pax_global_header00006660000000000000000000000064132030541140014503gustar00rootroot0000000000000052 comment=0f0b743d160c28ca0b90ef1e6e8d2e5266fe17b6 brutespray-1.6.0/000077500000000000000000000000001320305411400137075ustar00rootroot00000000000000brutespray-1.6.0/LICENSE.md000066400000000000000000000020601320305411400153110ustar00rootroot00000000000000MIT License Copyright (c) [2017] [Shane Young] Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. brutespray-1.6.0/README.md000066400000000000000000000044201320305411400151660ustar00rootroot00000000000000# BruteSpray Created by: Shane Young/@x90skysn3k && Jacob Robles/@shellfail Inspired by: Leon Johnson/@sho-luv Credit to Medusa: JoMo-Kun / Foofus Networks - http://www.foofus.net #### Version - 1.6.0 # Demo https://youtu.be/C-CVLbSEe_g # Description BruteSpray takes nmap GNMAP/XML output and automatically brute-forces services with default credentials using Medusa. BruteSpray can even find non-standard ports by using the -sV inside Nmap. # Installation ```pip install -r requirements.txt``` On Kali: ```apt-get install brutespray``` # Usage First do an nmap scan with ```-oG nmap.gnmap``` or ```-oX nmap.xml```. Command: ```python brutespray.py -h``` Command: ```python brutespray.py --file nmap.gnmap``` Command: ```python brutesrpay.py --file nmap.xml``` Command: ```python brutespray.py --file nmap.xml -i``` ## Examples #### Using Custom Wordlists: ```python brutespray.py --file nmap.gnmap -U /usr/share/wordlist/user.txt -P /usr/share/wordlist/pass.txt --threads 5 --hosts 5``` #### Brute-Forcing Specific Services: ```python brutespray.py --file nmap.gnmap --service ftp,ssh,telnet --threads 5 --hosts 5``` #### Specific Credentials: ```python brutespray.py --file nmap.gnmap -u admin -p password --threads 5 --hosts 5``` #### Continue After Success: ```python brutespray.py --file nmap.gnmap --threads 5 --hosts 5 -c``` #### Use Nmap XML Output ```python brutespray.py --file nmap.xml --threads 5 --hosts 5``` #### Interactive Mode ```python brutespray.py --file nmap.xml -i``` # Supported Services * ssh * ftp * telnet * vnc * mssql * mysql * postgresql * rsh * imap * nntp * pcanywhere * pop3 * rexec * rlogin * smbnt * smtp * svn * vmauthd * snmp # Changelog * v1.6.0 * added support for SNMP * v1.5.3 * adjustments to wordlists * v1.5.2 * change tmp and output directory behavior * v1.5.1 * added check for no services * v1.5 * added interactive mode * v1.4 * added ability to use nmap XML * v1.3 * added the ability to stop on success * added the ability to reference custom userlists and passlists * added the ability to specify specific users & passwords brutespray-1.6.0/brutespray.py000077500000000000000000000414551320305411400164750ustar00rootroot00000000000000#!/usr/bin/python # -*- coding: utf-8 -*- from argparse import RawTextHelpFormatter import readline, glob import sys, time, os import subprocess import xml.dom.minidom import re import argparse import argcomplete import threading import itertools import tempfile import shutil from multiprocessing import Process services = {} loading = False class colors: white = "\033[1;37m" normal = "\033[0;00m" red = "\033[1;31m" blue = "\033[1;34m" green = "\033[1;32m" lightblue = "\033[0;34m" banner = colors.red + r""" #@ @/ @@@ @@@ %@@@ @@@. @@@@@ @@@@% @@@@@ @@@@@ @@@@@@@ @ @@@@@@@ @(@@@@@@@% @@@@@@@ &@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@*@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@ @@@( @@@@@#@@@@@@@@@*@@@,@@@@@@@@@@@@@@@ @@@ @@@@@@ .@@@/@@@@@@@@@@@@@/@@@@ @@@@@@ @@@ @@@@@@@@@@@ @@@ @@@@* ,@@@@@@@@@( ,@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@ @@@.@@@@@@@@@@@@@@@ @@@ @@@@@@ @@@@@ @@@@@@ @@@@@@@@@@@@@ @@ @@@ @@ @@ @@@@@@@ @@ @@% @ @@ """+'\n' \ + r""" ██████╗ ██████╗ ██╗ ██╗████████╗███████╗███████╗██████╗ ██████╗ █████╗ ██╗ ██╗ ██╔══██╗██╔══██╗██║ ██║╚══██╔══╝██╔════╝██╔════╝██╔══██╗██╔══██╗██╔══██╗╚██╗ ██╔╝ ██████╔╝██████╔╝██║ ██║ ██║ █████╗ ███████╗██████╔╝██████╔╝███████║ ╚████╔╝ ██╔══██╗██╔══██╗██║ ██║ ██║ ██╔══╝ ╚════██║██╔═══╝ ██╔══██╗██╔══██║ ╚██╔╝ ██████╔╝██║ ██║╚██████╔╝ ██║ ███████╗███████║██║ ██║ ██║██║ ██║ ██║ ╚═════╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚══════╝╚══════╝╚═╝ ╚═╝ ╚═╝╚═╝ ╚═╝ ╚═╝ """+'\n' \ + '\n brutespray.py v1.6.0' \ + '\n Created by: Shane Young/@x90skysn3k && Jacob Robles/@shellfail' \ + '\n Inspired by: Leon Johnson/@sho-luv' \ + '\n Credit to Medusa: JoMo-Kun / Foofus Networks \n' + colors.normal #ascii art by: Cara Pearson class tabCompleter(object): def pathCompleter(self,text,state): line = readline.get_line_buffer().split() return [x for x in glob.glob(text+'*')][state] def interactive(): t = tabCompleter() singluser = "" if args.interactive is True: print colors.white + "\n\nWelcome to interactive mode!