上QQ阅读APP看书,第一时间看更新
How to do it...
Let's perform the following steps:
- Run the following command to install brutespray on Kali:
apt install brutespray
The following screenshot shows the output of the preceding command:
- Once it is installed, we can run the tool with the -h flag to view the list of all features.
- To run a default brute force on all of the services that were discovered by a previously run Nmap scan, we can use the following command:
brutespray --file scan.xml --threads 5
The following screenshot shows the output of the preceding command:
- To run the tool on one particular service, we can use the -s flag and define the service we want to perform a brute force attack on. In the following example, we will use the Nmap scan that was done on a host and only check the default credentials on the FTP service:
brutespray -file scan.xml -t 5 -s ftp
The following screenshot shows the output of the preceding command:
In the preceding screenshot, we can see that the FTP allows anonymous login, which is why the tool gave a success output for the credentials that were shown.