2013/1/6 Geoff Galitz <[email protected]>:
>
>
> Hi.
>
> Is it not clear to me in the code where default locations of certain files
> would be. For example I am currently experimenting with the nmao nse
> http-brute NVT, but I don't see where the default user/password combos are
> coming from.
>
> I also notice that when I look at the nmap libs in /usr/share/nmap not all
> of the deps exist, yet it seems to work from what I can tell. For
> example, there is no brute.lua installed. I assume this is done in
> OpenVAS layer "somewhere." Can someone enlighten me on just how this
> chunk works?
>
> -G
Hello,
concerning the nmap example you're talking about, the wrappers rely on
a given version of nmap. Nmap NSE brute has user and password lists
installed in nselib/data/{passwords,usernames}.lst.
Older versions of nmap were directly using a library called
unpwdb.lua. Newest releases use Patrik Karlsson's great brute.lua
library. This might explain why you have a working brute NSE without
the "brute.lua" library.
So, if I get your questions correctly, a starting point would be to
issue a simple nmap -V to know the installed version.
Regards
--
Henri
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
