nnposter

The script is working as expected. The key difference is that Metasploit default user list, `wordlists/unix_users.txt`, has 113 entries, while the nmap equivalent, `nselib/data/usernames.lst`, has only 10. Here is the...

This is turning out to require a little more thought: Compared to file `wordlists/unix_users.txt` in Metasploit, file `nselib/data/usernames.lst` is used more broadly, including being the default username list for `unpwdb`,...

Please share any publicly reachable target on which this issue can be reproduced. The target shown in the original trace is not reachable and random sampling of internet-facing MQTT targets...

Please feel free to reopen the issue if you have a target on which this issue can be reproduced.

I have just tested Nmap 7.95 against Mosquitto 2.0.20 and I cannot reproduce it. ``` Host is up, received arp-response (0.00064s latency). Scanned at 2024-12-15 14:13:42 MST for 17s PORT...

Please elaborate on your rationale for calling `MQTT.length_parse()` with a third argument, while the function takes only two: https://github.com/nmap/nmap/blob/75f6b387feed122175e5a2cf73cb24bfb98944b0/nselib/mqtt.lua#L830

Please feel free to reopen if you have additional details.

FWIW, I have been statically linking a custom-built and patched OpenSSL for years to maintain better interoperability. Without that, quite a few of my [default credential probes](https://github.com/nnposter/nndefaccts) would not work...

I have found targets that are using small DH keys, which OpenSSL blocks _outright_. This restriction cannot be bypassed with `SSL_CTX_set_security_level()`. ``` --- a/ssl/ssl_cert.c 2025-07-01 06:11:11.000000000 -0600 +++ b/ssl/ssl_cert.c 2025-07-27...

Given the limited description, too many possibilities to list here. I would recommend to start with narrowing down the issue. Can you ping the AP from the scanner? What ports...