Mass-Bruter – Mass Bruteforce Network Protocols

November 26, 2023

79dfd91a8d0ada05bbf4c851901ef2b35535d40bbadfd2355fb844153c58296a


Mass bruteforce network protocols

Info

Simple personal script to quickly mass bruteforce common services in a large scale of network.
It will check for default credentials on ftp, ssh, mysql, mssql…etc.
This was made for authorized red team penetration testing purpose only.


How it works

  1. Use masscan(faster than nmap) to find alive hosts with common ports from network segment.
  2. Parse ips and ports from masscan result.
  3. Craft and run hydra commands to automatically bruteforce supported network services on devices.

Requirements

  • Kali linux or any preferred linux distribution
  • Python 3.10+
# Clone the repo
git clone https://github.com/opabravo/mass-bruter
cd mass-bruter

# Install required tools for the script
apt update && apt install seclists masscan hydra

How To Use

Private ip range : 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12

Save masscan results under ./result/masscan/, with the format masscan_<name>.<ext>

Ex: masscan_192.168.0.0-16.txt

Example command:

masscan -p 3306,1433,21,22,23,445,3389,5900,6379,27017,5432,5984,11211,9200,1521 172.16.0.0/12 | tee ./result/masscan/masscan_test.txt

Example Resume Command:

masscan --resume paused.conf | tee -a ./result/masscan/masscan_test.txt

Command Options

Bruteforce Script Options: -q, –quick Quick mode (Only brute telnet, ssh, ftp , mysql, mssql, postgres, oracle) -a, –all Brute all services(Very Slow) -s, –show Show result with successful login -f, –file-path PATH The directory or file that contains masscan result [default: ./result/masscan/] –help Show this message and exit.” dir=”auto”>
┌──(root㉿root)-[~/mass-bruter]
└─# python3 mass_bruteforce.py
Usage:  [OPTIONS]

  Mass Bruteforce Script

Options:
  -q, --quick           Quick mode (Only brute telnet, ssh, ftp , mysql,
                        mssql, postgres, oracle)
  -a, --all             Brute all services(Very Slow)
  -s, --show            Show result with successful login
  -f, --file-path PATH  The directory or file that contains masscan result
                        [default: ./result/masscan/]
  --help                Show this message and exit.

Quick Bruteforce Example:

python3 mass_bruteforce.py -q -f ~/masscan_script.txt

98f16400d72ceb310515a6aabc140ab5376a9333cde00f1ce1b39b94f1638d6f

Fetch cracked credentials:

python3 mass_bruteforce.py -s

04e2be26848435f5d557588333ec2bae208f5e15c3792964df6697d45846158e

Todo

  • Migrate with dpl4hydra
  • Optimize the code and functions
  • MultiProcessing

Any contributions are welcomed!



A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

 To keep up to date follow us on the below channels.

Tags: , , , ,

You may have missed

CISA Logo

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

May 3, 2024
CISA Logo

CISA: CISA Releases Eight Industrial Control Systems Advisories

May 3, 2024
CISA Logo

CISA: CISA Releases Three Industrial Control Systems Advisories

May 3, 2024
CISA Logo

CISA: CISA Adds Three Known Exploited Vulnerabilities to Catalog

May 3, 2024
CISA Logo

CISA: Cisco Releases Security Updates Addressing ArcaneDoor, Vulnerabilities in Cisco Firewall Platforms

May 3, 2024