Module for SSH/RDP/HTTP auth brute forcing

[specters312]

Pretty much being able to identify ports that have login functions and kick off default cred spraying would be a nice touch for this tool I feel.

[TheTechromancer]

This is a good idea and definitely a task that needs doing. Here are a couple relevant discussions:

• Module: Default Credential Scanning #727
• Module: Basic Auth #1143

The fingerprintx currently does a pretty good job of detecting what protocol is running on an open port. When it comes to writing a brute-force module, my hope would be that we could have a dedicated module for each protocol. This would help keep things simple and allow us to give special attention to each one, making sure it worked well and had a quality wordlist specific to that service.

@specters312 you wanna take a stab at writing a module? It could be fun ;)

[TheTechromancer]

Discovered this tool today:
https://github.com/evilsocket/legba

If it's good quality (i.e. better than patator/hydra, not exactly a high bar), it could be a BBOT module.

@specters312 have you tried Legba?

[specters312]

I have not this is exactly what I am looking for though thank you!

[TheTechromancer]

No problem @specters312. If you have questions about the module writing process, feel free to ask here or ping me on discord.

[specters312]

Will do thank you!