brutespray v1.8.1 released: Brute-Forcing from Nmap output

BruteSpray takes nmap GNMAP/XML output and automatically brute-forces services with default credentials using Medusa. It can even find non-standard ports by using the -sV inside Nmap.

Supported Services

  • ssh
  • ftp
  • telnet
  • vnc
  • mssql
  • mysql
  • postgresql
  • rsh
  • imap
  • nntp
  • pcanywhere
  • pop3
  • rexec
  • rlogin
  • smbnt
  • smtp
  • svn
  • vmauthd

Changelog v1.8.1

  • minor spelling fix
  • requirements update
  • dependency clean
  • banner changes


git clone



First, do a nmap scan with -oG nmap.gnmap or -oX nmap.xml.

Command: python -h



Using Custom Wordlists:

python –file nmap.gnmap -U /usr/share/wordlist/user.txt -P /usr/share/wordlist/pass.txt –threads 5 –hosts 5

Brute-Forcing Specific Services: –file nmap.gnmap –service ftp,ssh,telnet –threads 5 –hosts 5

Specific Credentials: –file nmap.gnmap -u admin -p password –threads 5 –hosts 5

Continue After Success:–file nmap.gnmap –threads 5 –hosts 5 -c

Use Nmap XML Output: –file nmap.xml –threads 5 –hosts 5

Interactive Mode: –file nmap.xml -i


Copyright (c) [2017] [Shane Young]