pax_global_header00006660000000000000000000000064143305357410014517gustar00rootroot0000000000000052 comment=4838ada7b1a0ce98744a723ace861abe4d62a54c brutespray-brutespray-1.8.1/000077500000000000000000000000001433053574100161245ustar00rootroot00000000000000brutespray-brutespray-1.8.1/CHANGELOG.md000066400000000000000000000032341433053574100177370ustar00rootroot00000000000000# Changelog * v1.8.1 * minor spelling fix * requirements update * dependency clean * banner changes * v1.8 * added ability to parse Nexpose "XML Export" * added ability to parse Nessus ".nessus" files * added set() to iplist to ensure unique only * v1.7.0 * added `-w` medusa debug option * updated to v1.7.0 for auto builds * v1.6.9 * merged combo option and other fixes from @c-f (thank you) * added medusa verbosity `-v 1-6` * adjusted multiprocess buffer * updated some wordlists * updated readme * fixed MacOS subprocess arguments not being passed * v1.6.8 * added option to supress large banner * v1.6.7 * Check for wordlist in local directory * v1.6.6 * Integrated JSON support thanks to c-f * v1.6.5 * updated for python3 compatibility * switched to ElementTree XML API * rewrote xml parsing and fixed bugs * updated wordlists * v1.6.4 * use dictionary for name conversion * v1.6.3 * changes default smtp values * v1.6.2 * added file and path error checking * smtp auth args added * enabled piping medusa errors out * v1.6.1 * added output folder location verbage * -m dumps modules available * error checking when loading file * v1.6.0 * added support for SNMP * v1.5.3 * adjustments to wordlists * v1.5.2 * change tmp and output directory behavior * v1.5.1 * added check for no services * v1.5 * added interactive mode * v1.4 * added ability to use nmap XML * v1.3 * added the ability to stop on success * added the ability to reference custom userlists and passlists * added the ability to specify specific users & passwords brutespray-brutespray-1.8.1/LICENSE.md000066400000000000000000000020601433053574100175260ustar00rootroot00000000000000MIT License Copyright (c) [2017] [Shane Young] Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. brutespray-brutespray-1.8.1/README.md000066400000000000000000000056561433053574100174170ustar00rootroot00000000000000# BruteSpray ![Supported Python versions](https://img.shields.io/badge/python-3.7+-blue.svg) ![Version](https://img.shields.io/badge/Version-1.8.1-red) Created by: Shane Young/@t1d3nio && Jacob Robles/@shellfail Inspired by: Leon Johnson/@sho-luv Credit to Medusa: JoMo-Kun / Foofus Networks - http://www.foofus.net # Demo https://youtu.be/C-CVLbSEe_g # Description BruteSpray takes Nmap GNMAP/XML output, newline separated JSON, Nexpose `XML Export` output or Nessus `.nessus` exports and automatically brute-forces services with default credentials using Medusa. BruteSpray finds non-standard ports, make sure to use `-sV` with Nmap. Brutespray uses Python standard libraries. # Installation ```pip install -r requirements.txt``` On Kali: ```apt-get install brutespray``` # Usage If using Nmap, scan with ```-oG nmap.gnmap``` or ```-oX nmap.xml```. If using Nexpose, export the template `XML Export`. If using Nessus, export your `.nessus` file. Command: ```python brutespray.py -h``` Command: ```python brutespray.py --file nmap.gnmap``` Command: ```python brutespray.py --file nmap.xml``` Command: ```python brutespray.py --file nmap.xml -i``` ## Examples #### Using Custom Wordlists: ```python brutespray.py --file nmap.gnmap -U /usr/share/wordlist/user.txt -P /usr/share/wordlist/pass.txt --threads 5 --hosts 5``` #### Brute-Forcing Specific Services: ```python brutespray.py --file nmap.gnmap --service ftp,ssh,telnet --threads 5 --hosts 5``` #### Specific Credentials: ```python brutespray.py --file nmap.gnmap -u admin -p password --threads 5 --hosts 5``` #### Continue After Success: ```python brutespray.py --file nmap.gnmap --threads 5 --hosts 5 -c``` #### Use Nmap XML Output ```python brutespray.py --file nmap.xml --threads 5 --hosts 5``` #### Use JSON Output ```python brutespray.py --file out.json --threads 5 --hosts 5``` #### Interactive Mode ```python brutespray.py --file nmap.xml -i``` # Supported Services * ssh * ftp * telnet * vnc * mssql * mysql * postgresql * rsh * imap * nntp * pcanywhere * pop3 * rexec * rlogin * smbnt * smtp * svn * vmauthd * snmp # Data Specs ```json {"host":"127.0.0.1","port":"3306","service":"mysql"} {"host":"127.0.0.10","port":"3306","service":"mysql"} ... ``` If using Nexpose, export the template `XML Export`. If using Nessus, export your `.nessus` file. # Combo Option When you specify a combo option `-C`, it will read the specified file and attempt the host:user:pass on each discovered service from Nmap. If you just want to specify only a username and password leave the host blank as shown below. ``` :user:pass :user1:pass1 ``` or ``` 127.0.0.1:user:pass 127.0.0.10:user1:pass1 ``` # Changelog Changelog notes are available at [CHANGELOG.md](https://github.com/x90skysn3k/brutespray/blob/master/CHANGELOG.md) brutespray-brutespray-1.8.1/brutespray.py000077500000000000000000000537371433053574100207200ustar00rootroot00000000000000#! /usr/bin/python3 # -*- coding: utf-8 -*- from argparse import RawTextHelpFormatter import readline, glob import sys, time, os import subprocess import xml.etree.ElementTree as ET import re import argparse import threading import itertools import tempfile import json from multiprocessing import Process services = {} loading = False class colors: white = "\033[1;37m" normal = "\033[0;00m" red = "\033[1;31m" blue = "\033[1;34m" green = "\033[1;32m" lightblue = "\033[0;34m" banner = colors.red + r""" #@ @/ @@@ @@@ %@@@ @@@. @@@@@ @@@@% @@@@@ @@@@@ @@@@@@@ @ @@@@@@@ @(@@@@@@@% @@@@@@@ &@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@*@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@ @@@( @@@@@#@@@@@@@@@*@@@,@@@@@@@@@@@@@@@ @@@ @@@@@@ .@@@/@@@@@@@@@@@@@/@@@@ @@@@@@ @@@ @@@@@@@@@@@ @@@ @@@@* ,@@@@@@@@@( ,@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@ @@@.@@@@@@@@@@@@@@@ @@@ @@@@@@ @@@@@ @@@@@@ @@@@@@@@@@@@@ @@ @@@ @@ @@ @@@@@@@ @@ @@% @ @@ """+'\n' \ + r""" ██████╗ ██████╗ ██╗ ██╗████████╗███████╗███████╗██████╗ ██████╗ █████╗ ██╗ ██╗ ██╔══██╗██╔══██╗██║ ██║╚══██╔══╝██╔════╝██╔════╝██╔══██╗██╔══██╗██╔══██╗╚██╗ ██╔╝ ██████╔╝██████╔╝██║ ██║ ██║ █████╗ ███████╗██████╔╝██████╔╝███████║ ╚████╔╝ ██╔══██╗██╔══██╗██║ ██║ ██║ ██╔══╝ ╚════██║██╔═══╝ ██╔══██╗██╔══██║ ╚██╔╝ ██████╔╝██║ ██║╚██████╔╝ ██║ ███████╗███████║██║ ██║ ██║██║ ██║ ██║ ╚═════╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚══════╝╚══════╝╚═╝ ╚═╝ ╚═╝╚═╝ ╚═╝ ╚═╝ """ quiet_banner = colors.red + r""" brutespray.py v1.8.1 Created by: Shane Young/@t1d3nio && Jacob Robles/@shellfail Inspired by: Leon Johnson/@sho-luv Credit to Medusa: JoMo-Kun / Foofus Networks """+'\n' + colors.normal #ascii art by: Cara Pearson class tabCompleter(object): def pathCompleter(self,text,state): line = readline.get_line_buffer().split() return [x for x in glob.glob(text+'*')][state] def interactive(): t = tabCompleter() singluser = "" if args.interactive is True: print(colors.white + "\n\nWelcome to interactive mode!