\n\n" + colors.normal print colors.red + "WARNING:" + colors.white + " Leaving an option blank will leave it empty and refer to default\n\n" + colors.normal print "Available services to brute-force:" for serv in services: srv = serv for prt in services[serv]: iplist = services[serv][prt] port = prt plist = len(iplist) print "Service: " + colors.green + str(serv) + colors.normal + " on port " + colors.red + str(port) + colors.normal + " with " + colors.red + str(plist) + colors.normal + " hosts" args.service = raw_input('\n' + colors.lightblue + 'Enter services you want to brute - default all (ssh,ftp,etc): ' + colors.red) args.threads = raw_input(colors.lightblue + 'Enter the number of parallel threads (default is 2): ' + colors.red) args.hosts = raw_input(colors.lightblue + 'Enter the number of parallel hosts to scan per service (default is 1): ' + colors.red) if args.passlist is None or args.userlist is None: customword = raw_input(colors.lightblue + 'Would you like to specify a wordlist? (y/n): ' + colors.red) if customword == "y": readline.set_completer_delims('\t') readline.parse_and_bind("tab: complete") readline.set_completer(t.pathCompleter) if args.userlist is None and args.username is None: args.userlist = raw_input(colors.lightblue + 'Enter a userlist you would like to use: ' + colors.red) if args.userlist == "": args.userlist = None if args.passlist is None and args.password is None: args.passlist = raw_input(colors.lightblue + 'Enter a passlist you would like to use: ' + colors.red) if args.passlist == "": args.passlist = None if args.username is None or args.password is None: singluser = raw_input(colors.lightblue + 'Would to specify a single username or password (y/n): ' + colors.red) if singluser == "y": if args.username is None and args.userlist is None: args.username = raw_input(colors.lightblue + 'Enter a username: ' + colors.red) if args.username == "": args.username = None if args.password is None and args.passlist is None: args.password = raw_input(colors.lightblue + 'Enter a password: ' + colors.red) if args.password == "": args.password = None if args.service == "": args.service = "all" if args.threads == "": args.threads = "2" if args.hosts == "": args.hosts = "1" print colors.normal def make_dic_gnmap(): global loading global services port = None with open(args.file, 'r') as nmap_file: for line in nmap_file: supported = ['ssh','ftp','postgres','telnet','mysql','ms-sql-s','shell','vnc','imap','imaps','nntp','pcanywheredata','pop3','pop3s','exec','login','microsoft-ds','smtp', 'smtps','submission','svn','iss-realsecure','snmptrap','snmp'] for name in supported: matches = re.compile(r'([0-9][0-9]*)/open/[a-z][a-z]*//' + name) try: port = matches.findall(line)[0] except: continue ip = re.findall( r'[0-9]+(?:\.[0-9]+){3}', line) tmp_ports = matches.findall(line) for tmp_port in tmp_ports: if name =="ms-sql-s": name = "mssql" if name == "microsoft-ds": name = "smbnt" if name == "pcanywheredata": name = "pcanywhere" if name == "shell": name = "rsh" if name == "exec": name = "rexec" if name == "login": name = "rlogin" if name == "smtps" or name == "submission": name = "smtp" if name == "imaps": name = "imap" if name == "pop3s": name = "pop3" if name == "iss-realsecure": name = "vmauthd" if name == "snmptrap": name = "snmp" if name in services: if tmp_port in services[name]: services[name][tmp_port] += ip else: services[name][tmp_port] = ip else: services[name] = {tmp_port:ip} loading = True def make_dic_xml(): global loading global services supported = ['ssh','ftp','postgresql','telnet','mysql','ms-sql-s','rsh','vnc','imap','imaps','nntp','pcanywheredata','pop3','pop3s','exec','login','microsoft-ds','smtp','smtps','submission','svn','iss-realsecure','snmptrap','snmp'] doc = xml.dom.minidom.parse(args.file) for host in doc.getElementsByTagName("host"): try: address = host.getElementsByTagName("address")[0] ip = address.getAttribute("addr") eip = ip.encode("utf8") iplist = eip.split(',') except: # move to the next