Mass bruteforce community protocols
Information
Easy private script to shortly mass bruteforce frequent companies in a big scale of community.
It would verify for default credentials on ftp, ssh, mysql, mssql…and so on.
This was made for approved pink group penetration testing function solely.
The way it works
- Use
masscan
(sooner than nmap) to seek out alive hosts with frequent ports from community section. - Parse ips and ports from
masscan
consequence. - Craft and run
hydra
instructions to robotically bruteforce supported community companies on gadgets.
Necessities
Kali linux
or any most well-liked linux distributionPython 3.10+
# Clone the repo
git clone https://github.com/opabravo/mass-bruter
cd mass-bruter# Set up required instruments for the script
apt replace && apt set up seclists masscan hydra
How To Use
Personal ip vary :
10.0.0.0/8
,192.168.0.0/16
,172.16.0.0/12
Save masscan outcomes beneath ./consequence/masscan/
, with the format masscan_<identify>.<ext>
Ex: masscan_192.168.0.0-16.txt
Instance command:
masscan -p 3306,1433,21,22,23,445,3389,5900,6379,27017,5432,5984,11211,9200,1521 172.16.0.0/12 | tee ./consequence/masscan/masscan_test.txt
Instance Resume Command:
masscan --resume paused.conf | tee -a ./consequence/masscan/masscan_test.txt
Command Choices
┌──(root㉿root)-[~/mass-bruter]
└─# python3 mass_bruteforce.py
Utilization: [OPTIONS]Mass Bruteforce Script
Choices:
-q, --quick Fast mode (Solely brute telnet, ssh, ftp , mysql,
mssql, postgres, oracle)
-a, --all Brute all companies(Very Sluggish)
-s, --show Present consequence with profitable login
-f, --file-path PATH The listing or file that comprises masscan consequence
[default: ./result/masscan/]
--help Present this message and exit.
Fast Bruteforce Instance:
python3 mass_bruteforce.py -q -f ~/masscan_script.txt
Fetch cracked credentials:
python3 mass_bruteforce.py -s
Todo
- Migrate with
dpl4hydra
- Optimize the code and capabilities
- MultiProcessing
Any contributions are welcomed!