Skip to content

Bruteforcing from various scanner output - Automatically attempts default creds on found services.

License

Notifications You must be signed in to change notification settings

x90skysn3k/brutespray

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

BruteSpray

VersiongoreleaserGo Report Card

Created by: Shane Young/@t1d3nio && Jacob Robles/@shellfail

Inspired by: Leon Johnson/@sho-luv

Description

Brutespray has been re-written in Golang, eliminating the requirement for additional tools. This enhanced version is more extensive and operates at a significantly faster pace than its Python counterpart. As of now, Brutespray accepts input from Nmap's GNMAP/XML output, newline-separated JSON files, Nexpose's XML Export feature, Nessus exports in .nessus format, and various lists. Its intended purpose is for educational and ethical hacking research only; do not use it for illegal activities.

Installation

Release Binaries

To Build:

go build -o brutespray main.go

Usage

If using Nmap, scan with -oA nmap_out. If using Nexpose, export the template XML Export.

If using Nessus, export your .nessus file.

Command: brutespray -h

Command: brutespray -f nmap.gnmap -u userlist -p passlist

Command: brutespray -f nmap.xml -u userlist -p passlist

Command: brutespray -H ssh://127.0.0.1:22 -u userlist -p passlist

Command: brutespray -H ssh://127.0.0.1 -C root:root

Examples

Using Custom Wordlists:

brutespray -f nmap.gnmap -u /usr/share/wordlist/user.txt -p /usr/share/wordlist/pass.txt -t 5

Brute-Forcing Specific Services:

brutespray -f nmap.gnmap -u admin -p password -s ftp,ssh,telnet -t 5

Specific Credentials:

brutespray -f nmap.gnmap -u admin -p password -t 5

Use Nmap XML Output

brutespray -f nmap.xml -u admin -p password -t 5

Use JSON Output

brutespray -f out.json -u admin -p password -t 5

Bruteforce a CIDR range

brutespray -H ssh://10.1.1.0/24:22 -t 1000

Print Found Services

brutespray -f nessus.nessus -P -q

Supported Services

  • ssh
  • ftp
  • telnet
  • mssql
  • postgresql
  • imap
  • pop3
  • smbnt
  • smtp
  • snmp
  • mysql
  • vmauthd
  • vnc
  • mongodb
  • nntp
  • asterisk
  • teamspeak
  • oracle
  • xmpp
  • rdp

Services in Beta

  • asterisk
  • nntp
  • oracle
  • xmpp
  • rdp (currently local domain is supported)

Feel free to open an issue if these work, or if you have any issues

Services in Progress

  • rdp - the issue is no one has written a good library for NLA

Data Specs

{"host":"127.0.0.1","port":"3306","service":"mysql"}
{"host":"127.0.0.10","port":"3306","service":"mysql"}

If using Nexpose, export the template XML Export.

If using Nessus, export your .nessus file.

List example

ssh:127.0.0.1:22
ftp:127.0.0.1:21
...

Combo wordlist example

user:pass
user1:pass1
user2:pass2
user3:pass
user4:pass1
...

Planned Features

  • Add domain option for RDP, SMB
  • Ability to set proxy
  • Ability to select interface
  • More modules
  • Better connection handling

Star History

Star History Chart

About

Bruteforcing from various scanner output - Automatically attempts default creds on found services.

Resources

License

Stars

Watchers

Forks

Packages