\n\n" + colors.normal) print(colors.red + "WARNING:" + colors.white + " Leaving an option blank will leave it empty and refer to default\n\n" + colors.normal) print("Available services to brute-force:") for serv in services: srv = serv for prt in services[serv]: iplist = set(services[serv][prt]) port = prt plist = len(iplist) print("Service: " + colors.green + str(serv) + colors.normal + " on port " + colors.red + str(port) + colors.normal + " with " + colors.red + str(plist) + colors.normal + " hosts") args.service = input('\n' + colors.lightblue + 'Enter services you want to brute - default all (ssh,ftp,etc): ' + colors.red) args.threads = input(colors.lightblue + 'Enter the number of parallel threads (default is 2): ' + colors.red) args.hosts = input(colors.lightblue + 'Enter the number of parallel hosts to scan per service (default is 1): ' + colors.red) if args.passlist is None or args.userlist is None: customword = input(colors.lightblue + 'Would you like to specify a wordlist? (y/n): ' + colors.red) if customword == "y": readline.set_completer_delims('\t') readline.parse_and_bind("tab: complete") readline.set_completer(t.pathCompleter) if args.userlist is None and args.username is None: args.userlist = input(colors.lightblue + 'Enter a userlist you would like to use: ' + colors.red) if args.userlist == "": args.userlist = None if args.passlist is None and args.password is None: args.passlist = input(colors.lightblue + 'Enter a passlist you would like to use: ' + colors.red) if args.passlist == "": args.passlist = None if args.username is None or args.password is None: singluser = input(colors.lightblue + 'Would to specify a single username or password (y/n): ' + colors.red) if singluser == "y": if args.username is None and args.userlist is None: args.username = input(colors.lightblue + 'Enter a username: ' + colors.red) if args.username == "": args.username = None if args.password is None and args.passlist is None: args.password = input(colors.lightblue + 'Enter a password: ' + colors.red) if args.password == "": args.password = None if args.username is None and args.userlist is None: combo = input(colors.lightblue + 'Enter a combolist you would like to use: ' + colors.red) if combo == "y": args.combo = input(colors.lightblue + 'Enter a combolist you would like to use: ' + colors.red) if args.combo == "": args.combo = None if args.service == "": args.service = "all" if args.threads == "": args.threads = "2" if args.hosts == "": args.hosts = "1" print(colors.normal) NAME_MAP = {"ms-sql-s": "mssql", "microsoft-ds": "smbnt", "cifs": "smbnt", "pcanywheredata": "pcanywhere", "postgresql": "postgres", "shell": "rsh", "exec": "rexec", "login": "rlogin", "smtps": "smtp", "submission": "smtp", "imaps": "imap", "pop3s": "pop3", "iss-realsecure": "vmauthd", "snmptrap": "snmp"} def make_dic_gnmap(): global loading global services supported = ['ssh','ftp','postgres','telnet','mysql','ms-sql-s','shell', 'vnc','imap','imaps','nntp','pcanywheredata','pop3','pop3s', 'exec','login','microsoft-ds','smtp', 'smtps','submission', 'svn','iss-realsecure','snmptrap','snmp'] port = None with open(args.file, 'r') as nmap_file: for line in nmap_file: for name in supported: matches = re.compile(r'([0-9][0-9]*)/open/[a-z][a-z]*//' + name) try: port = matches.findall(line)[0] except: continue ip = re.findall( r'[0-9]+(?:\.[0-9]+){3}', line) tmp_ports = matches.findall(line) for tmp_port in tmp_ports: name = NAME_MAP.get(name, name) if name in services: if tmp_port in services[name]: services[name][tmp_port] += ip else: services[name][tmp_port] = ip else: services[name] = {tmp_port:ip} loading = True def make_dic_nexpose(): global loading global services supported = ['ssh','ftp','postgresql','telnet','mysql','ms-sql-s','rsh', 'vnc','imap','imaps','nntp','pcanywheredata','pop3','pop3s', 'exec','login','microsoft-ds','smtp','smtps','submission', 'svn','iss-realsecure','snmptrap','snmp','cifs'] tree = ET.parse(args.file) root = tree.getroot() for node in root.iter('node'): ipaddr = node.attrib['address'] for port in node.iter('endpoint'): cstate = port.attrib['status'] tmp_port = port.attrib['port'] if cstate == "open": try: name = port[0][0].attrib['name'] iplist = ipaddr.split(',') except: continue name = name.lower() if name in supported: name = NAME_MAP.get(name, name) if name in services: if tmp_port in services[name]: services[name][tmp_port] += iplist else: services[name][tmp_port] = iplist else: services[name] = {tmp_port:iplist} loading = True def make_dic_nessus(): global loading global services supported = ['ssh','ftp','postgresql','telnet','mysql','ms-sql-s','rsh', 'vnc','imap','imaps','nntp','pcanywheredata','pop3','pop3s', 'exec','login','microsoft-ds','smtp','smtps','submission', 'svn','iss-realsecure','snmptrap','snmp','cifs'] tree = ET.parse(args.file) root = tree.getroot() for host in root.iter('ReportHost'): ipaddr = host.attrib['name'] for port in host.iter('ReportItem'): cstate = "open" tmp_port = port.attrib['port'] if tmp_port == '0': cstate == "closed" continue if cstate == "open": try: name = port.attrib['svc_name'] iplist = ipaddr.split(',') except: continue name = name.lower() if name in supported: name = NAME_MAP.get(name, name) if name in services: if tmp_port in services[name]: services[name][tmp_port] += iplist else: services[name][tmp_port] = iplist else: services[name] = {tmp_port:iplist} loading = True def make_dic_xml(): global loading global services supported = ['ssh','ftp','postgresql','telnet','mysql','ms-sql-s','rsh', 'vnc','imap','imaps','nntp','pcanywheredata','pop3','pop3s', 'exec','login','microsoft-ds','smtp','smtps','submission', 'svn','iss-realsecure','snmptrap','snmp'] tree = ET.parse(args.file) root = tree.getroot() for host in root.iter('host'): ipaddr = host.find('address').attrib['addr'] for port in host.iter('port'): cstate = port.find('state').attrib['state'] if cstate == "open": try: name = port.find('service').attrib['name'] tmp_port = port.attrib['portid'] iplist = ipaddr.split(',') except: continue if name in supported: name = NAME_MAP.get(name, name) if name in services: if tmp_port in services[name]: services[name][tmp_port] += iplist else: services[name][tmp_port] = iplist else: services[name] = {tmp_port:iplist} loading = True def make_dic_json(): global loading global services supported = ['ssh','ftp','postgres','telnet','mysql','ms-sql-s','shell', 'vnc','imap','imaps','nntp','pcanywheredata','pop3','pop3s', 'exec','login','microsoft-ds','smtp', 'smtps','submission', 'svn','iss-realsecure','snmptrap','snmp'] with open(args.file, "r") as jsonlines_file: for line in jsonlines_file: data = json.loads(line) try: host, port, name = data["host"], data["port"], data["service"] if name in supported: name = NAME_MAP.get(name, name) if name not in services: services[name] = {} if port not in services[name]: services[name][port] = [] if host not in services[name][port]: services[name][port].append(host) except KeyError as e: sys.stderr.write("\n[!] Field: " + str(e) + "is missing") sys.stderr.write("\n[!] Please provide the json fields. ") continue loading = True def brute(service,port,fname,output,auserlist,ausername,apasslist,apassword,acontinuous,ahosts,athreads,averbose,acombo,adebug): if auserlist is None and ausername is None and acombo is None: userlist = '/usr/share/brutespray/wordlist/'+service+'/user' if not os.path.exists(userlist): userlist = 'wordlist/'+service+'/user' uarg = '-U' elif auserlist: userlist = auserlist uarg = '-U' elif ausername: userlist = ausername uarg = '-u' elif acombo: userlist = acombo uarg = '-C' if apasslist is None and apassword is None and acombo is None: passlist = '/usr/share/brutespray/wordlist/'+service+'/password' if not os.path.exists(passlist): passlist = 'wordlist/'+service+'/password' parg = '-P' elif apasslist: passlist = apasslist parg = '-P' elif apassword: passlist = apassword parg = '-p' elif acombo: parg = '' passlist = '' if acontinuous: cont = '' else: cont = '-F' if service == "smtp": aarg = "-m" auth = "AUTH:LOGIN" else: aarg = '' auth = '' p = subprocess.Popen(['medusa', '-b', '-H', fname, uarg, userlist, parg, passlist, '-M', service, '-t', athreads, '-n', port, '-T', ahosts, cont, aarg, auth, '-v', averbose, '-w', adebug], stdout=subprocess.PIPE, stderr=subprocess.STDOUT, universal_newlines=True, bufsize=1) out = "[" + colors.green + "+" + colors.normal + "] " output_file = output + '/' + port + '-' + service + '-success.txt' for line in p.stdout: print(line.strip('\n')) sys.stdout.flush() time.sleep(0.0001) if 'SUCCESS' in line: f = open(output_file, 'a') f.write(out + line) f.close() def animate(): sys.stdout.write('\rStarting to brute, please make sure to use the right amount of ' + colors.green + 'threads(-t)' + colors.normal + ' and ' + colors.green + 'parallel hosts(-T)' + colors.normal + '... \n') t_end = time.time() + 2 for c in itertools.cycle(['|', '/', '-', '\\']): if not time.time() < t_end: break sys.stdout.write('\rOutput will be written to the folder: ./' + colors.green + args.output + colors.normal + "/ "+ c) sys.stdout.flush() time.sleep(0.1) sys.stdout.write('\n\nBrute-Forcing... \n') time.sleep(1) def loading(): for c in itertools.cycle(['|', '/', '-', '\\']): if loading == True: break sys.stdout.write('\rLoading File: ' + c) sys.stdout.flush() time.sleep(0.01) def getInput(filename): in_format = None with open(filename) as f: line = f.readlines() if '{' in line[0]: in_format = "json" if '# Nmap' in line[0] and not 'Nmap' in line[1]: in_format = "gnmap" if ' \n") menu_group = parser.add_argument_group(colors.lightblue + 'Menu Options' + colors.normal) menu_group.add_argument('-f', '--file', help="GNMAP, JSON or XML file to parse", required=False, default=None) menu_group.add_argument('-o', '--output', help="Directory containing successful attempts", default="brutespray-output") menu_group.add_argument('-s', '--service', help="specify service to attack", default="all") menu_group.add_argument('-t', '--threads', help="number of medusa threads", default="2") menu_group.add_argument('-T', '--hosts', help="number of hosts to test concurrently", default="1") menu_group.add_argument('-U', '--userlist', help="reference a custom username file", default=None) menu_group.add_argument('-P', '--passlist', help="reference a custom password file", default=None) menu_group.add_argument('-C', '--combo', help="specify a combo input (host:user:password)", default=None) menu_group.add_argument('-u', '--username', help="specify a single username", default=None) menu_group.add_argument('-p', '--password', help="specify a single password", default=None) menu_group.add_argument('-c', '--continuous', help="keep brute-forcing after success", default=False, action='store_true') menu_group.add_argument('-i', '--interactive', help="interactive mode", default=False, action='store_true') menu_group.add_argument('-m', '--modules', help="dump a list of available modules to brute", default=False, action='store_true') menu_group.add_argument('-q', '--quiet', help="supress banner", default=False, action='store_true') menu_group.add_argument('-v', '--verbose', help="verbose output from medusa [0-6], default=5", default="5") menu_group.add_argument('-w', '--debug', help="debug error output from medusa [0-10], default=5", default="5") try: args = parser.parse_args() except: print(banner + quiet_banner) args = parser.parse_args() return args if __name__ == "__main__": args = parse_args() if args.quiet == False: print(banner + quiet_banner) else: print(quiet_banner) if args.file is None and args.modules is False: parser.error("argument -f/--file is required") supported = ['ssh','ftp','telnet','vnc','mssql','mysql','postgresql','rsh', 'imap','nntp','pcanywhere','pop3', 'rexec','rlogin','smbnt','smtp', 'svn','vmauthd','snmp','cifs'] #temporary directory for ip addresses if args.modules is True: print(colors.lightblue + "Supported Services:\n" + colors.green) print(('\n'.join(supported))) print(colors.normal + "\n") try: tmppath = tempfile.mkdtemp(prefix="brutespray-tmp") except: sys.stderr.write("\nError while creating brutespray temp directory.") exit(4) if not os.path.exists(args.output): os.mkdir(args.output) if os.system("command -v medusa > /dev/null") != 0: sys.stderr.write("Command medusa not found. Please install medusa before using brutespray") exit(3) if args.file is None: sys.exit(0) if args.passlist and not os.path.isfile(args.passlist): sys.stderr.write("Passlist given does not exist. Please check your file or path\n") exit(3) if args.userlist and not os.path.isfile(args.userlist): sys.stderr.write("Userlist given does not exist. Please check your file or path\n") exit(3) if args.combo and not os.path.isfile(args.combo): sys.stderr.write("Combolist given does not exist. Please check your file or path\n") if os.path.isfile(args.file): try: t = threading.Thread(target=loading) t.start() in_format = getInput(args.file) { "gnmap": make_dic_gnmap, "xml": make_dic_xml, "json": make_dic_json, "xml_nexpose": make_dic_nexpose, "xml_nessus": make_dic_nessus }[in_format]() except: print("\nFormat failed!\n") loading = True sys.exit(0) if args.interactive is True: interactive() animate() if services == {}: print("\nNo brutable services found.\n Please check your file.") else: print("\nError loading file, please check your filename.") to_scan = args.service.split(',') for service in services: if service in to_scan or to_scan == ['all']: for port in services[service]: fname = tmppath + '/' +service + '-' + port iplist = set(services[service][port]) f = open(fname, 'w+') for ip in iplist: f.write(ip + '\n') f.close() brute_process = Process(target=brute, args=(service,port,fname,args.output,args.userlist,args.username,args.passlist,args.password,args.continuous,args.hosts,args.threads,args.verbose,args.combo,args.debug)) brute_process.start() #need to wait for all of the processes to run... brutespray-brutespray-1.8.1/requirements.txt000066400000000000000000000000001433053574100213760ustar00rootroot00000000000000brutespray-brutespray-1.8.1/wordlist/000077500000000000000000000000001433053574100177735ustar00rootroot00000000000000brutespray-brutespray-1.8.1/wordlist/ftp/000077500000000000000000000000001433053574100205645ustar00rootroot00000000000000brutespray-brutespray-1.8.1/wordlist/ftp/password000066400000000000000000000035131433053574100223530ustar00rootroot00000000000000 111111 12345 123456 12345678 123qwe 1qaz2wsx 2003 2008 95 98 abc abc123 abcd123 account admin adminadmin administator admins agata air alpine autumn2013 Autumn2013 autumn2014 Autumn2014 autumn2015 Autumn2015 autumn2016 Autumn2016 autumn2017 Autumn2017 bankbank baseball basketball bill bird burp change changelater changeme company company! company1 company1! company123 complex complex1 complex2 complex3 complexpassword cvsadm database default dev devdev devdevdev dirt dragon earth eqidemo fire football ftp ftp123 ftpuser goat god guessme hugs info john letmein login march2011 marketing master microsoft mike monkey mysql network networking networks news nobody nt oracle P@55w0rd P@55w0rd! pass PassSql12 password password! Password! password1 Password1 Password1! password12 Password12 password123 password2 Password2 princess private P@ssw0rd P@ssw0rd! P@ssword! qa qwerty qwertyuiop rain root sa sasa secret secret! secret1! secret12 secret1212 secret123 secuirty3 security security1 security3 server snow solo someday spam spring2013 Spring2013 spring2014 Spring2014 spring2015 Spring2015 spring2016 Spring2016 spring2017 Spring2017 sql sql2000 sql2003 sql2005 sql2008 sql2009 sql2010 sql2011 sqlaccount sqlpass sqlpass123 sqlpassword sqlserver Sqlserver SqlServer sqlserver2000 sqlserver2005 sqlsql sqlsqlsqlsql SQLSQLSQLSQL sqlsqlsqlsqlsql sqlsvr starwars summer2013 Summer2013 summer2014 Summer2014 summer2015 Summer2015 summer2016 Summer2016 summer2017 Summer2017 sysadm sysadmin system techsupport test test1 test123 test2 test3 test4 tester testing testing123 testsql test-sql3 testtest testuser trust unchanged unknown uploader user vista water web webadmin webmaster welcome welcome1 Welcome1212 Welcome123 Welcome1234 welcome2 wicked winter2013 Winter2013 winter2014 Winter2014 winter2015 Winter2015 winter2016 Winter2016 winter2017 Winter2017 xp brutespray-brutespray-1.8.1/wordlist/ftp/user000066400000000000000000000001151433053574100214620ustar00rootroot00000000000000anonymous oracle root test uploader john bill mike agata ftp admin marketing brutespray-brutespray-1.8.1/wordlist/imap/000077500000000000000000000000001433053574100207215ustar00rootroot00000000000000brutespray-brutespray-1.8.1/wordlist/imap/password000066400000000000000000000043411433053574100225100ustar00rootroot00000000000000 000000 