BruteSpray takes nmap GNMAP/XML output and automatically brute-forces services with default credentials using Medusa. It can even find non-standard ports by using the -sV inside Nmap.

Supported Services

• ssh
• ftp
• telnet
• vnc
• mssql
• mysql
• postgresql
• rsh
• imap
• nntp
• pcanywhere
• pop3
• rexec
• rlogin
• smbnt
• smtp
• svn
• vmauthd

Changelog v1.8.1

• minor spelling fix
• requirements update
• dependency clean
• banner changes

Installation

git clone https://github.com/x90skysn3k/brutespray.git

Usage

First, do a nmap scan with -oG nmap.gnmap or -oX nmap.xml.

Command: python brutespray.py -h

Examples

Using Custom Wordlists:

python brutespray.py –file nmap.gnmap -U /usr/share/wordlist/user.txt -P /usr/share/wordlist/pass.txt –threads 5 –hosts 5

Brute-Forcing Specific Services: –file nmap.gnmap –service ftp,ssh,telnet –threads 5 –hosts 5

Specific Credentials: –file nmap.gnmap -u admin -p password –threads 5 –hosts 5

Continue After Success:–file nmap.gnmap –threads 5 –hosts 5 -c

Use Nmap XML Output: –file nmap.xml –threads 5 –hosts 5

Interactive Mode: –file nmap.xml -i

Demo

Copyright (c) [2017] [Shane Young]

Source: https://github.com/x90skysn3k/