1. 首頁
  2. 問答
  3. Nmap http-joomla-brute腳本示例?

Nmap http-joomla-brute腳本示例?

2014-04-02 16 views
0

這是一個比較晦澀的話題,但任何幫助仍然讚賞。Nmap http-joomla-brute腳本示例?

我試圖運行在我的網站的登錄的Joomla蠻力測試。我試圖用NMAP的HTTP-的Joomla-蠻力,但由於某些原因,它不輸出處理,也不做它實際上做的蠻力與我把它的密碼列表。這裏是我的腳本:

nmap -sV --script http-joomla-brute --script-args 'passdb=/Users/abc/Documents/passwords.txt,http-joomla-brute.threads=5,brute.firstonly=true' my.website.here.

我認爲它只能運行初始測試(這實在是煩人BTW,有沒有人有辦法避免/跳過嗎?),默認的密碼列表中,因爲它表明類似「1495密碼測試」和我的密碼清單是496 MB,絕對超過1495密碼。我究竟做錯了什麼?

預先感謝您。

編輯:修正了腳本運行的一部分,但是現在它這樣做:

Starting Nmap 6.40-2 (http://nmap.org) at 2014-04-02 19:39 EDT 
Stats: 0:02:21 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan 
NSE Timing: About 0.00% done 
Stats: 0:03:41 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan 
NSE Timing: About 0.00% done 
Stats: 0:05:46 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan 
NSE Timing: About 0.00% done 
Stats: 0:05:50 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan 
NSE Timing: About 0.00% done 
Stats: 0:05:51 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan 
NSE Timing: About 0.00% done 
Stats: 0:05:51 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan 
NSE Timing: About 0.00% done 
Stats: 0:05:52 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan 
NSE Timing: About 0.00% done 
Stats: 0:05:52 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan 
NSE Timing: About 0.00% done 
Stats: 0:05:52 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan 
NSE Timing: About 0.00% done 
Stats: 0:07:18 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan 
NSE Timing: About 0.00% done 
Stats: 0:15:55 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan 
NSE Timing: About 0.00% done 
Stats: 0:16:03 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan 
NSE Timing: About 0.00% done 
Stats: 0:17:50 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan 
NSE Timing: About 0.00% done 
Stats: 0:22:06 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan 
NSE Timing: About 0.00% done 
Stats: 0:22:22 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan 
NSE Timing: About 0.00% done

我不認爲這是正常的。有沒有辦法來解決這個問題?

來源

2014-04-02 Ivan Vegner

+0

這可能是由於你的服務器只允許一定數量的請求到服務器的每** X **分鐘 – Lodder

+0

量你在你的Joomla情況下更改密碼嘗試限制設置? – Elin

+1

關於NSE定時,完成百分比是基於相對於總的已經完成NSE腳本和線程的數目。在腳本完成之前,它無法瞭解單個腳本的進度。如果你想大量的調試消息,去調試級別2('-d2'或按d的兩倍,而正在運行)。 – bonsaiviking

回答

2

請參閱unpwdb NSE library的文檔,其中http-joomla-brute用於管理用戶名和密碼。它默認爲10分鐘的時間限制,之後停止返回憑證。如果你真的想運行它,直到它完成,傳遞unpwdb.timelimit=0腳本參數來禁用定時器。

關於您想跳過的「初始檢查」,只需從您的調用中刪除-sV,這將刪除掃描的服務版本檢測階段,並添加-p 80來指示Nmap僅掃描端口80(或無論您的Joomla應用程序運行在哪個端口上)。

來源

2014-04-02 11:51:20 bonsaiviking

+0

謝謝。這的確有幫助。 –

相關問題

 相關問題