BruteX v1.3 by 1N3@CrowdShield

9ICE111 · Dec 25, 2015 · 12d3f0b · 12d3f0b
1 parent 0420df0
commit 12d3f0b
Show file tree

Hide file tree

Showing 15 changed files with 3,227 additions and 63 deletions.
diff --git a/README.md b/README.md
@@ -1,30 +1,35 @@
-# BruteX v1.2 by 1N3 @ CrowdShield
-# https://crowdshield.com
-#
+# BruteX v1.3 by 1N3 @ CrowdShield
+https://crowdshield.com
 
-Automatically brute force all services running on a target including:
+##Automatically brute force all services running on a target
 
-- Open ports
-- DNS domains
-- Usernames
-- Passwords
+* Open ports
+* DNS domains
+* Usernames
+* Passwords
 
-USAGE:
+##USAGE:
+```
 ./brutex target <port>
-
-DEPENDENCIES:
-
-- NMap
-- Hydra
-- SNMPWalk
-- DNSEnum
-
-CHANGELOG:
-- 20150915 - v1.2 adds dnsenum / removes DNSDict6 as no longer supported on Kali 2.0
-- 20150904 - v1.2 removed wfuzz web file brute forcing as it was too error prone and noisy
-- 20150904 - v1.2 adds the ability to specify a port to target (ie. 23 for telnet) to automatically brute force
-- 20150904 - v1.2 added additional ports to scan and brute force
-- 20150904 - v1.2 added additional default users to brute force
+```
+
+##DEPENDENCIES:
+```
+* NMap
+* Hydra
+* SNMPWalk
+* DNSEnum
+```
+
+##CHANGELOG:
+* v1.3 added faster scan options for nmap
+* v1.3 revised password brute force lists for more efficient service brute forcing
+* v1.3 added wordlist directory with new wordlist selections
+* v1.2 adds dnsenum / removes DNSDict6 as no longer supported on Kali 2.0
+* v1.2 removed wfuzz web file brute forcing as it was too error prone and noisy
+* v1.2 adds the ability to specify a port to target (ie. 23 for telnet) to automatically brute force
+* v1.2 added additional ports to scan and brute force
+* v1.2 added additional default users to brute force
 
 To brute force multiple hosts, use brutex-massscan and include the IP's/hostnames to scan in the targets.txt file.
 

diff --git a/brutex b/brutex
@@ -1,5 +1,5 @@
 #!/bin/bash
-# BruteX v1.2 by 1N3
+# BruteX v1.3 by 1N3
 # http://crowdshield.com
 #
 # ABOUT:
@@ -21,10 +21,15 @@
 TARGET="$1"
 PORT="$2"
 LOOT_DIR=loot
-USER_FILE="simple-users.txt"
-PASS_FILE="password.lst"
-DNS_FILE="namelist.txt"
-SNMP_FILE="snmp-strings.txt"
+FTP_USER_PASS="wordlists/ftp-default-userpass.txt"
+MYSQL_USER_PASS="wordlists/mssql-default-userpass.txt"
+ORACLE_USER_PASS="wordlists/oracle-default-userpass.txt"
+POSTGRES_USER_PASS="wordlists/postgres-default-userpass.txt"
+WINDOWS_USER_LIST="wordlists/windows-users.txt"
+USER_FILE="wordlists/simple-users.txt"
+PASS_FILE="wordlists/password.lst"
+DNS_FILE="wordlists/namelist.txt"
+SNMP_FILE="wordlists/snmp-strings.txt"
 HTTP_LOCATION="/"
 THREADS="30"
 COLOR1='\033[91m'
@@ -43,7 +48,7 @@ if [ -z $TARGET ]; then
 	echo -e "$COLOR1  |______  / |__|  |____/ |__|  \___  >___/\  \ $RESET"
 	echo -e "$COLOR1         \/                         \/      \_/$RESET"
 	echo ""
-	echo -e "$COLOR1 + -- --=[BruteX v1.2 by 1N3$RESET"
+	echo -e "$COLOR1 + -- --=[BruteX v1.3 by 1N3$RESET"
 	echo -e "$COLOR1 + -- --=[http://crowdshield.com$RESET"
 	echo -e "$COLOR1 + -- --=[Usage: brutex <target> <port>"
 	echo -e "$RESET"
@@ -59,15 +64,15 @@ echo -e "$COLOR1  |    |   \ |  | \/  |  /|  | \  ___/ /     \ $RESET"
 echo -e "$COLOR1  |______  / |__|  |____/ |__|  \___  >___/\  \ $RESET"
 echo -e "$COLOR1         \/                         \/      \_/$RESET"
 echo ""
-echo -e "$COLOR1 + -- --=[BruteX v1.2 by 1N3$RESET"
+echo -e "$COLOR1 + -- --=[BruteX v1.3 by 1N3$RESET"
 echo -e "$COLOR1 + -- --=[http://crowdshield.com$RESET"
 echo ""
 echo ""
 
