我在终端中运行了这个脚本:
nmap -p 80 --script http-joomla-brute --script-args 'passdb=/Users/abc/Documents/passwords.txt,http-joomla-brute.threads=5,brute.firstonly=true, unpwdb.timelimit=0' my.website.here.
它显示:
Starting Nmap 6.40-2 ( http://nmap.org ) at 2014-04-02 19:39 EDT
Stats: 0:02:21 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:03:41 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:46 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:50 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:51 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:51 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:52 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:52 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:52 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:07:18 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:15:55 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:16:03 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:17:50 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:22:06 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:22:22 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
这样已经持续了一个多小时了。有什么问题吗?
感谢您提供的任何帮助。
最佳答案
Nmap 通过 simple calculation 计算 NSE 的完成时间百分比:
progress("printStats", 1-(nr+nw)/total);
其中nr
是正在运行的NSE线程数,nw
是等待线程数,total
是线程总数推出。在这种情况下,http-joomla-brute是一个单线程脚本,并且您只运行其中一个,因此它将显示“0.00%完成”,直到完全完成。
在 a previous question ,您询问并收到了有关如何绕过暴力破解尝试的默认 10 分钟限制的答案。如果没有这个限制,就很难判断脚本需要多长时间才能完成。您可以通过使用 -d2
选项将调试级别增加到 2 或在运行时按两次 d 来获取诊断输出。您也许能够观察正在尝试的特定用户名和密码,并据此推断脚本在您的列表中走了多远。
关于http - Nmap 卡住在 NSE 计时阶段,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/22826208/