Tuesday, May 5, 2020

BruteSpray: A Brute-forcer From Nmap Output And Automatically Attempts Default Creds On Found Services


About BruteSpray: BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.

BruteSpay's Installation
   With Debian users, the only thing you need to do is this command:
sudo apt install brutespray

   For Arch Linux user, you must install Medusa first: sudo pacman -S medusa

   And then, enter these commands to install BruteSpray:


Supported Services: ssh, ftp, telnet, vnc, mssql, mysql, postgresql, rsh, imap, nntpp, canywhere, pop3, rexec, rlogin, smbnt, smtp, svn, vmauthdv, snmp.

How to use BruteSpray?

   First do an Nmap scan with -oG nmap.gnmap or -oX nmap.xml.
   Command: python3 brutespray.py -h
   Command: python3 brutespray.py --file nmap.gnmap
   Command: python3 brutesrpay.py --file nmap.xml
   Command: python3 brutespray.py --file nmap.xml -i

   You can watch more details here:

Examples

   Using Custom Wordlists:
python3 brutespray.py --file nmap.gnmap -U /usr/share/wordlist/user.txt -P /usr/share/wordlist/pass.txt --threads 5 --hosts 5

   Brute-Forcing Specific Services:
python3 brutespray.py --file nmap.gnmap --service ftp,ssh,telnet --threads 5 --hosts 5

   Specific Credentials:
python3 brutespray.py --file nmap.gnmap -u admin -p password --threads 5 --hosts 5

   Continue After Success:
python3 brutespray.py --file nmap.gnmap --threads 5 --hosts 5 -c

   Use Nmap XML Output:
python3 brutespray.py --file nmap.xml --threads 5 --hosts 5

   Use JSON Output:
python3 brutespray.py --file out.json --threads 5 --hosts 5

   Interactive Mode: python3 brutespray.py --file nmap.xml -i

Data Specs
{"host":"127.0.0.1","port":"3306","service":"mysql"}
{"host":"127.0.0.10","port":"3306","service":"mysql"}
...


Changelog: Changelog notes are available at CHANGELOG.md.

You might like these similar tools:

More information


  1. Hacking Day
  2. Hacking Background
  3. Hacking Web Sql Injection Pdf
  4. Hacking Etico Libro
  5. Hacking Games Online
  6. Funnel Hacking Live
  7. Aprender Seguridad Informatica
  8. El Mejor Hacker Del Mundo
  9. El Libro Del Hacker
  10. Elhacker Ip
  11. Marketing Growth Hacking
  12. Hacking Python
  13. Growth Hacking Instagram

No comments:

Post a Comment