Managing user credentials found during scans

In versions before 6.x, the credentials found by NSE were stored in the Nmap registry. The creds library was created to provide an interface to easily read and write user credentials stored in this registry. Each account is linked to a state, similar to the brute.Account class, so it allows type filtering.

From an NSE script, you could list all the accounts found with one call:

tostring(creds.Credentials:new(SCRIPT_NAME, host, port))

You can also iterate through them and perform specific actions according to type:

local c = creds.Credentials:new(creds.ALL_DATA, host, port)
for cred in c:getCredentials(creds.State.VALID) do
  doSomething(cred.user, cred.pass)
end

You can easily write them to a file:

local c ...

Get Mastering the Nmap Scripting Engine now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering the Nmap Scripting Engine by Paulino Calderón Pale

Managing user credentials found during scans

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly