Wednesday, May 6, 2020

BruteSpray: A Brute-forcer From Nmap Output And Automatically Attempts Default Creds On Found Services

About BruteSpray: BruteSpray takes nmap GNMAP/XML output or newline seperated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.

BruteSpay's Installation
   With Debian users, the only thing you need to do is this command:
sudo apt install brutespray

   For Arch Linux user, you must install Medusa first: sudo pacman -S medusa

   And then, enter these commands to install BruteSpray:

Supported Services: ssh, ftp, telnet, vnc, mssql, mysql, postgresql, rsh, imap, nntpp, canywhere, pop3, rexec, rlogin, smbnt, smtp, svn, vmauthdv, snmp.

How to use BruteSpray?

   First do an Nmap scan with -oG nmap.gnmap or -oX nmap.xml.
   Command: python3 -h
   Command: python3 --file nmap.gnmap
   Command: python3 --file nmap.xml
   Command: python3 --file nmap.xml -i

   You can watch more details here:


   Using Custom Wordlists:
python3 --file nmap.gnmap -U /usr/share/wordlist/user.txt -P /usr/share/wordlist/pass.txt --threads 5 --hosts 5

   Brute-Forcing Specific Services:
python3 --file nmap.gnmap --service ftp,ssh,telnet --threads 5 --hosts 5

   Specific Credentials:
python3 --file nmap.gnmap -u admin -p password --threads 5 --hosts 5

   Continue After Success:
python3 --file nmap.gnmap --threads 5 --hosts 5 -c

   Use Nmap XML Output:
python3 --file nmap.xml --threads 5 --hosts 5

   Use JSON Output:
python3 --file out.json --threads 5 --hosts 5

   Interactive Mode: python3 --file nmap.xml -i

Data Specs

Changelog: Changelog notes are available at

You might like these similar tools:

Related news


Post a Comment


Twitter Delicious Facebook Digg Stumbleupon Favorites