• Stars
    star
    2,018
  • Rank 22,933 (Top 0.5 %)
  • Language
    Go
  • License
    MIT License
  • Created over 7 years ago
  • Updated about 2 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Bruteforcing from various scanner output - Automatically attempts default creds on found services.

BruteSpray

Supported Python versions Version

Created by: Shane Young/@t1d3nio && Jacob Robles/@shellfail

Inspired by: Leon Johnson/@sho-luv

Credit to Medusa: JoMo-Kun / Foofus Networks - http://www.foofus.net

Demo

https://youtu.be/C-CVLbSEe_g

Description

BruteSpray takes Nmap GNMAP/XML output, newline separated JSON, Nexpose XML Export output or Nessus .nessus exports and automatically brute-forces services with default credentials using Medusa. BruteSpray finds non-standard ports, make sure to use -sV with Nmap.

Brutespray uses Python standard libraries.

Installation

pip install -r requirements.txt

On Kali:

apt-get install brutespray

Usage

If using Nmap, scan with -oG nmap.gnmap or -oX nmap.xml.

If using Nexpose, export the template XML Export.

If using Nessus, export your .nessus file.

Command: python brutespray.py -h

Command: python brutespray.py --file nmap.gnmap

Command: python brutespray.py --file nmap.xml

Command: python brutespray.py --file nmap.xml -i

Examples

Using Custom Wordlists:

python brutespray.py --file nmap.gnmap -U /usr/share/wordlist/user.txt -P /usr/share/wordlist/pass.txt --threads 5 --hosts 5

Brute-Forcing Specific Services:

python brutespray.py --file nmap.gnmap --service ftp,ssh,telnet --threads 5 --hosts 5

Specific Credentials:

python brutespray.py --file nmap.gnmap -u admin -p password --threads 5 --hosts 5

Continue After Success:

python brutespray.py --file nmap.gnmap --threads 5 --hosts 5 -c

Use Nmap XML Output

python brutespray.py --file nmap.xml --threads 5 --hosts 5

Use JSON Output

python brutespray.py --file out.json --threads 5 --hosts 5

Interactive Mode

python brutespray.py --file nmap.xml -i

Supported Services

  • ssh
  • ftp
  • telnet
  • vnc
  • mssql
  • mysql
  • postgresql
  • rsh
  • imap
  • nntp
  • pcanywhere
  • pop3
  • rexec
  • rlogin
  • smbnt
  • smtp
  • svn
  • vmauthd
  • snmp

Data Specs

{"host":"127.0.0.1","port":"3306","service":"mysql"}
{"host":"127.0.0.10","port":"3306","service":"mysql"}
...

If using Nexpose, export the template XML Export.

If using Nessus, export your .nessus file.

Combo Option

When you specify a combo option -C, it will read the specified file and attempt the host:user:pass on each discovered service from Nmap. If you just want to specify only a username and password leave the host blank as shown below.

:user:pass
:user1:pass1

or

127.0.0.1:user:pass
127.0.0.10:user1:pass1

Changelog

Changelog notes are available at CHANGELOG.md