BruteSpray
by martin9 - April 16, 2021 at 02:25 PM
#1
BruteSpray

Supported Python versions Version

Created by: Shane Young/@t1d3nio && Jacob Robles/@shellfail

Inspired by: Leon Johnson/@Sho-luv

Credit to Medusa: JoMo-Kun / Foofus Networks - http://www.foofus.net
Demo

https://youtu.be/C-CVLbSEe_g
Description

BruteSpray takes nmap GNMAP/XML output or newline separated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.

Installation

pip install -r requirements.txt

On Kali:

apt-get install brutespray
Usage

First do an nmap scan with -oG nmap.gnmap or -oX nmap.xml.

Command: python brutespray.py -h

Command: python brutespray.py --file nmap.gnmap

Command: python brutesrpay.py --file nmap.xml

Command: python brutespray.py --file nmap.xml -i

Examples
Using Custom Wordlists:

python brutespray.py --file nmap.gnmap -U /usr/share/wordlist/user.txt -P /usr/share/wordlist/pass.txt --threads 5 --hosts 5
Brute-Forcing Specific Services:

python brutespray.py --file nmap.gnmap --service ftp,ssh,telnet --threads 5 --hosts 5
Specific Credentials:

python brutespray.py --file nmap.gnmap -u admin -p password --threads 5 --hosts 5
Continue After Success:

python brutespray.py --file nmap.gnmap --threads 5 --hosts 5 -c
Use Nmap XML Output

python brutespray.py --file nmap.xml --threads 5 --hosts 5
Use JSON Output

python brutespray.py --file out.json --threads 5 --hosts 5
Interactive Mode

python brutespray.py --file nmap.xml -i

Supported Services

    ssh
    ftp
    telnet
    vnc
    mssql
    mysql
    postgresql
    rsh
    imap
    nntp
    pcanywhere
    pop3
    rexec
    rlogin
    smbnt
    smtp
    svn
    vmauthd
    snmp

Data Specs

{"host":"127.0.0.1","port":"3306","service":"mysql"}
{"host":"127.0.0.10","port":"3306","service":"mysql"}
...

Combo Option

When you specify a combo option -C, it will read the specified file and attempt the host:user:pass on each discovered service from Nmap. If you just want to specify only a username and password leave the host blank as shown below.

:user:pass
:user1:pass1

or

127.0.0.1:user:pass
127.0.0.10:user1:pass1


BruteSpray Hidden Content
You must register or login to view this content.
Reply
#2
bruteforce login using python thanks let me try it
Reply
#3
tnx for sharing this with us
This forum account is currently banned. Ban Length: Permanent (N/A).
Ban Reason: Potentially Compromised Account
Reply
#4
bruteforce login using python thanks let me try it
Reply
#5
(April 16, 2021 at 02:25 PM)martin9 Wrote: BruteSpray

Supported Python versions Version

Created by: Shane Young/@t1d3nio && Jacob Robles/@shellfail

Inspired by: Leon Johnson/@Sho-luv

Credit to Medusa: JoMo-Kun / Foofus Networks - http://www.foofus.net
Demo

https://youtu.be/C-CVLbSEe_g
Description

BruteSpray takes nmap GNMAP/XML output or newline separated JSONS and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.

Installation

pip install -r requirements.txt

On Kali:

apt-get install brutespray
Usage

First do an nmap scan with -oG nmap.gnmap or -oX nmap.xml.

Command: python brutespray.py -h

Command: python brutespray.py --file nmap.gnmap

Command: python brutesrpay.py --file nmap.xml

Command: python brutespray.py --file nmap.xml -i

Examples
Using Custom Wordlists:

python brutespray.py --file nmap.gnmap -U /usr/share/wordlist/user.txt -P /usr/share/wordlist/pass.txt --threads 5 --hosts 5
Brute-Forcing Specific Services:

python brutespray.py --file nmap.gnmap --service ftp,ssh,telnet --threads 5 --hosts 5
Specific Credentials:

python brutespray.py --file nmap.gnmap -u admin -p password --threads 5 --hosts 5
Continue After Success:

python brutespray.py --file nmap.gnmap --threads 5 --hosts 5 -c
Use Nmap XML Output

python brutespray.py --file nmap.xml --threads 5 --hosts 5
Use JSON Output

python brutespray.py --file out.json --threads 5 --hosts 5
Interactive Mode

python brutespray.py --file nmap.xml -i

Supported Services

    ssh
    ftp
    telnet
    vnc
    mssql
    mysql
    postgresql
    rsh
    imap
    nntp
    pcanywhere
    pop3
    rexec
    rlogin
    smbnt
    smtp
    svn
    vmauthd
    snmp

Data Specs

{"host":"127.0.0.1","port":"3306","service":"mysql"}
{"host":"127.0.0.10","port":"3306","service":"mysql"}
...

Combo Option

When you specify a combo option -C, it will read the specified file and attempt the host:user:pass on each discovered service from Nmap. If you just want to specify only a username and password leave the host blank as shown below.

:user:pass
:user1:pass1

or

127.0.0.1:user:pass
127.0.0.10:user1:pass1


[Hidden Content] fsdvdsfdsfdsfdsfdsfsdfdsfds
dsfdsfdsfsdggsdgfdgd
Reply
#6
Thanks for the content, good share
This forum account is currently banned. Ban Length: Permanent (N/A).
Ban Reason: Potentially Compromised Account
Reply
#7
thank you for sharing! I will check it later!
This forum account is currently banned. Ban Length: Permanent (N/A).
Ban Reason: Mass Leeching
Reply

 Users browsing this thread: 1 Guest(s)