diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-17 07:42:04 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-17 07:42:04 +0000 |
commit | 0d47952611198ef6b1163f366dc03922d20b1475 (patch) | |
tree | 3d840a3b8c0daef0754707bfb9f5e873b6b1ac13 /scripts/omp2-brute.nse | |
parent | Initial commit. (diff) | |
download | nmap-upstream.tar.xz nmap-upstream.zip |
Adding upstream version 7.94+git20230807.3be01efb1+dfsg.upstream/7.94+git20230807.3be01efb1+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'scripts/omp2-brute.nse')
-rw-r--r-- | scripts/omp2-brute.nse | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/scripts/omp2-brute.nse b/scripts/omp2-brute.nse new file mode 100644 index 0000000..ade5922 --- /dev/null +++ b/scripts/omp2-brute.nse @@ -0,0 +1,81 @@ +local brute = require "brute" +local creds = require "creds" +local omp2 = require "omp2" +local shortport = require "shortport" + +description = [[ +Performs brute force password auditing against the OpenVAS manager using OMPv2. +]] + +--- +-- @usage +-- nmap -p 9390 --script omp2-brute <target> +-- +-- @output +-- PORT STATE SERVICE REASON +-- 9390/tcp open openvas syn-ack +-- | omp2-brute: +-- | Accounts +-- |_ admin:secret => Valid credentials +-- + +author = "Henri Doreau" +license = "Same as Nmap--See https://nmap.org/book/man-legal.html" +categories = {"brute", "intrusive"} + + +portrule = shortport.port_or_service(9390, "openvas") + + +Driver = { + new = function(self, host, port) + local o = {} + setmetatable(o, self) + self.__index = self + o.host = host + o.port = port + o.session = omp2.Session:new(brute.new_socket()) + return o + end, + + --- Connects to the OpenVAS Manager + -- + -- @return status boolean for connection success/failure + -- @return err string describing the error on failure + connect = function(self) + return self.session:connect(self.host, self.port) + end, + + --- Closes connection + -- + -- @return status boolean for closing success/failure + disconnect = function(self) + return self.session:close() + end, + + --- Attempts to login the the OpenVAS Manager using a given username/password + -- couple. Store the credentials in the registry on success. + -- + -- @param username string containing the login username + -- @param password string containing the login password + -- @return status boolean for login success/failure + -- @return err string describing the error on failure + login = function(self, username, password) + if self.session:authenticate(username, password) then + -- store the account for possible future use + omp2.add_account(self.host, username, password) + return true, creds.Account:new(username, password, creds.State.VALID) + else + return false, brute.Error:new("login failed") + end + end, + +} + +action = function(host, port) + local engine = brute.Engine:new(Driver, host, port) + engine.options.script_name = SCRIPT_NAME + local status, result = engine:start() + return result +end + |