Created by: Shane Young/@t1d3nio && Jacob Robles/@shellfail
Inspired by: Leon Johnson/@sho-luv
Brutespray has been updated to golang. Without needing to rely on other tools this version will be extensible to bruteforce many different services and is way faster than it's Python counterpart. Currently Brutespray takes Nmap GNMAP/XML output, newline separated JSON, Nexpose XML Export
output, Nessus .nessus
exports, and lists. It will bruteforce supported servics found in those files. This tool is for research purposes and not intended for illegal use.
To Build:
go build -o brutespray main.go
If using Nmap, scan with -oG nmap.gnmap
or -oX nmap.xml
.
If using Nexpose, export the template XML Export
.
If using Nessus, export your .nessus
file.
Command: brutespray -h
Command: brutespray -f nmap.gnmap -u userlist -p passlist
Command: brutespray -f nmap.xml -u userlist -p passlist
Command: brutespray -H ssh://127.0.0.1:22 -u userlist -p passlist
brutespray -f nmap.gnmap -u /usr/share/wordlist/user.txt -p /usr/share/wordlist/pass.txt -t 5
brutespray -f nmap.gnmap -u admin -p password -s ftp,ssh,telnet -t 5
brutespray -f nmap.gnmap -u admin -p password -t 5
brutespray -f nmap.xml -u admin -p password -t 5
brutespray -f out.json -u admin -p password -t 5
brutespray -H ssh://10.1.1.0/24:22 -t 1000
- ssh
- ftp
- telnet
- mssql
- postgresql
- imap
- pop3
- smbnt
- smtp
- snmp
- mysql
- vmauthd
- vnc
- rdp
- asterisk
{"host":"127.0.0.1","port":"3306","service":"mysql"}
{"host":"127.0.0.10","port":"3306","service":"mysql"}
If using Nexpose, export the template XML Export
.
If using Nessus, export your .nessus
file.
List example
ssh:127.0.0.1:22
ftp:127.0.0.1:21