host continue try: status = host.getElementsByTagName("status")[0] state = status.getAttribute("state") except: state = "" try: ports = host.getElementsByTagName("ports")[0] ports = ports.getElementsByTagName("port") except: continue for port in ports: pn = port.getAttribute("portid") state_el = port.getElementsByTagName("state")[0] state = state_el.getAttribute("state") if state == "open": try: service = port.getElementsByTagName("service")[0] port_name = service.getAttribute("name") except: service = "" port_name = "" product_descr = "" product_ver = "" product_extra = "" name = port_name.encode("utf-8") tmp_port = pn.encode("utf-8") if name in supported: if name == "postgresql": name = "postgres" if name =="ms-sql-s": name = "mssql" if name == "microsoft-ds": name = "smbnt" if name == "pcanywheredata": name = "pcanywhere" if name == "shell": name = "rsh" if name == "exec": name = "rexec" if name == "login": name = "rlogin" if name == "smtps" or name == "submission": name = "smtp" if name == "imaps": name = "imap" if name == "pop3s": name = "pop3" if name == "iss-realsecure": name = "vmauthd" if name == "snmptrap": name = "snmp" if name in services: if tmp_port in services[name]: services[name][tmp_port] += iplist else: services[name][tmp_port] = iplist else: services[name] = {tmp_port:iplist} loading = True def brute(service,port,fname,output): if args.userlist is None and args.username is None: userlist = 'wordlist/'+service+'/user' uarg = '-U' elif args.userlist: userlist = args.userlist uarg = '-U' elif args.username: userlist = args.username uarg = '-u' if args.passlist is None and args.password is None: passlist = 'wordlist/'+service+'/password' parg = '-P' elif args.passlist: passlist = args.passlist parg = '-P' elif args.password: passlist = args.password parg = '-p' if args.continuous: cont = '' else: cont = '-F' p = subprocess.Popen(['medusa', '-H', fname, uarg, userlist, parg, passlist, '-M', service, '-t', args.threads, '-n', port, '-T', args.hosts, cont], stdout=subprocess.PIPE, stderr=subprocess.PIPE, bufsize=-1) out = "[" + colors.green + "+" + colors.normal + "] " output_file = output + '/' + service + '-success.txt' for line in iter(p.stdout.readline, b''): print line, sys.stdout.flush() time.sleep(0.0001) if 'SUCCESS' in line: f = open(output_file, 'a') f.write(out + line) f.close() def animate(): t_end = time.time() + 2 for c in itertools.cycle(['|', '/', '-', '\\']): if not time.time() < t_end: break sys.stdout.write('\rStarting to brute, please make sure to use the right amount of threads(-t) and parallel hosts(-T)... ' + c) sys.stdout.flush() time.sleep(0.1) sys.stdout.write('\n\nBrute-Forcing... \n') time.sleep(1) def loading(): for c in itertools.cycle(['|', '/', '-', '\\']): if loading == True: break sys.stdout.write('\rLoading File: ' + c) sys.stdout.flush() time.sleep(0.01) def parse_args(): parser = argparse.ArgumentParser(formatter_class=RawTextHelpFormatter, description=\ "Usage: python brutespray.py \n") menu_group = parser.add_argument_group(colors.lightblue + 'Menu Options' + colors.normal) menu_group.add_argument('-f', '--file', help="GNMAP or XML file to parse", required=True) menu_group.add_argument('-o', '--output', help="Directory containing successful attempts", default="brutespray-output") menu_group.add_argument('-s', '--service', help="specify service to attack", default="all") menu_group.add_argument('-t', '--threads', help="number of medusa threads", default="2") menu_group.add_argument('-T', '--hosts', help="number of hosts to test concurrently", default="1") menu_group.add_argument('-U', '--userlist', help="reference a custom username file", default=None) menu_group.add_argument('-P', '--passlist', help="reference a custom password file", default=None) menu_group.add_argument('-u', '--username', help="specify a single username", default=None) menu_group.add_argument('-p', '--password', help="specify a single password", default=None) menu_group.add_argument('-c', '--continuous', help="keep brute-forcing after success", default=False, action='store_true') menu_group.add_argument('-i', '--interactive', help="interactive mode", default=False, action='store_true') argcomplete.autocomplete(parser) args = parser.parse_args() return args if __name__ == "__main__": print(banner) args = parse_args() #temporary directory for ip addresses try: tmppath = tempfile.mkdtemp(prefix="brutespray-tmp") except: sys.stderr.write("\nError while creating brutespray temp directory.") exit(4) if not os.path.exists(args.output): os.mkdir(args.output) if os.system("command -v medusa > /dev/null") != 0: sys.stderr.write("Command medusa not found. Please install medusa before using brutespray") exit(3) try: t = threading.Thread(target=loading) t.start() doc = xml.dom.minidom.parse(args.file) make_dic_xml() except: make_dic_gnmap() if args.interactive is True: interactive() animate() if services == {}: print "\nNo brutable services found.