Nmap calculates the percent-done timing of NSE by a simple calculation:
progress("printStats", 1-(nr+nw)/total);
Where nr
is the number of running NSE threads, nw
is the number of waiting threads, and total
is the total number of threads launched. In this case, http-joomla-brute is a single-threaded script, and you only are running one of them, so it will show "0.00% done" until it is completely done.
In a previous question, you asked for and received an answer on how to bypass the default 10-minute limit on brute forcing attempts. Without this limit, it is very difficult to tell how much longer it will take your script to finish. You can get diagnostic output by increasing the debug level to 2 with the -d2
option or by pressing d twice while running. You may be able to observe the particular usernames and passwords being attempted, and infer from that how far through your lists the script has gone.