Password Attacksbruteforcepasswordmedusanmapgnmapsshftpmysql

Brutespray

Brutespray is a bruteforce tool that automates password spraying against services discovered in Nmap scans and other vulnerability scanner outputs. It supports interactive mode and has been rewritten in Golang for faster performance without external dependencies.

Description

Brutespray automates the process of bruteforcing services identified in scan results from tools like Nmap, Nexpose, and Nessus. It takes inputs in formats such as GNMAP, XML, JSON, and .nessus files, parsing hosts and open services for targeted password attacks. The tool uses Medusa as its backend engine for the actual bruteforcing operations across protocols like FTP, SSH, and MySQL.

Common use cases include attacking all services in a Nmap scan with custom user and password wordlists, or entering interactive mode to selectively bruteforce specific services. It supports threading for parallel host and thread execution to optimize speed. The Golang rewrite eliminates the need for additional tools, making it faster and more extensive than the original Python version.

Brutespray is particularly useful in penetration testing scenarios where large numbers of hosts with common services need credential testing. It provides progress indicators and supports combo wordlists or single credentials alongside dictionary attacks.

How It Works

Brutespray parses scanner outputs (Nmap GNMAP/XML, Nexpose XML, Nessus .nessus, JSON lists) to extract hosts and open services/ports. It then launches Medusa bruteforcing sessions against identified services like FTP (port 21), SSH (port 22), MySQL (port 3306), using specified userlists, passlists, or combo files. The tool manages parallel threads (-t) and parallel hosts (-T) for concurrent attacks, displaying real-time progress like 'ACCOUNT CHECK: [mysql] Host: IP User: name Password: pass'. Interactive mode prompts for service selection, thread counts, wordlists, and single credentials. The Golang version operates independently without external tool dependencies.

Installation

bash

sudo apt install brutespray

Flags

--fileSpecify input file like nas.gnmap containing scan results

-USpecify user wordlist file

-PSpecify password wordlist file

--threadsNumber of parallel threads per service

--hostsNumber of parallel hosts to scan per service

-iEnable interactive mode

-fSpecify file in interactive mode

-CSpecify a combo wordlist delimited by ':', example: user1:password

-HTarget in the format service://host:port, CIDR ranges supported

-PPrint found hosts parsed from provided host and file arguments

-SList all supported services

-TNumber of parallel hosts (inferred from context)

Examples

Attack all services in nas.gnmap with a specific user list and password list using 3 threads and 1 parallel host

brutespray --file nas.gnmap -U /usr/share/wordlists/metasploit/unix_users.txt -P /usr/share/wordlists/metasploit/password.lst --threads 3 --hosts 1

Interactive mode, brute forcing services from nas.gnmap file, prompting for service selection like FTP

brutespray -i -f nas.gnmap

Show usage help with available flags

brutespray -h

List all supported services for bruteforcing

brutespray -S

Target specific service/host/port format for bruteforcing, CIDR ranges supported

brutespray -H mysql://192.168.86.4:3306

Use combo wordlist in 'user:pass' format against services in scan file

brutespray --file scan.gnmap -C user1:pass1

Print found hosts parsed from the provided gnmap file

brutespray -P nas.gnmap

Updated 2026-04-16kali.org ↗