How to use nmap to brutforce login

How to use nmap to brutforce login.


don’t send too many requests per second if the site has an anti-bot plugin or something like that it will block your IP.

1 Like

if you check /usr/share/nmap/scripts/ you will find all scripts for nmap you can use if you filter these -─[[email protected]]─[/usr/share/nmap/scripts]

└──╼ $ls /usr/share/nmap/scripts/ | grep brute

you will get list of brutforcing scripts along with service names as follow

afp-brute.nse ajp-brute.nse backorifice-brute.nse cassandra-brute.nse cics-user-brute.nse citrix-brute-xml.nse cvs-brute.nse cvs-brute-repository.nse deluge-rpc-brute.nse dicom-brute.nse dns-brute.nse domcon-brute.nse dpap-brute.nse drda-brute.nse ftp-brute.nse http-brute.nse http-form-brute.nse http-iis-short-name-brute.nse http-joomla-brute.nse http-proxy-brute.nse http-wordpress-brute.nse iax2-brute.nse imap-brute.nse informix-brute.nse ipmi-brute.nse irc-brute.nse irc-sasl-brute.nse iscsi-brute.nse ldap-brute.nse membase-brute.nse metasploit-msgrpc-brute.n

example –

nmap --script ssh-brute -p22 --script-args userdb=users.txt,passdb=passwords.txt

you can use above command to brutforce ssh similarly you can use for other services also