102030 111111 11111111 112233 121212 123123 123123123 123321 1234 12345 123456 1234567 12345678 123456789 1234567890 123654 123qwe 1q2w3e 1q2w3e4r 1qaz2wsx 2003 2008 222222 555555 654321 666666 753951 7777777 95 98 987654321 aaaaaa abc abc123 abcd123 abcd1234 abcdef account admin adminadmin administator admins adobe1 adobe123 adobeadobe air alexander alpine andrea andrew asdasd asdfasdf asdfgh asdfghj asdfghjkl autumn2013 Autumn2013 autumn2014 Autumn2014 autumn2015 Autumn2015 autumn2016 Autumn2016 autumn2017 Autumn2017 azerty bankbank baseball basketball bird burp buster change changelater changeme charlie chocolate company company! company1 company1! company123 complex complex1 complex2 complex3 complexpassword computer daniel database default dev devdev devdevdev dirt dragon dreamweaver earth fdsa fire football freedom fuckyou ginger goat god guessme hannah hugs iloveyou internet jennifer jessica jordan joshua killer letmein liverpool login macromedia maggie march2011 master matrix michael michelle microsoft monkey network networking networks nicole nt P@55w0rd P@55w0rd! pass PassSql12 password password! Password! password1 Password1 Password1! password12 Password12 password123 password2 Password2 pepper photoshop princess private P@ssw0rd P@ssw0rd! P@ssword! purple qa qazwsx qwerty qwertyuiop rain sa samsung sasa secret secret! secret1! secret12 secret1212 secret123 secuirty3 security security1 security3 server shadow snoopy1 snow soccer solo someday spring2013 Spring2013 spring2014 Spring2014 spring2015 Spring2015 spring2016 Spring2016 spring2017 Spring2017 sql sql2000 sql2003 sql2005 sql2008 sql2009 sql2010 sql2011 sqlaccount sqlpass sqlpass123 sqlpassword sqlserver Sqlserver SqlServer sqlserver2000 sqlserver2005 sqlsql sqlsqlsqlsql SQLSQLSQLSQL sqlsqlsqlsqlsql sqlsvr starwars summer summer2013 Summer2013 summer2014 Summer2014 summer2015 Summer2015 summer2016 Summer2016 summer2017 Summer2017 sunshine superman sysadmin test testing testing123 testsql test-sql3 testtest thomas tigger trust trustno1 unchanged unknown vista water welcome welcome1 Welcome1212 Welcome123 Welcome1234 welcome2 whatever wicked winter2013 Winter2013 winter2014 Winter2014 winter2015 Winter2015 winter2016 Winter2016 winter2017 Winter2017 xp zxcvbnm brutespray-brutespray-1.8.1/wordlist/imap/user000066400000000000000000000001431433053574100216200ustar00rootroot00000000000000admin manager root cisco apc pass security user system sys wampp newuser xampp-dav-unsecure vagrantbrutespray-brutespray-1.8.1/wordlist/mssql/000077500000000000000000000000001433053574100211325ustar00rootroot00000000000000brutespray-brutespray-1.8.1/wordlist/mssql/password000066400000000000000000000031621433053574100227210ustar00rootroot00000000000000 111111 123456 12345678 1qaz2wsx 2003 2008 95 98 abc abc123 abcd123 account admin adminadmin administator admins air alpine autumn2013 Autumn2013 autumn2014 Autumn2014 autumn2015 Autumn2015 autumn2016 Autumn2016 autumn2017 Autumn2017 bankbank baseball basketball bird burp change changelater changeme company company! company1 company1! company123 complex complex1 complex2 complex3 complexpassword database default dev devdev devdevdev dirt dragon earth fire football goat god guessme hugs letmein login march2011 master microsoft monkey network networking networks nt P@55w0rd P@55w0rd! pass PassSql12 password password! Password! password1 Password1 Password1! password12 Password12 password123 Password123 password2 Password2 princess private P@ssw0rd P@ssw0rd! P@ssword! qa qwerty qwertyuiop rain sa sasa secret secret! secret1! secret12 secret1212 secret123 secuirty3 security security1 security3 server snow solo someday spring2013 Spring2013 spring2014 Spring2014 spring2015 Spring2015 spring2016 Spring2016 spring2017 Spring2017 sql sql2000 sql2003 sql2005 sql2008 sql2009 sql2010 sql2011 sqlaccount sqlpass sqlpass123 sqlpassword sqlserver Sqlserver SqlServer sqlserver2000 sqlserver2005 sqlsql sqlsqlsqlsql SQLSQLSQLSQL sqlsqlsqlsqlsql sqlsvr starwars summer2013 Summer2013 summer2014 Summer2014 summer2015 Summer2015 summer2016 Summer2016 summer2017 Summer2017 sysadmin test testing testing123 testsql test-sql3 testtest trust unchanged unknown vista water welcome welcome1 Welcome1212 Welcome123 Welcome1234 welcome2 wicked winter2013 Winter2013 winter2014 Winter2014 winter2015 Winter2015 winter2016 Winter2016 winter2017 Winter2017 xp brutespray-brutespray-1.8.1/wordlist/mssql/user000066400000000000000000000000161433053574100220300ustar00rootroot00000000000000sa root admin brutespray-brutespray-1.8.1/wordlist/mysql/000077500000000000000000000000001433053574100211405ustar00rootroot00000000000000brutespray-brutespray-1.8.1/wordlist/mysql/password000066400000000000000000000000321433053574100227200ustar00rootroot00000000000000password admin root toor brutespray-brutespray-1.8.1/wordlist/mysql/user000066400000000000000000000000131433053574100220330ustar00rootroot00000000000000root admin brutespray-brutespray-1.8.1/wordlist/nntp/000077500000000000000000000000001433053574100207525ustar00rootroot00000000000000brutespray-brutespray-1.8.1/wordlist/nntp/password000066400000000000000000000043411433053574100225410ustar00rootroot00000000000000 000000 102030 111111 11111111 112233 121212 123123 123123123 123321 1234 12345 123456 1234567 12345678 123456789 1234567890 123654 123qwe 1q2w3e 1q2w3e4r 1qaz2wsx 2003 2008 222222 555555 654321 666666 753951 7777777 95 98 987654321 aaaaaa abc abc123 abcd123 abcd1234 abcdef account admin adminadmin administator admins adobe1 adobe123 adobeadobe air alexander alpine andrea andrew asdasd asdfasdf asdfgh asdfghj asdfghjkl autumn2013 Autumn2013 autumn2014 Autumn2014 autumn2015 Autumn2015 autumn2016 Autumn2016 autumn2017 Autumn2017 azerty bankbank baseball basketball bird burp buster change changelater changeme charlie chocolate company company! company1 company1! company123 complex complex1 complex2 complex3 complexpassword computer daniel database default dev devdev devdevdev dirt dragon dreamweaver earth fdsa fire football freedom fuckyou ginger goat god guessme hannah hugs iloveyou internet jennifer jessica jordan joshua killer letmein liverpool login macromedia maggie march2011 master matrix michael michelle microsoft monkey network networking networks nicole nt P@55w0rd P@55w0rd! pass PassSql12 password password! Password! password1 Password1 Password1! password12 Password12 password123 password2 Password2 pepper photoshop princess private P@ssw0rd P@ssw0rd! P@ssword! purple qa qazwsx qwerty qwertyuiop rain sa samsung sasa secret secret! secret1! secret12 secret1212 secret123 secuirty3 security security1 security3 server shadow snoopy1 snow soccer solo someday spring2013 Spring2013 spring2014 Spring2014 spring2015 Spring2015 spring2016 Spring2016 spring2017 Spring2017 sql sql2000 sql2003 sql2005 sql2008 sql2009 sql2010 sql2011 sqlaccount sqlpass sqlpass123 sqlpassword sqlserver Sqlserver SqlServer sqlserver2000 sqlserver2005 sqlsql sqlsqlsqlsql SQLSQLSQLSQL sqlsqlsqlsqlsql sqlsvr starwars summer summer2013 Summer2013 summer2014 Summer2014 summer2015 Summer2015 summer2016 Summer2016 summer2017 Summer2017 sunshine superman sysadmin test testing testing123 testsql test-sql3 testtest thomas tigger trust trustno1 unchanged unknown vista water welcome welcome1 Welcome1212 Welcome123 Welcome1234 welcome2 whatever wicked winter2013 Winter2013 winter2014 Winter2014 winter2015 Winter2015 winter2016 Winter2016 winter2017 Winter2017 xp zxcvbnm brutespray-brutespray-1.8.1/wordlist/nntp/user000066400000000000000000000001431433053574100216510ustar00rootroot00000000000000admin manager root cisco apc pass security user system sys wampp newuser xampp-dav-unsecure vagrantbrutespray-brutespray-1.8.1/wordlist/pcanywhere/000077500000000000000000000000001433053574100221405ustar00rootroot00000000000000brutespray-brutespray-1.8.1/wordlist/pcanywhere/password000066400000000000000000000043511433053574100237300ustar00rootroot00000000000000 