TODO nmap input file clarification

[petrock6]

The TODO file says -oM files should be supported from nmap. The current version of nmap doesn't have a -oM output flag. If I started to work on this, would XML be acceptable?

If I understand correctly, the goal is to import nmap output files into hydra so that any hosts with a specific service running will be added to a bruteforcing queue. A potential problem will be when some services are running on nonstandard ports, which may result in bruteforcing on incorrect services. Perhaps it can just force the user to specify a port option?

[vanhauser-thc]

it is more difficult than that :) e.g. it would not make sense to attack ftp, telnet and ssh if they are all there, but e.g. snmp and oracle would. also - they would require different login/password lists.

So I am not sure this feature would make sense.

I put it in as a maybe thing if it would make sense. So far I did not find a way which would make it obvious for users how it works and that it is a useful feature too.

[petrock6]

Perhaps there can be an argument like -nmap "nmap args" -- so hydra will actually call nmap. Additionally, hydra can force that users specify a list of services in nmap (or at least a list of port numbers.)

As per the different login/password lists, I can't think of any solution that is user friendly. Maybe tell users something like:

hydra -L users -P passes -nmap "-p21,22,25 192.168.1.*"

Where users isn't users.txt, but instead: users.ftp.txt users.ssh.txt users.smtp.txt

And passes isn't passes.txt, but instead: passes.ftp.txt passes.ssh.txt passes.smtp.txt

Or for the lazy users who want to use only one user and one pass file, add an option like "--nmap-force-single-user-file" or "--nmap-force-single-password-file."

A bit hackish, but someone who reads the man should be able to figure it out.

As per actually getting multiple services cracking at once... it's gonna need a LOT of code rewriting.