :(得分:2)

请参阅unpwdb NSE library的文档,http-joomla-brute用于管理用户名和密码。它默认为10分钟的时间限制,之后它将停止返回凭据。如果您确实要在完成之前运行它,请传递unpwdb.timelimit=0脚本参数以禁用计时器。

关于"初步检查"您想要跳过,只需从调用中删除-sV,这将删除扫描的服务版本检测阶段,并添加-p 80以指示Nmap仅扫描端口80(或任何端口)你的Joomla应用正在运行。)

相关问题
最新问题