000000 102030 111111 11111111 112233 121212 123123 123123123 123321 1234 12345 123456 1234567 12345678 123456789 1234567890 123654 123qwe 1q2w3e 1q2w3e4r 1qaz2wsx 2003 2008 222222 555555 654321 666666 753951 7777777 95 98 987654321 aaaaaa abc abc123 abcd123 abcd1234 abcdef account admin adminadmin administator admins adobe1 adobe123 adobeadobe air alexander alpine andrea andrew asdasd asdfasdf asdfgh asdfghj asdfghjkl autumn2013 Autumn2013 autumn2014 Autumn2014 autumn2015 Autumn2015 autumn2016 Autumn2016 autumn2017 Autumn2017 azerty bankbank baseball basketball bird burp buster change changelater changeme charlie chocolate company company! company1 company1! company123 complex complex1 complex2 complex3 complexpassword computer daniel database default dev devdev devdevdev dirt dragon dreamweaver earth fdsa fire football freedom fuckyou ginger goat god guessme hannah hugs iloveyou internet jennifer jessica jordan joshua killer letmein liverpool login macromedia maggie march2011 master matrix michael michelle microsoft monkey network networking networks nicole nt P@55w0rd P@55w0rd! pass PassSql12 password password! Password! password1 Password1 Password1! password12 Password12 password123 password2 Password2 pepper photoshop princess private P@ssw0rd P@ssw0rd! P@ssword! purple qa qazwsx qwerty qwertyuiop rain recover sa samsung sasa secret secret! secret1! secret12 secret1212 secret123 secuirty3 security security1 security3 server shadow snoopy1 snow soccer solo someday spring2013 Spring2013 spring2014 Spring2014 spring2015 Spring2015 spring2016 Spring2016 spring2017 Spring2017 sql sql2000 sql2003 sql2005 sql2008 sql2009 sql2010 sql2011 sqlaccount sqlpass sqlpass123 sqlpassword sqlserver Sqlserver SqlServer sqlserver2000 sqlserver2005 sqlsql sqlsqlsqlsql SQLSQLSQLSQL sqlsqlsqlsqlsql sqlsvr starwars summer summer2013 Summer2013 summer2014 Summer2014 summer2015 Summer2015 summer2016 Summer2016 summer2017 Summer2017 sunshine superman sysadmin test testing testing123 testsql test-sql3 testtest thomas tigger trust trustno1 unchanged unknown vista water welcome welcome1 Welcome1212 Welcome123 Welcome1234 welcome2 whatever wicked winter2013 Winter2013 winter2014 Winter2014 winter2015 Winter2015 winter2016 Winter2016 winter2017 Winter2017 xp zxcvbnm brutespray-brutespray-1.8.1/wordlist/pcanywhere/user000066400000000000000000000001551433053574100230420ustar00rootroot00000000000000admin manager root cisco apc pass security user system sys wampp newuser xampp-dav-unsecure vagrant symantec brutespray-brutespray-1.8.1/wordlist/postgres/000077500000000000000000000000001433053574100216415ustar00rootroot00000000000000brutespray-brutespray-1.8.1/wordlist/postgres/password000066400000000000000000000043511433053574100234310ustar00rootroot00000000000000 000000 102030 111111 11111111 112233 121212 123123 123123123 123321 1234 12345 123456 1234567 12345678 123456789 1234567890 123654 123qwe 1q2w3e 1q2w3e4r 1qaz2wsx 2003 2008 222222 555555 654321 666666 753951 7777777 95 98 987654321 aaaaaa abc abc123 abcd123 abcd1234 abcdef account admin adminadmin administator admins adobe1 adobe123 adobeadobe air alexander alpine andrea andrew asdasd asdfasdf asdfgh asdfghj asdfghjkl autumn2013 Autumn2013 autumn2014 Autumn2014 autumn2015 Autumn2015 autumn2016 Autumn2016 autumn2017 Autumn2017 azerty bankbank baseball basketball bird burp buster change changelater changeme charlie chocolate company company! company1 company1! company123 complex complex1 complex2 complex3 complexpassword computer daniel database default dev devdev devdevdev dirt dragon dreamweaver earth fdsa fire football freedom fuckyou ginger goat god guessme hannah hugs iloveyou internet jennifer jessica jordan joshua killer letmein liverpool login macromedia maggie march2011 master matrix michael michelle microsoft monkey network networking networks nicole nt P@55w0rd P@55w0rd! pass PassSql12 password password! Password! password1 Password1 Password1! password12 Password12 password123 password2 Password2 pepper photoshop princess private P@ssw0rd P@ssw0rd! P@ssword! purple qa qazwsx qwerty qwertyuiop rain recover sa samsung sasa secret secret! secret1! secret12 secret1212 secret123 secuirty3 security security1 security3 server shadow snoopy1 snow soccer solo someday spring2013 Spring2013 spring2014 Spring2014 spring2015 Spring2015 spring2016 Spring2016 spring2017 Spring2017 sql sql2000 sql2003 sql2005 sql2008 sql2009 sql2010 sql2011 sqlaccount sqlpass sqlpass123 sqlpassword sqlserver Sqlserver SqlServer sqlserver2000 sqlserver2005 sqlsql sqlsqlsqlsql SQLSQLSQLSQL sqlsqlsqlsqlsql sqlsvr starwars summer summer2013 Summer2013 summer2014 Summer2014 summer2015 Summer2015 summer2016 Summer2016 summer2017 Summer2017 sunshine superman sysadmin test testing testing123 testsql test-sql3 testtest thomas tigger trust trustno1 unchanged unknown vista water welcome welcome1 Welcome1212 Welcome123 Welcome1234 welcome2 whatever wicked winter2013 Winter2013 winter2014 Winter2014 winter2015 Winter2015 winter2016 Winter2016 winter2017 Winter2017 xp zxcvbnm brutespray-brutespray-1.8.1/wordlist/postgres/user000066400000000000000000000000241433053574100225360ustar00rootroot00000000000000root admin postgres brutespray-brutespray-1.8.1/wordlist/rexec/000077500000000000000000000000001433053574100211015ustar00rootroot00000000000000brutespray-brutespray-1.8.1/wordlist/rexec/password000066400000000000000000000043511433053574100226710ustar00rootroot00000000000000 000000 102030 111111 11111111 112233 121212 123123 123123123 123321 1234 12345 123456 1234567 12345678 123456789 1234567890 123654 123qwe 1q2w3e 1q2w3e4r 1qaz2wsx 2003 2008 222222 555555 654321 666666 753951 7777777 95 98 987654321 aaaaaa abc abc123 abcd123 abcd1234 abcdef account admin adminadmin administator admins adobe1 adobe123 adobeadobe air alexander alpine andrea andrew asdasd asdfasdf asdfgh asdfghj asdfghjkl autumn2013 Autumn2013 autumn2014 Autumn2014 autumn2015 Autumn2015 autumn2016 Autumn2016 autumn2017 Autumn2017 azerty bankbank baseball basketball bird burp buster change changelater changeme charlie chocolate company company! company1 company1! company123 complex complex1 complex2 complex3 complexpassword computer daniel database default dev devdev devdevdev dirt dragon dreamweaver earth fdsa fire football freedom fuckyou ginger goat god guessme hannah hugs iloveyou internet jennifer jessica jordan joshua killer letmein liverpool login macromedia maggie march2011 master matrix michael michelle microsoft monkey network networking networks nicole nt P@55w0rd P@55w0rd! pass PassSql12 password password! Password! password1 Password1 Password1! password12 Password12 password123 password2 Password2 pepper photoshop princess private P@ssw0rd P@ssw0rd! P@ssword! purple qa qazwsx qwerty qwertyuiop rain recover sa samsung sasa secret secret! secret1! secret12 secret1212 secret123 secuirty3 security security1 security3 server shadow snoopy1 snow soccer solo someday spring2013 Spring2013 spring2014 Spring2014 spring2015 Spring2015 spring2016 Spring2016 spring2017 Spring2017 sql sql2000 sql2003 sql2005 sql2008 sql2009 sql2010 sql2011 sqlaccount sqlpass sqlpass123 sqlpassword sqlserver Sqlserver SqlServer sqlserver2000 sqlserver2005 sqlsql sqlsqlsqlsql SQLSQLSQLSQL sqlsqlsqlsqlsql sqlsvr starwars summer summer2013 Summer2013 summer2014 Summer2014 summer2015 Summer2015 summer2016 Summer2016 summer2017 Summer2017 sunshine superman sysadmin test testing testing123 testsql test-sql3 testtest thomas tigger trust trustno1 unchanged unknown vista water welcome welcome1 Welcome1212 Welcome123 Welcome1234 welcome2 whatever wicked winter2013 Winter2013 winter2014 Winter2014 winter2015 Winter2015 winter2016 Winter2016 winter2017 Winter2017 xp zxcvbnm brutespray-brutespray-1.8.1/wordlist/rexec/user000066400000000000000000000001431433053574100220000ustar00rootroot00000000000000admin manager root cisco apc pass security user system sys wampp newuser xampp-dav-unsecure