TODO nmap input file clarification #216
Comments
|
it is more difficult than that :) So I am not sure this feature would make sense. I put it in as a maybe thing if it would make sense. So far I did not find a way which would make it obvious for users how it works and that it is a useful feature too. |
|
Perhaps there can be an argument like -nmap "nmap args" -- so hydra will actually call nmap. Additionally, hydra can force that users specify a list of services in nmap (or at least a list of port numbers.) As per the different login/password lists, I can't think of any solution that is user friendly. Maybe tell users something like: hydra -L users -P passes -nmap "-p21,22,25 192.168.1.*" Where users isn't users.txt, but instead: And passes isn't passes.txt, but instead: Or for the lazy users who want to use only one user and one pass file, add an option like "--nmap-force-single-user-file" or "--nmap-force-single-password-file." A bit hackish, but someone who reads the man should be able to figure it out. As per actually getting multiple services cracking at once... it's gonna need a LOT of code rewriting. |
The TODO file says -oM files should be supported from nmap. The current version of nmap doesn't have a -oM output flag. If I started to work on this, would XML be acceptable?
If I understand correctly, the goal is to import nmap output files into hydra so that any hosts with a specific service running will be added to a bruteforcing queue. A potential problem will be when some services are running on nonstandard ports, which may result in bruteforcing on incorrect services. Perhaps it can just force the user to specify a port option?
The text was updated successfully, but these errors were encountered: