BruteSpray: A Brute-forcer From Nmap Output And Automatically Attempts Default Creds On Found Services

About BruteSpray: BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.

BruteSpay's Installation

   With Debian users, the only thing you need to do is this command:
sudo apt install brutespray

   For Arch Linux user, you must install Medusa first: sudo pacman -S medusa

   And then, enter these commands to install BruteSpray:

Supported Services: ssh, ftp, telnet, vnc, mssql, mysql, postgresql, rsh, imap, nntpp, canywhere, pop3, rexec, rlogin, smbnt, smtp, svn, vmauthdv, snmp.

How to use BruteSpray?

   First do an Nmap scan with -oG nmap.gnmap or -oX nmap.xml.
   Command: python3 brutespray.py -h
   Command: python3 brutespray.py --file nmap.gnmap
   Command: python3 brutesrpay.py --file nmap.xml
   Command: python3 brutespray.py --file nmap.xml -i

   You can watch more details here:

Examples

   Using Custom Wordlists:
python3 brutespray.py --file nmap.gnmap -U /usr/share/wordlist/user.txt -P /usr/share/wordlist/pass.txt --threads 5 --hosts 5

   Brute-Forcing Specific Services:
python3 brutespray.py --file nmap.gnmap --service ftp,ssh,telnet --threads 5 --hosts 5

   Specific Credentials:
python3 brutespray.py --file nmap.gnmap -u admin -p password --threads 5 --hosts 5

   Continue After Success:
python3 brutespray.py --file nmap.gnmap --threads 5 --hosts 5 -c

   Use Nmap XML Output:
python3 brutespray.py --file nmap.xml --threads 5 --hosts 5

   Use JSON Output:
python3 brutespray.py --file out.json --threads 5 --hosts 5

   Interactive Mode: python3 brutespray.py --file nmap.xml -i

Data Specs
{"host":"127.0.0.1","port":"3306","service":"mysql"}
{"host":"127.0.0.10","port":"3306","service":"mysql"}
...

Changelog: Changelog notes are available at CHANGELOG.md.

You might like these similar tools:

• BruteDum: Brute Force attacks SSH, FTP, Telnet, PostgreSQL, RDP, VNC with Hydra, Medusa and Ncrack
• FTPBruter: A FTP Server Brute forcing tool written in Python 3
• Blazy - Crack Website Logins in seconds with Bruteforce attacks
• SocialBox: A Bruteforce Attack Framework for Social Networks
• Ncrack: An High-speed Open-source Network cracking tool
• Medusa: A Speedy, Parallel And Modular Login Brute-forcing Tool

Download BruteSpray

Related articles

1. Pentest Automation Tools
2. Install Pentest Tools Ubuntu
3. Hacking Tools And Software
4. Hacking Tools 2019
5. Hack Tools For Ubuntu
6. Hack Tool Apk
7. Pentest Tools Bluekeep
8. Hacking Tools Pc
9. Pentest Tools Framework
10. Pentest Tools Android
11. Pentest Automation Tools
12. Hacker Tools Github
13. Hack Tools
14. Pentest Automation Tools
15. Growth Hacker Tools
16. Pentest Tools Linux
17. Hacker
18. Pentest Tools List
19. Tools 4 Hack
20. Hacker Tools 2019
21. Hacking Tools Kit
22. What Is Hacking Tools
23. Hacking Tools Free Download
24. Ethical Hacker Tools
25. Hacker Tool Kit
26. Pentest Tools For Android