vagrantbrutespray-brutespray-1.8.1/wordlist/rlogin/000077500000000000000000000000001433053574100212655ustar00rootroot00000000000000brutespray-brutespray-1.8.1/wordlist/rlogin/password000066400000000000000000000043511433053574100230550ustar00rootroot00000000000000 000000 102030 111111 11111111 112233 121212 123123 123123123 123321 1234 12345 123456 1234567 12345678 123456789 1234567890 123654 123qwe 1q2w3e 1q2w3e4r 1qaz2wsx 2003 2008 222222 555555 654321 666666 753951 7777777 95 98 987654321 aaaaaa abc abc123 abcd123 abcd1234 abcdef account admin adminadmin administator admins adobe1 adobe123 adobeadobe air alexander alpine andrea andrew asdasd asdfasdf asdfgh asdfghj asdfghjkl autumn2013 Autumn2013 autumn2014 Autumn2014 autumn2015 Autumn2015 autumn2016 Autumn2016 autumn2017 Autumn2017 azerty bankbank baseball basketball bird burp buster change changelater changeme charlie chocolate company company! company1 company1! company123 complex complex1 complex2 complex3 complexpassword computer daniel database default dev devdev devdevdev dirt dragon dreamweaver earth fdsa fire football freedom fuckyou ginger goat god guessme hannah hugs iloveyou internet jennifer jessica jordan joshua killer letmein liverpool login macromedia maggie march2011 master matrix michael michelle microsoft monkey network networking networks nicole nt P@55w0rd P@55w0rd! pass PassSql12 password password! Password! password1 Password1 Password1! password12 Password12 password123 password2 Password2 pepper photoshop princess private P@ssw0rd P@ssw0rd! P@ssword! purple qa qazwsx qwerty qwertyuiop rain recover sa samsung sasa secret secret! secret1! secret12 secret1212 secret123 secuirty3 security security1 security3 server shadow snoopy1 snow soccer solo someday spring2013 Spring2013 spring2014 Spring2014 spring2015 Spring2015 spring2016 Spring2016 spring2017 Spring2017 sql sql2000 sql2003 sql2005 sql2008 sql2009 sql2010 sql2011 sqlaccount sqlpass sqlpass123 sqlpassword sqlserver Sqlserver SqlServer sqlserver2000 sqlserver2005 sqlsql sqlsqlsqlsql SQLSQLSQLSQL sqlsqlsqlsqlsql sqlsvr starwars summer summer2013 Summer2013 summer2014 Summer2014 summer2015 Summer2015 summer2016 Summer2016 summer2017 Summer2017 sunshine superman sysadmin test testing testing123 testsql test-sql3 testtest thomas tigger trust trustno1 unchanged unknown vista water welcome welcome1 Welcome1212 Welcome123 Welcome1234 welcome2 whatever wicked winter2013 Winter2013 winter2014 Winter2014 winter2015 Winter2015 winter2016 Winter2016 winter2017 Winter2017 xp zxcvbnm brutespray-brutespray-1.8.1/wordlist/rlogin/user000066400000000000000000000001431433053574100221640ustar00rootroot00000000000000admin manager root cisco apc pass security user system sys wampp newuser xampp-dav-unsecure vagrantbrutespray-brutespray-1.8.1/wordlist/rsh/000077500000000000000000000000001433053574100205675ustar00rootroot00000000000000brutespray-brutespray-1.8.1/wordlist/rsh/password000066400000000000000000000043511433053574100223570ustar00rootroot00000000000000 000000 102030 111111 11111111 112233 121212 123123 123123123 123321 1234 12345 123456 1234567 12345678 123456789 1234567890 123654 123qwe 1q2w3e 1q2w3e4r 1qaz2wsx 2003 2008 222222 555555 654321 666666 753951 7777777 95 98 987654321 aaaaaa abc abc123 abcd123 abcd1234 abcdef account admin adminadmin administator admins adobe1 adobe123 adobeadobe air alexander alpine andrea andrew asdasd asdfasdf asdfgh asdfghj asdfghjkl autumn2013 Autumn2013 autumn2014 Autumn2014 autumn2015 Autumn2015 autumn2016 Autumn2016 autumn2017 Autumn2017 azerty bankbank baseball basketball bird burp buster change changelater changeme charlie chocolate company company! company1 company1! company123 complex complex1 complex2 complex3 complexpassword computer daniel database default dev devdev devdevdev dirt dragon dreamweaver earth fdsa fire football freedom fuckyou ginger goat god guessme hannah hugs iloveyou internet jennifer jessica jordan joshua killer letmein liverpool login macromedia maggie march2011 master matrix michael michelle microsoft monkey network networking networks nicole nt P@55w0rd P@55w0rd! pass PassSql12 password password! Password! password1 Password1 Password1! password12 Password12 password123 password2 Password2 pepper photoshop princess private P@ssw0rd P@ssw0rd! P@ssword! purple qa qazwsx qwerty qwertyuiop rain recover sa samsung sasa secret secret! secret1! secret12 secret1212 secret123 secuirty3 security security1 security3 server shadow snoopy1 snow soccer solo someday spring2013 Spring2013 spring2014 Spring2014 spring2015 Spring2015 spring2016 Spring2016 spring2017 Spring2017 sql sql2000 sql2003 sql2005 sql2008 sql2009 sql2010 sql2011 sqlaccount sqlpass sqlpass123 sqlpassword sqlserver Sqlserver SqlServer sqlserver2000 sqlserver2005 sqlsql sqlsqlsqlsql SQLSQLSQLSQL sqlsqlsqlsqlsql sqlsvr starwars summer summer2013 Summer2013 summer2014 Summer2014 summer2015 Summer2015 summer2016 Summer2016 summer2017 Summer2017 sunshine superman sysadmin test testing testing123 testsql test-sql3 testtest thomas tigger trust trustno1 unchanged unknown vista water welcome welcome1 Welcome1212 Welcome123 Welcome1234 welcome2 whatever wicked winter2013 Winter2013 winter2014 Winter2014 winter2015 Winter2015 winter2016 Winter2016 winter2017 Winter2017 xp zxcvbnm brutespray-brutespray-1.8.1/wordlist/rsh/user000066400000000000000000000001431433053574100214660ustar00rootroot00000000000000admin manager root cisco apc pass security user system sys wampp newuser xampp-dav-unsecure vagrantbrutespray-brutespray-1.8.1/wordlist/smbnt/000077500000000000000000000000001433053574100211165ustar00rootroot00000000000000brutespray-brutespray-1.8.1/wordlist/smbnt/password000066400000000000000000000043511433053574100227060ustar00rootroot00000000000000 000000 102030 111111 11111111 112233 121212 123123 123123123 123321 1234 12345 123456 1234567 12345678 123456789 1234567890 123654 123qwe 1q2w3e 1q2w3e4r 1qaz2wsx 2003 2008 222222 555555 654321 666666 753951 7777777 95 98 987654321 aaaaaa abc abc123 abcd123 abcd1234 abcdef account admin adminadmin administator admins adobe1 adobe123 adobeadobe air alexander alpine andrea andrew asdasd asdfasdf asdfgh asdfghj asdfghjkl autumn2013 Autumn2013 autumn2014 Autumn2014 autumn2015 Autumn2015 autumn2016 Autumn2016 autumn2017 Autumn2017 azerty bankbank baseball basketball bird burp buster change changelater changeme charlie chocolate company company! company1 company1! company123 complex complex1 complex2 complex3 complexpassword computer daniel database default dev devdev devdevdev dirt dragon dreamweaver earth fdsa fire football freedom fuckyou ginger goat god guessme hannah hugs iloveyou internet jennifer jessica jordan joshua killer letmein liverpool login macromedia maggie march2011 master matrix michael michelle microsoft monkey network networking networks nicole nt P@55w0rd P@55w0rd! pass PassSql12 password password! Password! password1 Password1 Password1! password12 Password12 password123 password2 Password2 pepper photoshop princess private P@ssw0rd P@ssw0rd! P@ssword! purple qa qazwsx qwerty qwertyuiop rain recover sa samsung sasa secret secret! secret1! secret12 secret1212 secret123 secuirty3 security security1 security3 server shadow snoopy1 snow soccer solo someday spring2013 Spring2013 spring2014 Spring2014 spring2015 Spring2015 spring2016 Spring2016 spring2017 Spring2017 sql sql2000 sql2003 sql2005 sql2008 sql2009 sql2010 sql2011 sqlaccount sqlpass sqlpass123 sqlpassword sqlserver Sqlserver SqlServer sqlserver2000 sqlserver2005 sqlsql sqlsqlsqlsql SQLSQLSQLSQL sqlsqlsqlsqlsql sqlsvr starwars summer summer2013 Summer2013 summer2014 Summer2014 summer2015 Summer2015 summer2016 Summer2016 summer2017 Summer2017 sunshine superman sysadmin test testing testing123 testsql test-sql3 testtest thomas tigger trust trustno1 unchanged unknown vista water welcome welcome1 Welcome1212 Welcome123 Welcome1234 welcome2 whatever wicked winter2013 Winter2013 