passwords.bro (inadvertently missing from 0.9a8)

Vern · February 25, 2005, 9:00pm

# $Id: passwords.bro,v 1.1 2004/11/02 23:59:55 vern Exp $

# Generates notices of exposed passwords. Currently just works
# on telnet/rlogin access. Should be extended to do FTP, HTTP, etc.

@load login

redef enum Notice += {
PasswordExposed,
};

# Usernames which we ignore.
global okay_usernames: set[string] &redef;

# Passwords which we ignore.
global okay_passwords = { "", "<none>" } &redef;

event login_success(c:connection, user: string, client_user: string,
      password: string, line: string)
  {
  if ( user in okay_usernames || password in okay_passwords )
    return;

  NOTICE([$note=PasswordExposed,
    $conn=c,
    $user=user,
    $sub=password,
    $msg="login exposed user's password"]);
  }

Topic		Replies	Views
bro email, cleartext passwords Zeek	1	98	May 6, 2022
rsh.bro (inadvertently missing from 0.9a8) Zeek	1	61	May 6, 2022
Bro Script to detect plain text passwords? Zeek	6	81	May 6, 2022
Learning the Bro Scripting Language Part 3 - Detecting basic auth and going from evidence to practical use in Bro Zeek	5	65	May 6, 2022
bro 0.6 alpha now available Zeek	1	69	May 6, 2022

passwords.bro (inadvertently missing from 0.9a8)

Related Topics