Mass bruteforce network protocols
Simple POC to quickly mass bruteforce common services in a large scale of network.
It will check for default credentials on ftp, ssh, mysql, mssql...etc.
This was made for authorized penetration testing purpose only.
- Use
masscan(faster than nmap) to find alive hosts with common ports from network segment. - Parse ips and ports from
masscanresult. - Craft and run
hydracommands to automatically bruteforce supported network services on devices.
Kali linuxor any preferred linux distributionPython 3.10+
# Install required tools for the script
apt update && apt install seclists masscan hydra
# Clone the repo
git clone https://github.com/opabravo/mass-bruter
cd mass-bruterFor example, target a network segment:
Private ip range :
10.0.0.0/8,192.168.0.0/16,172.16.0.0/12
Scan devices and ports from 172.16.0.0/12, then save output to ./result/masscan/masscan_<any_name>.<any_ext>
masscan -p 3306,1433,21,22,23,445,3389,5900,6379,27017,5432,5984,11211,9200,1521 172.16.0.0/12 | tee ./result/masscan/masscan_test.txtPS : To resume a previous scan:
masscan --resume paused.conf | tee -a ./result/masscan/masscan_test.txtLoad masscan result then start bruteforcing:
python3 mass_bruteforce.py -q -f ~/masscan_script.txt
Fetch cracked credentials:
python3 mass_bruteforce.py -s
┌──(root㉿root)-[~/mass-bruter]
└─# python3 mass_bruteforce.py
Usage: [OPTIONS]
Mass Bruteforce Script
Options:
-q, --quick Quick mode (Only brute telnet, ssh, ftp , mysql,
mssql, postgres, oracle)
-a, --all Brute all services(Very Slow)
-s, --show Show result with successful login
-f, --file-path PATH The directory or file that contains masscan result
[default: ./result/masscan/]
--help Show this message and exit.- Migrate with
dpl4hydra - Optimize the code and functions
- MultiProcessing
Any contributions are welcomed!