winter2014 Winter2014 winter2015 Winter2015 winter2016 Winter2016 winter2017 Winter2017 xp zxcvbnm brutespray-brutespray-1.8.1/wordlist/smbnt/user000066400000000000000000000001431433053574100220150ustar00rootroot00000000000000admin manager root cisco apc pass security user system sys wampp newuser xampp-dav-unsecure vagrantbrutespray-brutespray-1.8.1/wordlist/smtp/000077500000000000000000000000001433053574100207565ustar00rootroot00000000000000brutespray-brutespray-1.8.1/wordlist/smtp/password000066400000000000000000000043511433053574100225460ustar00rootroot00000000000000 000000 102030 111111 11111111 112233 121212 123123 123123123 123321 1234 12345 123456 1234567 12345678 123456789 1234567890 123654 123qwe 1q2w3e 1q2w3e4r 1qaz2wsx 2003 2008 222222 555555 654321 666666 753951 7777777 95 98 987654321 aaaaaa abc abc123 abcd123 abcd1234 abcdef account admin adminadmin administator admins adobe1 adobe123 adobeadobe air alexander alpine andrea andrew asdasd asdfasdf asdfgh asdfghj asdfghjkl autumn2013 Autumn2013 autumn2014 Autumn2014 autumn2015 Autumn2015 autumn2016 Autumn2016 autumn2017 Autumn2017 azerty bankbank baseball basketball bird burp buster change changelater changeme charlie chocolate company company! company1 company1! company123 complex complex1 complex2 complex3 complexpassword computer daniel database default dev devdev devdevdev dirt dragon dreamweaver earth fdsa fire football freedom fuckyou ginger goat god guessme hannah hugs iloveyou internet jennifer jessica jordan joshua killer letmein liverpool login macromedia maggie march2011 master matrix michael michelle microsoft monkey network networking networks nicole nt P@55w0rd P@55w0rd! pass PassSql12 password password! Password! password1 Password1 Password1! password12 Password12 password123 password2 Password2 pepper photoshop princess private P@ssw0rd P@ssw0rd! P@ssword! purple qa qazwsx qwerty qwertyuiop rain recover sa samsung sasa secret secret! secret1! secret12 secret1212 secret123 secuirty3 security security1 security3 server shadow snoopy1 snow soccer solo someday spring2013 Spring2013 spring2014 Spring2014 spring2015 Spring2015 spring2016 Spring2016 spring2017 Spring2017 sql sql2000 sql2003 sql2005 sql2008 sql2009 sql2010 sql2011 sqlaccount sqlpass sqlpass123 sqlpassword sqlserver Sqlserver SqlServer sqlserver2000 sqlserver2005 sqlsql sqlsqlsqlsql SQLSQLSQLSQL sqlsqlsqlsqlsql sqlsvr starwars summer summer2013 Summer2013 summer2014 Summer2014 summer2015 Summer2015 summer2016 Summer2016 summer2017 Summer2017 sunshine superman sysadmin test testing testing123 testsql test-sql3 testtest thomas tigger trust trustno1 unchanged unknown vista water welcome welcome1 Welcome1212 Welcome123 Welcome1234 welcome2 whatever wicked winter2013 Winter2013 winter2014 Winter2014 winter2015 Winter2015 winter2016 Winter2016 winter2017 Winter2017 xp zxcvbnm brutespray-brutespray-1.8.1/wordlist/smtp/user000066400000000000000000000001431433053574100216550ustar00rootroot00000000000000admin manager root cisco apc pass security user system sys wampp newuser xampp-dav-unsecure vagrantbrutespray-brutespray-1.8.1/wordlist/ssh/000077500000000000000000000000001433053574100205705ustar00rootroot00000000000000brutespray-brutespray-1.8.1/wordlist/ssh/password000066400000000000000000000042251433053574100223600ustar00rootroot00000000000000 111111 123456 12345678 1qaz2wsx 2003 2008 95 98 abc abc123 abcd123 account admin adminadmin administator admins air alpine ascend attack autumn2013 Autumn2013 autumn2014 Autumn2014 autumn2015 Autumn2015 autumn2016 Autumn2016 autumn2017 Autumn2017 ax400 bagabu bankbank baseball basketball bird blablabla blender brightmail burp calvin change changelater changeme changethis Cisco cms500 company company! company1 company1! company123 complex complex1 complex2 complex3 complexpassword database davox dbps default dev devdev devdevdev dirt dragon earth fibranne fire fivranne football goat god guessme honey hugs ibm jstwo kn1TG7psLu letacla letmein login march2011 master microsoft monitor monkey mpegvideo network networking networks NeXT nsi nt owaspbwa P@55w0rd P@55w0rd! par0t pass PassSql12 password password! Password! password1 Password1 Password1! password12 Password12 password123 password2 Password2 permit pixmet2003 powerapp princess private P@ssw0rd P@ssw0rd! P@ssword! qa QNX qwerty qwertyuiop rain resumix !root root ROOT500 rootme rootpass sa sasa secret secret! secret1! secret12 secret1212 secret123 secuirty3 security security1 security3 server snow solo someday spring2013 Spring2013 spring2014 Spring2014 spring2015 Spring2015 spring2016 Spring2016 spring2017 Spring2017 Spring2019 spring2019 Spring2020 spring2020 Spring2021 spring2021 sql sql2000 sql2003 sql2005 sql2008 sql2009 sql2010 sql2011 sqlaccount sqlpass sqlpass123 sqlpassword sqlserver Sqlserver SqlServer sqlserver2000 sqlserver2005 sqlsql sqlsqlsqlsql SQLSQLSQLSQL sqlsqlsqlsqlsql sqlsvr starwars summer2013 Summer2013 summer2014 Summer2014 summer2015 Summer2015 summer2016 Summer2016 summer2017 Summer2017 summer2018 Summer2018 summer2019 Summer2019 summer2020 Summer2021 sysadmin t00lk1t test testing testing123 testsql test-sql3 testtest tini toor trendimsa1.0 trust tslinux turnkey uClinux unchanged unknown vagrant vertex25 vista water welcome welcome1 Welcome1212 Welcome123 Welcome1234 welcome2 wicked winter2013 Winter2013 winter2014 Winter2014 winter2015 Winter2015 winter2016 Winter2016 winter2017 Winter2017 Winter2018 winter2018 Winter2019 winter2019 Winter2020 winter2021 Winter2021 winter2020 xp brutespray-brutespray-1.8.1/wordlist/ssh/user000066400000000000000000000001621433053574100214700ustar00rootroot00000000000000administrator admin manager root cisco apc pass security user system sys wampp newuser xampp-dav-unsecure vagrant brutespray-brutespray-1.8.1/wordlist/svn/000077500000000000000000000000001433053574100206015ustar00rootroot00000000000000brutespray-brutespray-1.8.1/wordlist/svn/password000066400000000000000000000036711433053574100223750ustar00rootroot00000000000000 111111 123456 12345678 1qaz2wsx 2003 2008 95 98 abc abc123 abcd123 account admin adminadmin administator admins air alpine ascend attack autumn2013 Autumn2013 autumn2014 Autumn2014 autumn2015 Autumn2015 autumn2016 Autumn2016 autumn2017 Autumn2017 ax400 bagabu bankbank baseball basketball bird blablabla blender brightmail burp calvin change changelater changeme changethis Cisco cms500 company company! company1 company1! company123 complex complex1 complex2 complex3 complexpassword database davox dbps default dev devdev devdevdev dirt dragon earth fibranne fire fivranne football goat god guessme honey hugs ibm jstwo kn1TG7psLu letacla letmein login march2011 master microsoft monitor monkey mpegvideo network networking networks NeXT nsi nt owaspbwa P@55w0rd P@55w0rd! par0t pass PassSql12 password password! Password! password1 Password1 Password1! password12 Password12 password123 password2 Password2 permit pixmet2003 powerapp princess private P@ssw0rd P@ssw0rd! P@ssword! qa QNX qwerty qwertyuiop rain resumix !root root ROOT500 rootme rootpass sa sasa secret secret! secret1! secret12 secret1212 secret123 secuirty3 security security1 security3 server snow solo someday spring2013 Spring2013 spring2014 Spring2014 spring2015 Spring2015 spring2016 Spring2016 spring2017 Spring2017 sql sql2000 sql2003 sql2005 sql2008 sql2009 sql2010 sql2011 sqlaccount sqlpass sqlpass123 sqlpassword sqlserver Sqlserver SqlServer sqlserver2000 sqlserver2005 sqlsql sqlsqlsqlsql SQLSQLSQLSQL sqlsqlsqlsqlsql sqlsvr starwars summer2013 Summer2013 summer2014 Summer2014 summer2015 Summer2015 summer2016 Summer2016 summer2017 Summer2017 sysadmin t00lk1t test testing testing123 testsql test-sql3 testtest tini toor trendimsa1.0 trust tslinux turnkey uClinux unchanged unknown vagrant vertex25 vista water welcome welcome1 Welcome1212 Welcome123 Welcome1234 welcome2 wicked winter2013 Winter2013 winter2014 Winter2014 winter2015 Winter2015 winter2016 