How to do it...

Let's perform the following steps:

  1. Run the following command to install brutespray on Kali:
apt install brutespray

The following screenshot shows the output of the preceding command:

  1. Once it is installed, we can run the tool with the -h flag to view the list of all features.
  2. To run a default brute force on all of the services that were discovered by a previously run Nmap scan, we can use the following command:
brutespray --file scan.xml --threads 5

The following screenshot shows the output of the preceding command:

  1. To run the tool on one particular service, we can use the -s flag and define the service we want to perform a brute force attack on. In the following example, we will use the Nmap scan that was done on a host and only check the default credentials on the FTP service:
brutespray -file scan.xml -t 5 -s ftp

The following screenshot shows the output of the preceding command:

In the preceding screenshot, we can see that the FTP allows anonymous login, which is why the tool gave a success output for the credentials that were shown.

上一章目录下一章