.\" generated with Ronn-NG/v0.9.1
.\" http://github.com/apjanke/ronn-ng/tree/0.9.1
.TH "BRUTESPRAY" "8" "September 2023" ""
.SH "NAME"
\fBbrutespray\fR \- Python bruteforce tool
.SH "SYNOPSIS"
\fBbrutespray\fR [Usage]: brutespray [\-h] \-f FILE [\-o OUTPUT] [\-s SERVICE] [\-t THREADS] [\-T HOSTS] [\-U USERLIST] [\-P PASSLIST] [\-u USERNAME] [\-p PASSWORD] [\-c] [\-i] [\-C HOST:USERNAME:PASSWORD] [\-v LEVEL] [\-w LEVEL]\.
.SH "DESCRIPTION"
BruteSpray takes nmap GNMAP/JSON/XML output and automatically brute\-forces services with default credentials using Medusa\.
.P
BruteSpray can even find non\-standard ports by using the \-sV inside Nmap\.
.IP "\[ci]" 4
\fB\-f\fR FILE, \fB\-\-file\fR FILE
.br
GNMAP, JSON or XML file to parse
.IP "\[ci]" 4
\fB\-o\fR OUTPUT, \fB\-\-output\fR OUTPUT
.br
Directory containing successful attempts
.IP "\[ci]" 4
\fB\-s\fR SERVICE, \fB\-\-service\fR SERVICE
.br
Specify service to attack
.IP "\[ci]" 4
\fB\-t\fR THREADS, \fB\-\-threads\fR THREADS
.br
Number of medusa threads
.IP "\[ci]" 4
\fB\-T\fR HOSTS, \fB\-\-hosts\fR HOSTS
.br
Number of hosts to test concurrently
.IP "\[ci]" 4
\fB\-U\fR USERLIST, \fB\-\-userlist\fR USERLIST
.br
Reference a custom username file
.IP "\[ci]" 4
\fB\-P\fR PASSLIST, \fB\-\-passlist\fR PASSLIST
.br
Reference a custom password file
.IP "\[ci]" 4
\fB\-u\fR USERNAME, \fB\-\-username\fR USERNAME
.br
Specify a single username
.IP "\[ci]" 4
\fB\-p\fR PASSWORD, \fB\-\-password\fR PASSWORD
.br
Specify a single password
.IP "\[ci]" 4
\fB\-c\fR, \fB\-\-continuous\fR
.br
Keep brute\-forcing after success
.IP "\[ci]" 4
\fB\-C\fR HOST:USERNAME:PASSWORD, \fB\-\-combo\fR HOST:USERNAME:PASSWORD
.br
Specify a combo input (host:username:password)
.IP "\[ci]" 4
\fB\-i\fR, \fB\-\-interactive\fR
.br
Interactive mode
.IP "\[ci]" 4
\fB\-v\fR LEVEL, \fB\-\-verbose\fR LEVEL
.br
Verbose output from medusa\. Can be set from 0 to 6 (default to 5)
.IP "\[ci]" 4
\fB\-w\fR LEVEL, \fB\-\-debug\fR LEVEL
.br
Debug error output from medusa\. Can be set from 0 to 10 (default to 5)
.IP "" 0
.P
Commands:
.IP "\[ci]" 4
brutespray \-h
.IP "\[ci]" 4
brutespray \-\-file nmap\.gnmap
.IP "\[ci]" 4
brutespray \-\-file nmap\.xml
.IP "\[ci]" 4
brutespray \-\-file nmap\.xml \-i
.IP "" 0
.SH "EXAMPLES"
.TP
Nmap network scanning example:
.br
nmap \-sS \-sV 192\.168\.0\.0/24 \-vv \-n \-oA mynetwork

.TP
Using Custom Wordlists:
.br
brutespray \-\-file mynetwork\.gnmap \-U /usr/share/brutespray/wordlist/user\.txt \-P /usr/share/brutespray/wordlist/pass\.txt \-\-threads 5 \-\-hosts 5

.TP
Brute\-Forcing Specific Services:
.br
brutespray \-\-file mynetwork\.gnmap \-\-service ftp,ssh,telnet \-\-threads 5 \-\-hosts 5

.TP
Specific Credentials:
.br
brutespray \-\-file mynetwork\.gnmap \-u admin \-p password \-\-threads 5 \-\-hosts 5

.TP
Continue After Success:
.br
brutespray \-\-file mynetwork\.gnmap \-\-threads 5 \-\-hosts 5 \-c

.TP
Use Nmap XML Output:
.br
brutespray \-\-file mynetwork\.xml \-\-threads 5 \-\-hosts 5

.TP
Interactive Mode:
.br
brutespray \-\-file mynetwork\.xml \-i

.SH "SEE ALSO"
.IP "\[ci]" 4
On github \fIhttps://github\.com/x90skysn3k/brutespray\fR
.IP "\[ci]" 4
nmap(1)
.IP "" 0
.SH "MANPAGE AUTHOR"
Stephane Neveu \fIstefneveu@gmail\.com\fR