\n Please check your Nmap file." to_scan = args.service.split(',') for service in services: if service in to_scan or to_scan == ['all']: for port in services[service]: fname = tmppath + '/' +service + '-' + port iplist = services[service][port] f = open(fname, 'w+') for ip in iplist: f.write(ip + '\n') f.close() brute_process = Process(target=brute, args=(service,port,fname,args.output)) brute_process.start() #need to wait for all of the processes to run... #shutil.rmtree(tmppath, ignore_errors=False, onerror=None) brutespray-1.6.0/requirements.txt000066400000000000000000000001731320305411400171740ustar00rootroot00000000000000argcomplete==1.8.1 pyscreenshot==0.4.2 pytesseract==0.1.7 lxml==3.8.0 requests==2.12.4 Pillow==4.2.1 beautifulsoup4==4.6.0 brutespray-1.6.0/wordlist/000077500000000000000000000000001320305411400155565ustar00rootroot00000000000000brutespray-1.6.0/wordlist/ftp/000077500000000000000000000000001320305411400163475ustar00rootroot00000000000000brutespray-1.6.0/wordlist/ftp/password000066400000000000000000000004261320305411400201360ustar00rootroot0000000000000012345 123456 123qwe abc123 admin agata bill cvsadm eqidemo ftp ftp123 ftpuser info john marketing mike mysql news nobody oracle password qwerty root spam sysadm system techsupport test test1 test123 test2 test3 test4 tester testing testuser uploader user web webadmin webmaster brutespray-1.6.0/wordlist/ftp/user000066400000000000000000000001151320305411400172450ustar00rootroot00000000000000anonymous oracle root test uploader john bill mike agata ftp admin marketing brutespray-1.6.0/wordlist/imap/000077500000000000000000000000001320305411400165045ustar00rootroot00000000000000brutespray-1.6.0/wordlist/imap/password000066400000000000000000000014271320305411400202750ustar00rootroot00000000000000123456 123456789 password adobe123 12345678 qwerty 1234567 111111 photoshop 123123 1234567890 000000 abc123 1234 adobe1 macromedia azerty iloveyou aaaaaa 654321 12345 666666 sunshine 123321 letmein monkey asdfgh password1 shadow princess dragon adobeadobe daniel computer michael 121212 charlie master superman qwertyuiop 112233 asdfasdf jessica 1q2w3e4r welcome 1qaz2wsx 987654321 fdsa 753951 chocolate fuckyou soccer tigger asdasd thomas asdfghjkl internet michelle football 123qwe zxcvbnm dreamweaver 7777777 maggie qazwsx baseball jennifer jordan abcd1234 trustno1 buster 555555 liverpool abc whatever 11111111 102030 123123123 andrea pepper nicole killer abcdef hannah test alexander andrew 222222 joshua freedom samsung asdfghj purple ginger 123654 matrix secret summer 1q2w3e snoopy1 brutespray-1.6.0/wordlist/imap/user000066400000000000000000000001431320305411400174030ustar00rootroot00000000000000admin manager root cisco apc pass security user system sys wampp newuser xampp-dav-unsecure vagrantbrutespray-1.6.0/wordlist/mssql/000077500000000000000000000000001320305411400167155ustar00rootroot00000000000000brutespray-1.6.0/wordlist/mssql/password000066400000000000000000000000341320305411400204770ustar00rootroot00000000000000Password123 admin password brutespray-1.6.0/wordlist/mssql/user000066400000000000000000000000161320305411400176130ustar00rootroot00000000000000sa root admin brutespray-1.6.0/wordlist/mysql/000077500000000000000000000000001320305411400167235ustar00rootroot00000000000000brutespray-1.6.0/wordlist/mysql/password000066400000000000000000000000321320305411400205030ustar00rootroot00000000000000password admin root toor brutespray-1.6.0/wordlist/mysql/user000066400000000000000000000000131320305411400176160ustar00rootroot00000000000000root admin brutespray-1.6.0/wordlist/nntp/000077500000000000000000000000001320305411400165355ustar00rootroot00000000000000brutespray-1.6.0/wordlist/nntp/password000066400000000000000000000014271320305411400203260ustar00rootroot00000000000000123456 123456789 password