You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm happy to do the dev. just not sure this repo is really the latest...
So on the specific tab, you have the option to include a success login string. I know you can to nmap -sV and get detail, but that detail does not always reveal the exact string to expect.
How about adding a negative.
When you target a host, you know exactly what the denied message looks like. So having a negative response makes more sense to detect a failure. a pass would be anything that does not look like the failure message. I think this is a better way to deal with false positives.
Case in point... Chinese ipcams. They use some very custom busybox setups. success is not always just ~# or ~$
But the failure is always consistent.
The text was updated successfully, but these errors were encountered:
Initially the implementation was like that, but the issue is that packets get lost, timeouts occur, devices behave erratically etc and then final packet gets lost and a false positive is detected resulting in stop of the test.
If you want to implement it though go for it and I will merge the PR. It just should be optional, it cannot be the new default :)
I'm happy to do the dev. just not sure this repo is really the latest...
So on the specific tab, you have the option to include a success login string. I know you can to nmap -sV and get detail, but that detail does not always reveal the exact string to expect.
How about adding a negative.
When you target a host, you know exactly what the denied message looks like. So having a negative response makes more sense to detect a failure. a pass would be anything that does not look like the failure message. I think this is a better way to deal with false positives.
Case in point... Chinese ipcams. They use some very custom busybox setups. success is not always just ~# or ~$
But the failure is always consistent.
The text was updated successfully, but these errors were encountered: