Iva*_*ner 2 http freeze brute-force nmap
我在终端中运行了此脚本:
nmap -p 80 --script http-joomla-brute --script-args 'passdb=/Users/abc/Documents/passwords.txt,http-joomla-brute.threads=5,brute.firstonly=true, unpwdb.timelimit=0' my.website.here.
它显示如下:
Starting Nmap 6.40-2 ( http://nmap.org ) at 2014-04-02 19:39 EDT
Stats: 0:02:21 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:03:41 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:46 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:50 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:51 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:51 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:52 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:52 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:52 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:07:18 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:15:55 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:16:03 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:17:50 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:22:06 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:22:22 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
这样做已经一个多小时了。问题是什么?
感谢您提供的任何帮助。
Nmap通过简单的计算来计算 NSE的完成时间:
progress("printStats", 1-(nr+nw)/total);
其中nr,正在运行的NSE线程nw数,正在等待的线程数和total已启动的线程总数。在这种情况下,http-joomla-brute是单线程脚本,并且您只运行其中一个,因此它将显示“ 0.00%完成”,直到完成为止。
在上一个问题中,您询问并收到有关如何绕过强行尝试的默认10分钟限制的答案。没有此限制,很难说出完成脚本所需的时间。通过使用该-d2选项将调试级别提高到2,或d在运行时按两次,可以获取诊断输出。您可能能够观察到尝试使用的特定用户名和密码,并由此推断出脚本经过列表的距离。