top of page
Search

Brutespray – Port Scanning and Automated Brute Force Tool

  • Writer: Security Unleashed
    Security Unleashed
  • Oct 18, 2018
  • 1 min read


ree

BruteSpray takes nmap GNMAP/XML output and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.


Installation


Download from :


https://github.com/x90skysn3k/brutespray.git


pip install -r requirements.txt


On Kali:

apt-get install brutespray

Usage


First do an nmap scan with -oG nmap.gnmap or -oX nmap.xml.

Command: python brutespray.py -h

Command: python brutespray.py --file nmap.gnmap

Command: python brutesrpay.py --file nmap.xml

Command: python brutespray.py --file nmap.xml -i


ree

Attackers Machine(Kali Linux 2.0)

  • execute command  ./brutespray.py python script with 777 Permissions ( read,write,execute)


ree

Scanning victim website

  • Start scanning your victim website or internal network with Nmap to check open ports and services.

  • Below Image illustrate Nmap scan followed by saving an output of nmap results with a filename.

  • Command executed: nmap –vv -n -oA Outputfilename

  • Here -oA is Output in all formats(.xml,.gnmap,nmap)

ree

Nmap Output Mode

  • Previous Nmap scan will be saved in the .xml format as an output file.

  • This Output file (XML FILE) used to perform brute force attacks against open ports of the victim.

  • Below image illustrate Nmap scan output file as cybertechops.nmap

ree

Examples


Using Custom Wordlists:

python brutespray.py --file nmap.gnmap -U /usr/share/wordlist/user.txt -P /usr/share/wordlist/pass.txt --threads 5 --hosts 5


Brute-Forcing Specific Services:

python brutespray.py --file nmap.gnmap --service ftp,ssh,telnet --threads 5 --hosts 5


Specific Credentials:

python brutespray.py --file nmap.gnmap -u admin -p password --threads 5 --hosts 5


Continue After Success:

python brutespray.py --file nmap.gnmap --threads 5 --hosts 5 -c


Use Nmap XML Output

python brutespray.py --file nmap.xml --threads 5 --hosts 5


Interactive Mode

python brutespray.py --file nmap.xml -i



ree

Supported Services

  • ssh

  • ftp

  • telnet

  • vnc

  • mssql

  • mysql

  • postgresql

  • rsh

  • imap

  • nntp

  • pcanywhere

  • pop3

  • rexec

  • rlogin

  • smbnt

  • smtp

  • svn

  • vmauthd

  • snmp

Video Tutorial




Comments

©2019 Security Unleashed 

bottom of page