adobe123 12345678 qwerty 1234567 111111 photoshop 123123 1234567890 000000 abc123 1234 adobe1 macromedia azerty iloveyou aaaaaa 654321 12345 666666 sunshine 123321 letmein monkey asdfgh password1 shadow princess dragon adobeadobe daniel computer michael 121212 charlie master superman qwertyuiop 112233 asdfasdf jessica 1q2w3e4r welcome 1qaz2wsx 987654321 fdsa 753951 chocolate fuckyou soccer tigger asdasd thomas asdfghjkl internet michelle football 123qwe zxcvbnm dreamweaver 7777777 maggie qazwsx baseball jennifer jordan abcd1234 trustno1 buster 555555 liverpool abc whatever 11111111 102030 123123123 andrea pepper nicole killer abcdef hannah test alexander andrew 222222 joshua freedom samsung asdfghj purple ginger 123654 matrix secret summer 1q2w3e snoopy1 brutespray-1.6.0/wordlist/nntp/user000066400000000000000000000001431320305411400174340ustar00rootroot00000000000000admin manager root cisco apc pass security user system sys wampp newuser xampp-dav-unsecure vagrantbrutespray-1.6.0/wordlist/pcanywhere/000077500000000000000000000000001320305411400177235ustar00rootroot00000000000000brutespray-1.6.0/wordlist/pcanywhere/password000066400000000000000000000014371320305411400215150ustar00rootroot00000000000000123456 123456789 password adobe123 12345678 qwerty 1234567 111111 photoshop 123123 1234567890 000000 abc123 1234 adobe1 macromedia azerty iloveyou aaaaaa 654321 12345 666666 sunshine 123321 letmein monkey asdfgh password1 shadow princess dragon adobeadobe daniel computer michael 121212 charlie master superman qwertyuiop 112233 asdfasdf jessica 1q2w3e4r welcome 1qaz2wsx 987654321 fdsa 753951 chocolate fuckyou soccer tigger asdasd thomas asdfghjkl internet michelle football 123qwe zxcvbnm dreamweaver 7777777 maggie qazwsx baseball jennifer jordan abcd1234 trustno1 buster 555555 liverpool abc whatever 11111111 102030 123123123 andrea pepper nicole killer abcdef hannah test alexander andrew 222222 joshua freedom samsung asdfghj purple ginger 123654 matrix secret summer 1q2w3e snoopy1 recover brutespray-1.6.0/wordlist/pcanywhere/user000066400000000000000000000001551320305411400206250ustar00rootroot00000000000000admin manager root cisco apc pass security user system sys wampp newuser xampp-dav-unsecure vagrant symantec brutespray-1.6.0/wordlist/postgres/000077500000000000000000000000001320305411400174245ustar00rootroot00000000000000brutespray-1.6.0/wordlist/postgres/password000066400000000000000000000001101320305411400212010ustar00rootroot00000000000000postgres root toor password Password1 password1 Password123 password123 brutespray-1.6.0/wordlist/postgres/user000066400000000000000000000000241320305411400203210ustar00rootroot00000000000000root admin postgres brutespray-1.6.0/wordlist/rexec/000077500000000000000000000000001320305411400166645ustar00rootroot00000000000000brutespray-1.6.0/wordlist/rexec/password000066400000000000000000000014271320305411400204550ustar00rootroot00000000000000123456 123456789 password adobe123 12345678 qwerty 1234567 111111 photoshop 123123 1234567890 000000 abc123 1234 adobe1 macromedia azerty iloveyou aaaaaa 654321 12345 666666 sunshine 123321 letmein monkey asdfgh password1 shadow princess dragon adobeadobe daniel computer michael 121212 charlie master superman qwertyuiop 112233 asdfasdf jessica 1q2w3e4r welcome 1qaz2wsx 987654321 fdsa 753951 chocolate fuckyou soccer tigger asdasd thomas asdfghjkl internet michelle football 123qwe zxcvbnm dreamweaver 7777777 maggie qazwsx baseball jennifer jordan abcd1234 trustno1 buster 555555 liverpool abc whatever 11111111 102030 123123123 andrea pepper nicole killer abcdef hannah test alexander andrew 222222 joshua freedom samsung asdfghj purple ginger 123654 matrix secret summer 1q2w3e snoopy1 brutespray-1.6.0/wordlist/rexec/user000066400000000000000000000001431320305411400175630ustar00rootroot00000000000000admin manager root cisco apc pass security user system sys wampp newuser xampp-dav-unsecure vagrantbrutespray-1.6.0/wordlist/rlogin/000077500000000000000000000000001320305411400170505ustar00rootroot00000000000000brutespray-1.6.0/wordlist/rlogin/password000066400000000000000000000014271320305411400206410ustar00rootroot00000000000000123456 123456789 password adobe123 12345678 qwerty 1234567 111111 photoshop 123123 1234567890 000000 abc123 1234 adobe1 macromedia azerty iloveyou aaaaaa 654321 12345 666666 sunshine 123321 letmein monkey asdfgh