Welcome to the brutus project repo! Brutus is a fast and simple way to bruteforce authentication on network services such as SSH, FTP, IMAP, and more.
If you have any suggestions, feedback, issues, etc... feel free to reach out or create an issue or pull request.
- Features
- Pre-Requisites
- Usage
- Demo
- Troubleshooting
- How to protect yourself?
- Contributing
- Disclaimer
- Acknowledgement
- Contact
The tool currently supports the following services:
- HTTP BASIC
- SSH
- FTP
- IMAP
- SMTP
- MySQL
Clone the repository to your machine:
git clone https://github.com/shehzade/brutus.git
Install dependencies:
pip3 install -r requirements.txt
python3 brutus.py [-m _EXECUTION_MODE] [-t _TARGET_IP] [-p _TARGET_PORT] [-d _TARGET_DIR] [-U _USER_LIST] [-P _PASS_LIST]
options:
-h, --help show this help message and exit
-m _EXECUTION_MODE Execution Mode [ftp | basic | ssh | imap]
-t _TARGET_IP IP address of the target (i.e. 192.168.22.100)
-p _TARGET_PORT Port of the network service (i.e. 22)
-d _TARGET_DIR Sub-directory path requiring BASIC authentication (i.e. /manager/html)
-U _USER_LIST Path to username list (i.e. /root/users.txt)
-P _PASS_LIST Path to password list (i.e. /
Tomcat Example: python3 brutus.py -m basic -t 192.168.100.200 -p 8080 -d /manager/html -U usernames.txt -P passwords.txt
SSH Server Example: python3 brutus.py -m ssh -t 192.168.200.100 -p 2222 -U usernames.txt -P passwords.txt
Coming soon!
If you encounter any issues, please raise them here in this repository.
- Implement account lockouts
- Blacklist malicious IP addresses
- Have a strong password policy
When contributing to this repository, please discuss the changes you wish to make via issue, email, or LinkedIn.
This project is only for educational purposes. Any kind of bad behavior conducted with this project is the user's own responsibility. I hereby forfeit responsiblity for any illegal actions.
This project was born from a capstone excercise in TCM's Python 101 course but was overhauled to incorporate some new ideas I had and new skills I had learned.
Author - Abdullah Ansari ©
Contact Info - Email