Scribd
Upload
26 views4 pages

Script

This script tests for access to web applications and devices using default credentials by matching known paths and credentials. It depends on a fingerprint file containing the target information and credentials to test. The script produces output only when default credentials are found and provides categories to filter the number of requests.

Uploaded by

kmjanjua19
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
26 views4 pages

Script

This script tests for access to web applications and devices using default credentials by matching known paths and credentials. It depends on a fingerprint file containing the target information and credentials to test. The script produces output only when default credentials are found and provides categories to filter the number of requests.

Uploaded by

kmjanjua19
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Script http-default-accounts

Script types: portrule


Categories: discovery, auth, intrusive
Download: [Link]

Script Summary
Tests for access with default credentials used by a variety of web applications
and devices.

It works similar to http-enum, we detect applications by matching known paths


and launching a login routine using default credentials when found. This script
depends on a fingerprint file containing the target's information: name,
category, location paths, default credentials and login routine.

You may select a category if you wish to reduce the number of requests. We
have categories like:

 web - Web applications


 routers - Routers
 security - CCTVs and other security devices
 industrial - Industrial systems
 printer - Network-attached printers and printer servers
 storage - Storage devices
 virtualization - Virtualization systems
 console - Remote consoles

You can also select a specific fingerprint or a brand, such as BIG-IQ or


Siemens. This matching is based on case-insensitive words. This means that
"nas" will select Seagate BlackArmor NAS storage but not Netgear
ReadyNAS.

For a fingerprint to be used it needs to satisfy both the category and name
criteria.

By default, the script produces output only when default credentials are found,
while staying silent when the target only matches some fingerprints (but no
credentials are found). With increased verbosity (option -v), the script will also
report all matching fingerprints.
Please help improve this script by adding new entries to nselib/data/http-
[Link]

Remember each fingerprint must have:

 name - Descriptive name


 category - Category
 login_combos - Table of login combinations
 paths - Table containing possible path locations of the target
 login_check - Login function of the target

In addition, a fingerprint should have:

 target_check - Target validation function. If defined, it will be called to


validate the target before attempting any logins.
 cpe - Official CPE Dictionary entry (see [Link]

Default fingerprint file: /nselib/data/[Link] This


script was based on http-enum.

Script Arguments
[Link]

Selects a fingerprint category (or a list of categories).

[Link]

Selects fingerprints by a word (or a list of alternate words) included in


their names.

[Link]

Fingerprint filename. Default: [Link]

[Link]

Base path to append to requests. Default: "/"

[Link]

See the documentation for the slaxml library.


creds.[service], [Link]

See the documentation for the creds library.

[Link], [Link]-body-size, [Link]-cache-size, [Link]-pipeline, ht


[Link], [Link]-ok, [Link]

See the documentation for the http library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusern


ame

See the documentation for the smbauth library.

Example Usage
nmap -p80 --script http-default-accounts host/ip

Script Output
PORT STATE SERVICE
80/tcp open http
| http-default-accounts:
| [Cacti] at /
| admin:admin
| [Nagios] at /nagios/
|_ nagiosadmin:CactiEZ

Requires
 creds
 http
 nmap
 shortport
 stdnse
 table

Authors:

 Paulino Calderon <calderon@[Link]>


 nnposter

License: Same as Nmap--See [Link]

You might also like