password1 shadow princess dragon adobeadobe daniel computer michael 121212 charlie master superman qwertyuiop 112233 asdfasdf jessica 1q2w3e4r welcome 1qaz2wsx 987654321 fdsa 753951 chocolate fuckyou soccer tigger asdasd thomas asdfghjkl internet michelle football 123qwe zxcvbnm dreamweaver 7777777 maggie qazwsx baseball jennifer jordan abcd1234 trustno1 buster 555555 liverpool abc whatever 11111111 102030 123123123 andrea pepper nicole killer abcdef hannah test alexander andrew 222222 joshua freedom samsung asdfghj purple ginger 123654 matrix secret summer 1q2w3e snoopy1 brutespray-1.6.0/wordlist/rlogin/user000066400000000000000000000001431320305411400177470ustar00rootroot00000000000000admin manager root cisco apc pass security user system sys wampp newuser xampp-dav-unsecure vagrantbrutespray-1.6.0/wordlist/rsh/000077500000000000000000000000001320305411400163525ustar00rootroot00000000000000brutespray-1.6.0/wordlist/rsh/password000066400000000000000000000006051320305411400201400ustar00rootroot00000000000000root !root Cisco NeXT QNX admin attack ax400 bagabu blablabla blender brightmail calvin changeme changethis default fibranne honey jstwo kn1TG7psLu letacla mpegvideo nsi par0t pass password pixmet2003 resumix root rootme rootpass t00lk1t tini toor trendimsa1.0 tslinux uClinux vertex25 owaspbwa permit ascend ROOT500 cms500 fivranne davox letmein powerapp dbps ibm monitor turnkey vagrant brutespray-1.6.0/wordlist/rsh/user000066400000000000000000000000051320305411400172460ustar00rootroot00000000000000root brutespray-1.6.0/wordlist/smbnt/000077500000000000000000000000001320305411400167015ustar00rootroot00000000000000brutespray-1.6.0/wordlist/smbnt/password000066400000000000000000000014271320305411400204720ustar00rootroot00000000000000123456 123456789 password adobe123 12345678 qwerty 1234567 111111 photoshop 123123 1234567890 000000 abc123 1234 adobe1 macromedia azerty iloveyou aaaaaa 654321 12345 666666 sunshine 123321 letmein monkey asdfgh password1 shadow princess dragon adobeadobe daniel computer michael 121212 charlie master superman qwertyuiop 112233 asdfasdf jessica 1q2w3e4r welcome 1qaz2wsx 987654321 fdsa 753951 chocolate fuckyou soccer tigger asdasd thomas asdfghjkl internet michelle football 123qwe zxcvbnm dreamweaver 7777777 maggie qazwsx baseball jennifer jordan abcd1234 trustno1 buster 555555 liverpool abc whatever 11111111 102030 123123123 andrea pepper nicole killer abcdef hannah test alexander andrew 222222 joshua freedom samsung asdfghj purple ginger 123654 matrix secret summer 1q2w3e snoopy1 brutespray-1.6.0/wordlist/smbnt/user000066400000000000000000000001431320305411400176000ustar00rootroot00000000000000admin manager root cisco apc pass security user system sys wampp newuser xampp-dav-unsecure vagrantbrutespray-1.6.0/wordlist/smtp/000077500000000000000000000000001320305411400165415ustar00rootroot00000000000000brutespray-1.6.0/wordlist/smtp/password000066400000000000000000000014271320305411400203320ustar00rootroot00000000000000123456 123456789 password adobe123 12345678 qwerty 1234567 111111 photoshop 123123 1234567890 000000 abc123 1234 adobe1 macromedia azerty iloveyou aaaaaa 654321 12345 666666 sunshine 123321 letmein monkey asdfgh password1 shadow princess dragon adobeadobe daniel computer michael 121212 charlie master superman qwertyuiop 112233 asdfasdf jessica 1q2w3e4r welcome 1qaz2wsx 987654321 fdsa 753951 chocolate fuckyou soccer tigger asdasd thomas asdfghjkl internet michelle football 123qwe zxcvbnm dreamweaver 7777777 maggie qazwsx baseball jennifer jordan abcd1234 trustno1 buster 555555 liverpool abc whatever 11111111 102030 123123123 andrea pepper nicole killer abcdef hannah test alexander andrew 222222 joshua freedom samsung asdfghj purple ginger 123654 matrix secret summer 1q2w3e snoopy1 brutespray-1.6.0/wordlist/smtp/user000066400000000000000000000001431320305411400174400ustar00rootroot00000000000000admin manager root cisco apc pass security user system sys wampp newuser xampp-dav-unsecure vagrantbrutespray-1.6.0/wordlist/ssh/000077500000000000000000000000001320305411400163535ustar00rootroot00000000000000brutespray-1.6.0/wordlist/ssh/password000066400000000000000000000006051320305411400201410ustar00rootroot00000000000000root !root Cisco NeXT QNX admin attack ax400 bagabu blablabla blender brightmail calvin changeme changethis default fibranne honey jstwo kn1TG7psLu letacla mpegvideo nsi par0t pass password pixmet2003 resumix root rootme rootpass t00lk1t tini toor trendimsa1.0 tslinux uClinux vertex25 owaspbwa permit ascend ROOT500 cms500 fivranne davox letmein powerapp dbps ibm monitor turnkey vagrant brutespray-1.6.0/wordlist/ssh/user000066400000000000000000000000201320305411400172440ustar00rootroot00000000000000root admin user brutespray-1.6.0/wordlist/svn/000077500000000000000000000000001320305411400163645ustar00rootroot00000000000000brutespray-1.6.0/wordlist/svn/password000066400000000000000000000014271320305411400201550ustar00rootroot00000000000000123456 123456789 password adobe123 12345678 qwerty 1234567 111111 photoshop 123123 1234567890 000000 abc123 1234 adobe1 macromedia azerty iloveyou aaaaaa 654321 12345 666666 sunshine 123321 letmein monkey asdfgh password1 shadow princess dragon adobeadobe daniel computer michael 121212 charlie master superman qwertyuiop 112233 asdfasdf jessica 1q2w3e4r welcome 1qaz2wsx 987654321 fdsa 753951 chocolate fuckyou soccer tigger asdasd thomas asdfghjkl internet michelle football 123qwe zxcvbnm dreamweaver 7777777 maggie qazwsx baseball jennifer jordan abcd1234 trustno1 buster 555555 liverpool abc whatever 11111111 102030 123123123 andrea pepper nicole killer abcdef hannah test alexander andrew 222222 joshua freedom samsung asdfghj purple ginger 123654 matrix secret summer 1q2w3e snoopy1 brutespray-1.6.0/wordlist/svn/user000066400000000000000000000001431320305411400172630ustar00rootroot00000000000000admin manager root cisco apc pass security user system sys wampp newuser xampp-dav-unsecure vagrantbrutespray-1.6.0/wordlist/telnet/000077500000000000000000000000001320305411400170515ustar00rootroot00000000000000brutespray-1.6.0/wordlist/telnet/password000066400000000000000000000063271320305411400206460ustar00rootroot00000000000000 0 0P3N 10023 1064 1111 123 1234 12345 123456 1234admin 12871 1502 166816 21241036 2222 22222 240653C9467E45 266344 2 + last 4 of Audio 31994 3477 3ascotel 3ep5w2u 3ware 456 4getme2 4tas 5678 56789 5777364 8111 8429 9999 abc123 acc access adfexc admin Admin admin00 admin_1 admin123 administrator ADMINISTRATOR adminttd admn adslolitec adslroot adtran ADTRAN AitbISP4eCiG and 2000 Series anicust ANS#150 any@ apc articon asante Asante ascend Ascend asd at4400 atc123 atlantis attack backdoor barricade bciimpw bcimpw bcmspw bcnaspw bcpb+serial# bintec blender bluepw BRIDGE browsepw cacadmin calvin CAROLIAN cascade CCC ccrusr cellit cgadmin changeme changeme2 changeme (exclamation) $chwarzepumpe cisco Cisco _Cisco citel client cmaker cms500 CNAS COGNOS col1ma Col2ogro2 comcomcom connect CONV corecess craft craftpw crftpw custpw d1scovery dadmin01 danger davox default detmond device dhs3mt dhs3pms diamond DISC D-Link draadloos @dsl_xilno e250changeme e500changeme engineer enquirypw enter epicrouter Exabyte expert expert03 extendnet Fact4EMC field FIELD.SUPPORT Fireport fivranne friend ganteng Geardog gen1 gen2 ggdaseuaimhrke GlobalAdmin guest h179350 hagpolm1 hawk201 hello help help1954 Helpdesk highspeed HP hp.com HPDESK HPOFFICE HPOFFICE DATA HPONLY HPP187 HPP187 SYS HPP189 HPP196 HPWORD PUB hs7mwxkk hsadb HTTP iDirect ILMI images imss7.0 inads indspw infrant1 initpw installer intel Intel intermec INTX3 ironport isee isp ITF3000 jannie JDE kermit kilo1987 l2 l3 laflaf lantronix letacla letmein leviton linga live llatsni locatepw looker LOTUS lp lucenttech1 lucenttech2 m1122 MAIL maint maintpw !manage manager Manager MANAGER MANAGER.SYS master Master masterkey Mau’dib mediator medion Menara mercury MGR MGR.SYS michelangelo microbusiness MiniAP mlusr monitor mono motorola MPE MServer mtch mtcl mu Multi my_DEMARC mysweex n/a naadmin NAU netadmin NETBASE NetCache netgear1 NetICs netman netopia netscreen NetSurvibox NetVCR NETWORK NICONEX nimdaten nmspw nokai nokia su@psir noway ntacdmax NULL OCS often blank OkiLAN op operator OP.OPERATOR orion99 otbu+1 p1nacate P@55w0rd! pass PASS PASSW0RD password Password PASSWORD password1 passwort patrol PBX pbxk1064 pento permit pfsense pilou piranha PlsChgMe Posterie private PRODDTA Protector public public/private/secret pwp q R1QTPS radius radware raidzone rcustpw recovery redips REGO REMOTE replicator RIP000 RJE rmnetlm ro ROBELLE root ROOT500 router r@p8p0r+ RSX rw rwa rwmaint scmchangeme scout secret secure $secure$ security SECURITY serial# Serv4EMC service SERVICE SESAME setup Sharp sitecom SKY_FOX smallbusiness smcadmin SMDR smile snmp-Trap software01 specialist speedxess SpIp SSA star stratauser super Super SUPER superuser supervisor support SUPPORT supportpw surt switch symbol Symbol synnet sys SYS sysadm sysadmin sysAdmin sys/change_on_install system SYSTEM talent TANDBERG TCH tech telco telecom Telecom TELESUP tellabs#1 TENmanUFactOryPOWER the 6 last digit of the the same all over tiaranet tiger123 timely tini tivonpw TJM tlah trancell truetime tslinux tuxalize UI-PSWD-01 UI-PSWD-02 uplink user User VESOFT visual volition w0rkplac3rul3s w2402 wampp webadmin wg winterm Wireless wlsedb wlsepassword WORD wrgg15_di524 wyse x40rocks x-admin xbox xd xdfk9874t3 XLSERVER xxyyzz xyzzy zoomadsl brutespray-1.6.0/wordlist/telnet/user000066400000000000000000000035601320305411400177560ustar00rootroot00000000000000 – 11111 1234 1500 1502 1.79 192.168.1.1 60020 266344 31994 3comcso aaa acc adfexc adm admin Admin admin2 administrator Administrator ADMINISTRATOR adminstat adminstrator adminttd adminuser adminview ADMN ADSL ADVMAIL Alphanetworks ami anonymous Anonymous Any (any 3 characters) apc at4400 bbsd-client bciim bcim bcms bcnas (blank) blue browse cablecom cac_admin ccrusr cellit cgadmin cisco Cisco CISCO15 citel Clarissa client cmaker comcast corecess craft CSG cusadmin cust customer dadmin davox debug d.e.b.u.g defug deskalt deskman desknorm deskres device dhs3mt dhs3pms diag disttech D-Link draytek DTA e250 e500 echo edimax enable eng engmode enquiry expert factory Factory field FIELD ftp_admi ftp_inst ftp_nmc ftp_oper ftpuser Gearguy GEN1 GEN2 GlobalAdmin guest Guest halt HELLO helpdesk hsa hscroot HTTP hydrasna iclock images inads init install installer integrator intel intermec IntraStack IntraSwitch isp jagadmin JDE kermit l2 l3 live locate login lp LUCENT01 LUCENT02 m1122 mac MAIL maint maintainer manage manager Manager MANAGER manuf McdataSE MD110 MDaemon mediator Menara MGR MICRO mlusr monitor mso mtch mtcl n/a naadmin NAU netadmin netman NETOP netopia netrangr netscreen NETWORK newuser NICONEX nms nmt op operator OPERATOR patrol PBX PCUSER PFCUser piranha pmd poll Polycom PRODDTA PSEAdmin public radware rapport rcust readonly readwrite recovery replicator RMUser1 ro root !root Root RSBCMON rw rwa sa scmadmin scout security serial# service Service setup smc spcl SPOOLMAN SSA storwatch stratacom su super superadmin superman super.super superuser SUPERUSER supervisor support sweex sys sysadm SYSADM sysadmin SYSDBA system system/manager target teacher tech technician telco telecom tellabs temp1 tiara tiger TMAR#HWMT8007079 topicalt topicnorm topicres Type User: FORCE user User USERID vcr veda VNC volition vt100 webadmin websecadm wlse wlseuser WP wradmin write xbox xd brutespray-1.6.0/wordlist/vmauthd/000077500000000000000000000000001320305411400172265ustar00rootroot00000000000000brutespray-1.6.0/wordlist/vmauthd/password000066400000000000000000000014271320305411400210170ustar00rootroot00000000000000123456 123456789 password adobe123 12345678 qwerty 1234567 111111 photoshop 123123 1234567890 000000 abc123 1234 adobe1 macromedia azerty iloveyou aaaaaa 654321 12345 666666 sunshine 123321 letmein monkey asdfgh password1 shadow princess dragon adobeadobe daniel computer michael 121212 charlie master superman qwertyuiop 112233 asdfasdf jessica 1q2w3e4r welcome 1qaz2wsx 987654321 fdsa 753951 chocolate fuckyou soccer tigger asdasd thomas asdfghjkl internet michelle football 123qwe zxcvbnm dreamweaver 7777777 maggie qazwsx baseball jennifer jordan abcd1234 trustno1 buster 555555 liverpool abc whatever 11111111 102030 123123123 andrea pepper nicole killer abcdef hannah test alexander andrew 222222 joshua freedom samsung asdfghj purple ginger 123654 matrix secret summer 1q2w3e snoopy1 brutespray-1.6.0/wordlist/vmauthd/user000066400000000000000000000001431320305411400201250ustar00rootroot00000000000000admin manager root cisco apc pass security user system sys wampp newuser xampp-dav-unsecure vagrantbrutespray-1.6.0/wordlist/vnc/000077500000000000000000000000001320305411400163445ustar00rootroot00000000000000brutespray-1.6.0/wordlist/vnc/password000066400000000000000000000000441320305411400201270ustar00rootroot00000000000000password Password1 password1 admin brutespray-1.6.0/wordlist/vnc/user000066400000000000000000000000141320305411400172400ustar00rootroot00000000000000 admin root