brutespray - Python bruteforce tool
brutespray [Usage]: brutespray [-h] -f FILE [-o OUTPUT] [-s
SERVICE] [-t THREADS] [-T HOSTS] [-U USERLIST] [-P PASSLIST] [-u USERNAME]
[-p PASSWORD] [-c] [-i] [-C HOST:USERNAME:PASSWORD] [-v LEVEL] [-w
LEVEL].
BruteSpray takes nmap GNMAP/JSON/XML output and automatically
brute-forces services with default credentials using Medusa.
BruteSpray can even find non-standard ports by using the -sV
inside Nmap.
- ○
- -f FILE, --file FILE
GNMAP, JSON or XML file to parse
- ○
- -o OUTPUT, --output OUTPUT
Directory containing successful attempts
- ○
- -s SERVICE, --service SERVICE
Specify service to attack
- ○
- -t THREADS, --threads THREADS
Number of medusa threads
- ○
- -T HOSTS, --hosts HOSTS
Number of hosts to test concurrently
- ○
- -U USERLIST, --userlist USERLIST
Reference a custom username file
- ○
- -P PASSLIST, --passlist PASSLIST
Reference a custom password file
- ○
- -u USERNAME, --username USERNAME
Specify a single username
- ○
- -p PASSWORD, --password PASSWORD
Specify a single password
- ○
- -c, --continuous
Keep brute-forcing after success
- ○
- -C HOST:USERNAME:PASSWORD, --combo HOST:USERNAME:PASSWORD
Specify a combo input (host:username:password)
- ○
- -i, --interactive
Interactive mode
- ○
- -v LEVEL, --verbose LEVEL
Verbose output from medusa. Can be set from 0 to 6 (default to 5)
- ○
- -w LEVEL, --debug LEVEL
Debug error output from medusa. Can be set from 0 to 10 (default to 5)
-
Commands:
- ○
- brutespray -h
- ○
- brutespray --file nmap.gnmap
- ○
- brutespray --file nmap.xml
- ○
- brutespray --file nmap.xml -i
-
- ○
- On github https://github.com/x90skysn3k/brutespray
- ○
- nmap(1)
-
Stephane Neveu stefneveu@gmail.com