| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <80321d330707241026i161a4fb2q4c1aa551c4f0029f@mail.gmail.com>
Date: Tue, 24 Jul 2007 19:26:09 +0200
From: "Andres Tarasco" <atarasco@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Fast HTTP Auth Scanner
Hi list,
Fast HTTP Auth Scanner, is a new web security scanner that allows
brute-force attacks (basic auth, webforms,..) against web-based devices
that require HTTP authentication (mostly routers)
You can download both source and binary files at
http://www.514.es/2007/07/fast_http_auth_scanner.html (english and spanish)
c:\fscan.exe
Fast HTTP auth Scanner v0.1
(c) Andres Tarasco - www.514.es
usage:
fscan.exe <params>
-p <port>[,<port>,<port>,..] (example -p 80,81,82,8080)
-P <sslport>[,<sslport>,<sslport>,..] (example -P 443,1443)
-b <0|1> (bruteforce (enabled by default) )
-a <0|1> (Show protected hosts or all of
them)
-i <0|1> (Ignore known webservers (IIS,
Apache, Sun,..)
-t <threads> (default -t 200)
-T timeout (default -T 15)
-w <logfile> (save scan dump to disk)
-h <ip1-ip2> (example -h 192.168.1.1-192.168.10.2
)
example:
fscan.exe -p 80,81 -p 443 -b 1 -h 192.168.0.1-192.168.1.254 -t 200 -T 20
c:\fscan.exe -p 80,81,82 -h 192.168.0.0-192.169.0.0 -T 20 -t 300 -w
logfile.txt
Scanning 65535 hosts (192.168.0.1 - 192.169.0.0)
Scanning 2 ports - bruteforce is active
Server Port status password banner
192.168.1.42 80 400 micro_httpd
192.168.3.149 80 404 HTTP/1.0
192.168.2.139 80 400 micro_httpd
192.168.5.24 80 400 micro_httpd
192.168.5.139 80 401 1234:1234 Unknown/0.0 UPnP/1.0
GlobespanVirata-EmWeb/R6_1_0
192.168.6.112 80 401 admin:1234 RomPager/4.07 UPnP/1.0
192.168.7.185 80 400 micro_httpd
192.168.7.191 80 400 micro_httpd
192.168.6.114 80 200 (admin:1234) (D-Link Wireless adsl
router)
192.168.4.238 80 401 not:found ENI-Web/R4_02
192.168.7.205 80 404 HTTP/1.0
192.168.8.241 80 404 HTTP/1.0
192.168.5.35 80 401 not:found RomPager/4.07 UPnP/1.0
192.168.7.200 80 200 not:found Boa/0.92o
192.168.10.113 80 401 admin:1234 ZyXEL-RomPager/3.02
192.168.10.82 80 400 micro_httpd
192.168.9.32 80 401 admin:123456 cisco-IOS
192.168.10.146 80 200 cisco-IOS
192.168.10.75 80 401 support:support micro_httpd
192.168.11.58 80 401 1234:1234 Unknown/0.0 UPnP/1.0
GlobespanVirata-EmWeb/R6_1_0
192.168.10.117 80 404 HTTP/1.0
192.168.7.8 80 401 not:found WindWeb/2.0
192.168.13.28 80 401 admin:1234 RomPager/4.07 UPnP/1.0
192.168.13.216 80 403 WindWeb/1.0.2
192.168.16.234 80 400 HTTP/1.0
192.168.15.105 80 401 1234:1234 Unknown/0.0 UPnP/1.0
GlobespanVirata-EmWeb/R6_1_0
192.168.18.128 80 401 1234:1234 RomPager/4.07 UPnP/1.0
192.168.6.57 80 401 not:found
Allegro-Software-RomPager/2.10
192.168.11.14 80 401 not:found RomPager/4.07 UPnP/1.0
192.168.1.89 80 401 not:found RomPager/4.07 UPnP/1.0
192.168.22.31 80 302 HTTP/1.0
192.168.21.150 80 401 1234:1234 RomPager/4.07 UPnP/1.0
192.168.13.247 81 401 not:found Vivotek Network Camera
192.168.22.28 80 401 1234:1234 Unknown/0.0 UPnP/1.0
GlobespanVirata-EmWeb/R6_1_0
192.168.23.162 80 404 HTTP/1.0
192.168.23.191 80 200 Camera Web Server/1.0
192.168.12.249 80 401 not:found RomPager/4.07 UPnP/1.0
192.168.12.165 80 401 not:found RomPager/4.07 UPnP/1.0
192.168.24.101 80 401 admin:1234 ZyXEL-RomPager/3.02
192.168.25.90 80 401 admin:admin
192.168.18.135 80 401 not:found ZyXEL-RomPager/3.02
please feel free to contact me to report bugs or new router signatures.
Andres Tarasco
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists