Using Hydra, Ncrack, and other brute-forcing tools to crack passwords for the first time can be frustrating and confusing. To ease into the process, let's discuss automating and optimizing brute-force attacks for potentially vulnerable services such as SMTP, SSH, IMAP, and FTP discovered by Nmap, a popular network scanning utility.
BruteSpray, developed by Jacob Robles and Shane Young, is a Python script capable of processing an Nmap scan output and automating brute-force attacks against discovered services using Medusa, a popular brute-forcing tool. BruteSpray is the much-needed nexus that unifies Nmap scans and brute-force attacks.
[embedded content]
Step 1: Set Up BruteSpray & Medusa
An older version of BruteSpray can be found in the Kali repositories. To avoid potential confusion, any version of BruteSpray which may already be installed should be removed using the below apt-get command.
~$ apt-get autoremove brutespray Reading package lists... Done
Building dependency tree
Reading state information... Done
Package 'brutespray' is not installed, so not removed
The following packages will be REMOVED: libgit2-27
0 upgraded, 0 newly installed, 1 to remove and 1841 not upgraded.
After this operation, 1,073 kB disk space will be freed.
Do you want ..
Support the originator by clicking the read the rest link below.
