BruteSpray takes nmap GNMAP/XML output and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.
Installation
pip install -r requirements.txtOn Kali:
apt-get install brutesprayUsage
First do an nmap scan with -oG nmap.gnmap or -oX nmap.xml.
Command:
python brutespray.py -hCommand:
python brutespray.py --file nmap.gnmapCommand:
python brutesrpay.py --file nmap.xmlCommand:
python brutespray.py --file nmap.xml -iExamples
Using Custom Wordlists:
python brutespray.py --file nmap.gnmap -U /usr/share/wordlist/user.txt -P /usr/share/wordlist/pass.txt --threads 5 --hosts 5Brute-Forcing Specific Services:
python brutespray.py --file nmap.gnmap --service ftp,ssh,telnet --threads 5 --hosts 5Specific Credentials:
python brutespray.py --file nmap.gnmap -u admin -p password --threads 5 --hosts 5Continue After Success:
python brutespray.py --file nmap.gnmap --threads 5 --hosts 5 -cUse Nmap XML Output
python brutespray.py --file nmap.xml --threads 5 --hosts 5Interactive Mode
python brutespray.py --file nmap.xml -i
Supported Services
- ssh
- ftp
- telnet
- vnc
- mssql
- mysql
- postgresql
- rsh
- imap
- nntp
- pcanywhere
- pop3
- rexec
- rlogin
- smbnt
- smtp
- svn
- vmauthd
- snmp
Changelog
- v1.6.0
- added support for SNMP
- v1.5.3
- adjustments to wordlists
- v1.5.2
- change tmp and output directory behavior
- v1.5.1
- added check for no services
- v1.5
- added interactive mode
- v1.4
- added ability to use nmap XML
- v1.3
- added the ability to stop on success
- added the ability to reference custom userlists and passlists
- added the ability to specify specific users & passwords
Add Comment