Mass-Bruter - Mass Bruteforce Network Protocols

KoreanHackerTeam · 25nj

AVvXsEh6FEBpSGqJg2PS1eZJ7MkaQbPTCyjShGVpTI3tIB-23t2YeNYBuohAIH_IPbjV_sp0pRKoINdY2R9YJFZhr8HTLlneE2bWCvTm-r1w0RCZKEUm9yJ9PM2aL2CiMIbH-1JfAvzz0dLTj1nhAT-KXWIqQN2S9w1YOydyqHHupYDnrK9czx9f1azSzgVE2LHw=w640-h314

Mass bruteforce network protocols

Info

Simple personal script to quickly mass bruteforce common services in a large scale of network.
It will check for default credentials on ftp, ssh, mysql, mssql...etc.
This was made for authorized red team penetration testing purpose only.

How it works

Use masscan(faster than nmap) to find alive hosts with common ports from network segment.
Parse ips and ports from masscan result.
Craft and run hydra commands to automatically bruteforce supported network services on devices.

Requirements

Kali linux or any preferred linux distribution
Python 3.10+

코드:

# Clone the repo
git clone https://github.com/opabravo/mass-bruter
cd mass-bruter

# Install required tools for the script
apt update && apt install seclists masscan hydra

How To Use

Private ip range : 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12

Save masscan results under ./result/masscan/, with the format masscan_<name>.<ext>
Ex: masscan_192.168.0.0-16.txt
Example command:

masscan -p 3306,1433,21,22,23,445,3389,5900,6379,27017,5432,5984,11211,9200,1521 172.16.0.0/12 | tee ./result/masscan/masscan_test.txt

Example Resume Command:
masscan --resume paused.conf | tee -a ./result/masscan/masscan_test.txt

Command Options
Bruteforce Script Options: -q, --quick Quick mode (Only brute telnet, ssh, ftp , mysql, mssql, postgres, oracle) -a, --all Brute all services(Very Slow) -s, --show Show result with successful login -f, --file-path PATH The directory or file that contains masscan result [default: ./result/masscan/] --help Show this message and exit." dir="auto">

코드:

┌──(root㉿root)-[~/mass-bruter]
└─# python3 mass_bruteforce.py
Usage:  [OPTIONS]

  Mass Bruteforce Script

Options:
  -q, --quick           Quick mode (Only brute telnet, ssh, ftp , mysql,
                        mssql, postgres, oracle)
  -a, --all             Brute all services(Very Slow)
  -s, --show            Show result with successful login
  -f, --file-path PATH  The directory or file that contains masscan result
                        [default: ./result/masscan/]
  --help                Show this message and exit.

Quick Bruteforce Example:
python3 mass_bruteforce.py -q -f ~/masscan_script.txt

Fetch cracked credentials:
python3 mass_bruteforce.py -s

AVvXsEjjUSp0v-ah2RZbXevgHj57tov2xD4PKRRRk5P3x0JwPvSrO4lhmQhNLS5uEUxcDwAe05yFB-eRok2NKTQrSQmnx80An0l_dF9o58QrFFGZFyGgK2UDTzC48HsxVbHGn3rEYri64PeoEn1YNgf1qDOPoU_4JCQWkMfMueKojyK5btaw-GX_y2JJpPuPq34j=w640-h246

Todo

Migrate with dpl4hydra
Optimize the code and functions
MultiProcessing

Any contributions are welcomed!

Mass-Bruter - Mass Bruteforce Network Protocols

Info​

How it works​

Requirements​

How To Use​

Todo​

Info

How it works

Requirements

How To Use

Todo