Nmap frozen on NSE Timing phase

StackOverflow https://stackoverflow.com/questions/22826208

  •  26-06-2023
  •  | 
  •  

Question

I ran this script in Terminal:

nmap -p 80 --script http-joomla-brute --script-args 'passdb=/Users/abc/Documents/passwords.txt,http-joomla-brute.threads=5,brute.firstonly=true, unpwdb.timelimit=0' my.website.here.

It displays this:

Starting Nmap 6.40-2 ( http://nmap.org ) at 2014-04-02 19:39 EDT
Stats: 0:02:21 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:03:41 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:46 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:50 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:51 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:51 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:52 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:52 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:05:52 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:07:18 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:15:55 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:16:03 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:17:50 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:22:06 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done
Stats: 0:22:22 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan
NSE Timing: About 0.00% done

It's been doing this for more than an hour. What is the problem?

Thank you for any help you can give.

Was it helpful?

Solution

Nmap calculates the percent-done timing of NSE by a simple calculation:

   progress("printStats", 1-(nr+nw)/total);

Where nr is the number of running NSE threads, nw is the number of waiting threads, and total is the total number of threads launched. In this case, http-joomla-brute is a single-threaded script, and you only are running one of them, so it will show "0.00% done" until it is completely done.

In a previous question, you asked for and received an answer on how to bypass the default 10-minute limit on brute forcing attempts. Without this limit, it is very difficult to tell how much longer it will take your script to finish. You can get diagnostic output by increasing the debug level to 2 with the -d2 option or by pressing d twice while running. You may be able to observe the particular usernames and passwords being attempted, and infer from that how far through your lists the script has gone.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top