Nmap-scripts/ftp_bruteforce.nse at main · Asko7779/Nmap-scripts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
-- works in progress

description = [[
    attempts to brute force an FTP server with a list of credentials
]]

author = "Asko7779"
license = "Same as Nmap"
categories = {"brute", "intrusive"}

portrule = function(host, port)
    return port.number == 21 and port.state == "open"
end

action = function(host, port)

    -- adjustable list of credentials

    local usernames = {"admin", "root", "guest", "anonymous", "ftp"}
    local passwords = {"admin", "toor", "guest", "1234", "ftp"}

    for _, user in ipairs(usernames) do
        for _, pass in ipairs(passwords) do
            local socket = nmap.new_socket()
            local success, err = socket:connect(host.ip, port.number)
            if not success then
                return "Error connecting to the server: " .. err
            end
            socket:send("USER " .. user .. "\r\n")
            local response = socket:receive()
            if not response then
                socket:close()
                return "Error receiving response after USER command"
            end
            stdnse.print_debug("Trying: " .. user .. " / " .. pass)
            socket:send("PASS " .. pass .. "\r\n")
            response = socket:receive()
            socket:close()
            if response and response:match("230") then
                return "Valid credentials found: " .. user .. " / " .. pass
            end
        end
    end
    return "No valid credentials found"
end

    return "[-] Brute force attempt unsuccessful"
end