brutespray: Automatically attempts default creds on found services
brutespray
Brutespray has been updated to golang. Without needing to rely on other tools this version will be extensible to bruteforce many different services and is way faster than its Python counterpart. Currently, Brutespray takes Nmap GNMAP/XML output, newline separated JSON, Nexpose XML Export output, Nessus .nessus exports, and lists. It will bruteforce supported services found in those files. This tool is for research purposes and is not intended for illegal use.
Supported Services
- ssh
- ftp
- telnet
- mssql
- postgresql
- imap
- pop3
- smbnt
- smtp
- snmp
- mysql
- vmauthd
- vnc
- mongodb
- nntp
- asterisk
- teamspeak
- oracle
- xmpp
- rdp
Services in Beta
- asterisk
- nntp
- oracle
- xmpp
- rdp (currently local domain is supported)
Usage
If using Nmap, scan with -oG nmap.gnmap or -oX nmap.xml.
If using Nexpose, export the template XML Export.
If using Nessus, export your .nessus file.
Command: brutespray -h
Command: brutespray -f nmap.gnmap -u userlist -p passlist
Command: brutespray -f nmap.xml -u userlist -p passlist
Command: brutespray -H ssh://127.0.0.1:22 -u userlist -p passlist
Example
Using Custom Wordlists:
brutespray -f nmap.gnmap -u /usr/share/wordlist/user.txt -p /usr/share/wordlist/pass.txt -t 5
Brute-Forcing Specific Services:
brutespray -f nmap.gnmap -u admin -p password -s ftp,ssh,telnet -t 5
Specific Credentials:
brutespray -f nmap.gnmap -u admin -p password -t 5
Use Nmap XML Output
brutespray -f nmap.xml -u admin -p password -t 5
Use JSON Output
brutespray -f out.json -u admin -p password -t 5
Bruteforce a CIDR range
brutespray -H ssh://10.1.1.0/24:22 -t 1000
Download
Copyright (c) 2023 t1d3nio