Winter2016 winter2017 Winter2017 xp brutespray-brutespray-1.8.1/wordlist/svn/user000066400000000000000000000001431433053574100215000ustar00rootroot00000000000000admin manager root cisco apc pass security user system sys wampp newuser xampp-dav-unsecure vagrantbrutespray-brutespray-1.8.1/wordlist/telnet/000077500000000000000000000000001433053574100212665ustar00rootroot00000000000000brutespray-brutespray-1.8.1/wordlist/telnet/password000066400000000000000000000043451433053574100230610ustar00rootroot00000000000000 111111 123456 12345678 1qaz2wsx 2003 2008 95 98 abc abc123 abcd123 account admin adminadmin administator admins air alpine ascend attack autumn2013 Autumn2013 autumn2014 Autumn2014 autumn2015 Autumn2015 autumn2016 Autumn2016 autumn2017 Autumn2017 ax400 bagabu bankbank baseball basketball bird blablabla blender brightmail burp calvin change changelater changeme changethis Cisco cms500 company company! company1 company1! company123 complex complex1 complex2 complex3 complexpassword database davox dbps default dev devdev devdevdev dirt dragon earth fibranne fire fivranne football goat god guessme honey hugs ibm jstwo kn1TG7psLu letacla letmein login march2011 master microsoft monitor monkey mpegvideo network networking networks NeXT nsi nt owaspbwa P@55w0rd P@55w0rd! par0t pass PassSql12 password password! Password! password1 Password1 Password1! password12 Password12 password123 password2 Password2 permit pixmet2003 powerapp princess private P@ssw0rd P@ssw0rd! P@ssword! qa QNX qwerty qwertyuiop rain resumix !root root ROOT500 rootme rootpass sa sasa secret secret! secret1! secret12 secret1212 secret123 secuirty3 security security1 security3 server snow solo someday spring2013 Spring2013 spring2014 Spring2014 spring2015 Spring2015 spring2016 Spring2016 spring2017 Spring2017 sql sql2000 sql2003 sql2005 sql2008 sql2009 sql2010 sql2011 sqlaccount sqlpass sqlpass123 sqlpassword sqlserver Sqlserver SqlServer sqlserver2000 sqlserver2005 sqlsql sqlsqlsqlsql SQLSQLSQLSQL sqlsqlsqlsqlsql sqlsvr starwars summer2013 Summer2013 summer2014 Summer2014 summer2015 Summer2015 summer2016 Summer2016 summer2017 Summer2017 sysadmin t00lk1t test testing testing123 testsql test-sql3 testtest tini toor trendimsa1.0 trust tslinux turnkey uClinux unchanged unknown vagrant vertex25 vista water welcome welcome1 Welcome1212 Welcome123 Welcome1234 welcome2 wicked winter2013 Winter2013 winter2014 Winter2014 winter2015 Winter2015 winter2016 Winter2016 winter2017 Winter2017 xp wapnd03cm_dkbs_dap2555 wapnd04cm_dkbs_dap3525 wapnd15_dlob_dap1522b wrgac01_dlob.hans_dir865 wrgg15_di524 wrgg19_c_dlwbr_dir300 wrgn22_dlwbr_dir615 wrgn23_dlwbr_dir300b wrgn23_dlwbr_dir600b wrgn28_dlob_dir412 wrgn39_dlob.hans_dir645 wrgn39_dlob.hans_dir645_V1 wrgn49_dlob_dir600b wrgnd08_dlob_dir815 brutespray-brutespray-1.8.1/wordlist/telnet/user000066400000000000000000000001621433053574100221660ustar00rootroot00000000000000admin manager root cisco apc pass security user system sys wampp newuser xampp-dav-unsecure vagrant Alphanetworks brutespray-brutespray-1.8.1/wordlist/vmauthd/000077500000000000000000000000001433053574100214435ustar00rootroot00000000000000brutespray-brutespray-1.8.1/wordlist/vmauthd/password000066400000000000000000000036711433053574100232370ustar00rootroot00000000000000 111111 123456 12345678 1qaz2wsx 2003 2008 95 98 abc abc123 abcd123 account admin adminadmin administator admins air alpine ascend attack autumn2013 Autumn2013 autumn2014 Autumn2014 autumn2015 Autumn2015 autumn2016 Autumn2016 autumn2017 Autumn2017 ax400 bagabu bankbank baseball basketball bird blablabla blender brightmail burp calvin change changelater changeme changethis Cisco cms500 company company! company1 company1! company123 complex complex1 complex2 complex3 complexpassword database davox dbps default dev devdev devdevdev dirt dragon earth fibranne fire fivranne football goat god guessme honey hugs ibm jstwo kn1TG7psLu letacla letmein login march2011 master microsoft monitor monkey mpegvideo network networking networks NeXT nsi nt owaspbwa P@55w0rd P@55w0rd! par0t pass PassSql12 password password! Password! password1 Password1 Password1! password12 Password12 password123 password2 Password2 permit pixmet2003 powerapp princess private P@ssw0rd P@ssw0rd! P@ssword! qa QNX qwerty qwertyuiop rain resumix !root root ROOT500 rootme rootpass sa sasa secret secret! secret1! secret12 secret1212 secret123 secuirty3 security security1 security3 server snow solo someday spring2013 Spring2013 spring2014 Spring2014 spring2015 Spring2015 spring2016 Spring2016 spring2017 Spring2017 sql sql2000 sql2003 sql2005 sql2008 sql2009 sql2010 sql2011 sqlaccount sqlpass sqlpass123 sqlpassword sqlserver Sqlserver SqlServer sqlserver2000 sqlserver2005 sqlsql sqlsqlsqlsql SQLSQLSQLSQL sqlsqlsqlsqlsql sqlsvr starwars summer2013 Summer2013 summer2014 Summer2014 summer2015 Summer2015 summer2016 Summer2016 summer2017 Summer2017 sysadmin t00lk1t test testing testing123 testsql test-sql3 testtest tini toor trendimsa1.0 trust tslinux turnkey uClinux unchanged unknown vagrant vertex25 vista water welcome welcome1 Welcome1212 Welcome123 Welcome1234 welcome2 wicked winter2013 Winter2013 winter2014 Winter2014 winter2015 Winter2015 winter2016 Winter2016 winter2017 Winter2017 xp brutespray-brutespray-1.8.1/wordlist/vmauthd/user000066400000000000000000000001431433053574100223420ustar00rootroot00000000000000admin manager root cisco apc pass security user system sys wampp newuser xampp-dav-unsecure vagrantbrutespray-brutespray-1.8.1/wordlist/vnc/000077500000000000000000000000001433053574100205615ustar00rootroot00000000000000brutespray-brutespray-1.8.1/wordlist/vnc/password000066400000000000000000000036711433053574100223550ustar00rootroot00000000000000 111111 123456 12345678 1qaz2wsx 2003 2008 95 98 abc abc123 abcd123 account admin adminadmin administator admins air alpine ascend attack autumn2013 Autumn2013 autumn2014 Autumn2014 autumn2015 Autumn2015 autumn2016 Autumn2016 autumn2017 Autumn2017 ax400 bagabu bankbank baseball basketball bird blablabla blender brightmail burp calvin change changelater changeme changethis Cisco cms500 company company! company1 company1! company123 complex complex1 complex2 complex3 complexpassword database davox dbps default dev devdev devdevdev dirt dragon earth fibranne fire fivranne football goat god guessme honey hugs ibm jstwo kn1TG7psLu letacla letmein login march2011 master microsoft monitor monkey mpegvideo network networking networks NeXT nsi nt owaspbwa P@55w0rd P@55w0rd! par0t pass PassSql12 password password! Password! password1 Password1 Password1! password12 Password12 password123 password2 Password2 permit pixmet2003 powerapp princess private P@ssw0rd P@ssw0rd! P@ssword! qa QNX qwerty qwertyuiop rain resumix !root root ROOT500 rootme rootpass sa sasa secret secret! secret1! secret12 secret1212 secret123 secuirty3 security security1 security3 server snow solo someday spring2013 Spring2013 spring2014 Spring2014 spring2015 Spring2015 spring2016 Spring2016 spring2017 Spring2017 sql sql2000 sql2003 sql2005 sql2008 sql2009 sql2010 sql2011 sqlaccount sqlpass sqlpass123 sqlpassword sqlserver Sqlserver SqlServer sqlserver2000 sqlserver2005 sqlsql sqlsqlsqlsql SQLSQLSQLSQL sqlsqlsqlsqlsql sqlsvr starwars summer2013 Summer2013 summer2014 Summer2014 summer2015 Summer2015 summer2016 Summer2016 summer2017 Summer2017 sysadmin t00lk1t test testing testing123 testsql test-sql3 testtest tini toor trendimsa1.0 trust tslinux turnkey uClinux unchanged unknown vagrant vertex25 vista water welcome welcome1 Welcome1212 Welcome123 Welcome1234 welcome2 wicked winter2013 Winter2013 winter2014 Winter2014 winter2015 Winter2015 winter2016 Winter2016 winter2017 Winter2017 xp brutespray-brutespray-1.8.1/wordlist/vnc/user000066400000000000000000000001631433053574100214620ustar00rootroot00000000000000 administrator admin manager root cisco apc pass security user system sys wampp newuser xampp-dav-unsecure vagrant