Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
rexec-brute.nse returns false positives #1090
The rexec-brute.nse script reports username:password combinations as "valid credentials" even though the response from the server is "rexecd: Login incorrect".
After looking at the source of the script it looks like it reports every tried user:pass combination as valid as long as the server sends a response. (https://svn.nmap.org/nmap/scripts/rexec-brute.nse)