Category

Vulnerability Scanning

Inputs

rate-limit
string
Maximum number of requests to send per second per machine
ftp-password-wordlist
file
Custom wordlist containing passwords for FTP authentication attempts
ftp-username-wordlist
file
Custom wordlist containing usernames for FTP authentication attempts
ssh-password-wordlist
file
Custom wordlist containing passwords for SSH authentication attempts
ssh-username-wordlist
file
Custom wordlist containing usernames for SSH authentication attempts
mssql-password-wordlist
file
Custom wordlist containing passwords for Microsoft SQL Server authentication attempts
mssql-username-wordlist
file
Custom wordlist containing usernames for Microsoft SQL Server authentication attempts
mysql-password-wordlist
file
Custom wordlist containing passwords for MySQL authentication attempts
mysql-username-wordlist
file
Custom wordlist containing usernames for MySQL authentication attempts
network-service-details
file
required
JSONLines records of network service discovery details from the Fingerprint Network Services module
postgresql-password-wordlist
file
Custom wordlist containing passwords for PostgreSQL authentication attempts
postgresql-username-wordlist
file
Custom wordlist containing usernames for PostgreSQL authentication attempts

Outputs

findings

Scan Network Services for Weak Credentials

Description

Scan the identified network services on your attack surface for weak credentials. The currently supported protocol are:

  • SSH
  • FTP
  • MySQL
  • PostgreSQL
  • Microsoft SQL Server

Features

  • Supports various network protocols
  • Offers customizable wordlists for using custom dictionaries and executing password spraying attacks.
  • Can scan thousands of web servers simulataneously.

Inputs

Required

  • port-details: JSONLines records of port or network service discovery details from the “Scan for Open Ports” or “Fingerprint Network Services” modules.
{"hostname": "foo.example.com", "ip_address": "1.2.3.4", "port": 21, "protocol": "ftp", "tls": false, "transport": "tcp", "banner": "220 (vsFTPd 3.0.5)\r\n"}

{"hostname": "bar.example.com", "ip_address": "5.6.7.8", "port": 3306, "protocol": "mysql", "tls": false, "transport": "tcp", "version": "8.0.39-0ubuntu0.24.04.1"}

Optional

  • rate-limit: Maximum number of requests to send per second per machine (default: 300)

Outputs

  • findings: JSONLines records of finding details.
{"finding": "FTP Weak Credentials", "location": "159.223.96.85:21", "severity": "high", "ip_address": "1.2.3.4", "hostname": "foo.example.com", "domain_name": "example.com", "matches": ["ftp:ftp123"]}

{"finding": "MySQL Weak Credentials", "location": "5.6.7.8:3306", "hostname": "bar.example.com", "domain_name": "example.com", "severity": "high", "ip_address": "5.6.7.8", "matches": ["root:mysql123"]}

Changelog

  • v1.0
    • Initial release