 echo -e "$COLOR3################################### Running Port Scan ##############################$RESET"
 if [ -z "$PORT" ] 
 then
-	nmap -T4 --open $TARGET -oX $LOOT_DIR/nmap-$TARGET.xml
+	nmap -T4 --open $TARGET -p21,22,23,25,53,80,110,139,162,389,443,445,512,513,514,993,1433,1521,3306,3389,5432,5900,5901,8000,8080,6667 -oX $LOOT_DIR/nmap-$TARGET.xml
 else
 	nmap -T4 --open $TARGET -p $PORT -oX $LOOT_DIR/nmap-$TARGET.xml
 fi
@@ -90,6 +95,7 @@ port_513=`grep 'portid="513"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
 port_512=`grep 'portid="514"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
 port_993=`grep 'portid="993"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
 port_1433=`grep 'portid="1433"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
+port_1433=`grep 'portid="1521"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
 port_3306=`grep 'portid="3306"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
 port_3389=`grep 'portid="3389"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
 port_5432=`grep 'portid="5432"' $LOOT_DIR/nmap-$TARGET.xml | grep open`
@@ -104,7 +110,7 @@ then
 	echo -e "$COLOR1 + -- --=[Port 21 closed... skipping.$RESET"
 else
 	echo -e "$COLOR2 + -- --=[Port 21 opened... running tests...$RESET"	
-	hydra -L $USER_FILE -P $PASS_FILE $TARGET ftp -t $THREADS -e ns
+	hydra -C $FTP_USER_PASS $TARGET ftp -t $THREADS -e ns
 fi
 
 if [ -z "$port_22" ]
@@ -153,16 +159,16 @@ then
 	echo -e "$COLOR1 + -- --=[Port 139 closed... skipping.$RESET"
 else
 	echo -e "$COLOR2 + -- --=[Port 139 opened... running tests...$RESET"
-	hydra -L $USER_FILE -P $PASS_FILE $TARGET smb -S 139 -t $THREADS -e ns
+	hydra -L $WINDOWS_USER_LIST -P $PASS_FILE $TARGET smb -S 139 -t $THREADS -e ns
 fi
 
 if [ -z "$port_389" ]
 then
 	echo -e "$COLOR1 + -- --=[Port 389 closed... skipping.$RESET"
 else
 	echo -e "$COLOR2 + -- --=[Port 389 opened... running tests...$RESET"
-	hydra -L $USER_FILE -P $PASS_FILE $TARGET ldap2 -S 389 -t $THREADS -e ns
-	hydra -L $USER_FILE -P $PASS_FILE $TARGET ldap3 -S 389 -t $THREADS -e ns
+	hydra -L $WINDOWS_USER_LIST -P $PASS_FILE $TARGET ldap2 -S 389 -t $THREADS -e ns
+	hydra -L $WINDOWS_USER_LIST -P $PASS_FILE $TARGET ldap3 -S 389 -t $THREADS -e ns
 fi
 
 if [ -z "$port_443" ]
@@ -178,7 +184,7 @@ then
 	echo -e "$COLOR1 + -- --=[Port 445 closed... skipping.$RESET"
 else
 	echo -e "$COLOR2 + -- --=[Port 445 opened... running tests...$RESET"
-	hydra -L $USER_FILE -P $PASS_FILE $TARGET smb -S 445 -t $THREADS -e ns 
+	hydra -L $WINDOWS_USER_LIST -P $PASS_FILE $TARGET smb -S 445 -t $THREADS -e ns 
 fi
 
 if [ -z "$port_512" ]
@@ -218,31 +224,39 @@ then
 	echo -e "$COLOR1 + -- --=[Port 1433 closed... skipping.$RESET"
 else
 	echo -e "$COLOR2 + -- --=[Port 1433 opened... running tests...$RESET"
-	hydra -L $USER_FILE -P $PASS_FILE $TARGET mssql -S 1433 -t $THREADS -e ns 
+	hydra -L $WINDOWS_USER_LIST -P $PASS_FILE $TARGET mssql -S 1433 -t $THREADS -e ns 
+fi
+
+if [ -z "$port_1521" ]
+then
+	echo -e "$COLOR1 + -- --=[Port 1521 closed... skipping.$RESET"
+else
+	echo -e "$COLOR2 + -- --=[Port 1521 opened... running tests...$RESET"
+	hydra -C $ORACLE_USER_PASS $TARGET oracle -S 1521 -t $THREADS -e ns 
 fi
 
 if [ -z "$port_3306" ]
 then
 	echo -e "$COLOR1 + -- --=[Port 3306 closed... skipping.$RESET"
 else
 	echo -e "$COLOR2 + -- --=[Port 3306 opened... running tests...$RESET"
-	hydra -L $USER_FILE -P $PASS_FILE $TARGET mysql -t $THREADS -e ns
+	hydra -C $MYSQL_USER_PASS $TARGET mysql -t $THREADS -e ns
 fi
 
 if [ -z "$port_3389" ]
 then
 	echo -e "$COLOR1 + -- --=[Port 3389 closed... skipping.$RESET"
 else
 	echo -e "$COLOR2 + -- --=[Port 3389 opened... running tests...$RESET"
-	hydra -L $USER_FILE -P $PASS_FILE $TARGET rdp -t $THREADS -e ns
+	hydra -L $WINDOWS_USER_LIST -P $PASS_FILE $TARGET rdp -t $THREADS -e ns
 fi
 
 if [ -z "$port_5432" ]
 then
 	echo -e "$COLOR1 + -- --=[Port 5432 closed... skipping.$RESET"
 else
 	echo -e "$COLOR2 + -- --=[Port 5432 opened... running tests...$RESET"
-	hydra -L $USER_FILE -P $PASS_FILE $TARGET postgres -t $THREADS -e ns
+	hydra -C $POSTGRES_USER_PASS $TARGET postgres -t $THREADS -e ns
 fi
 
 if [ -z "$port_5900" ]

diff --git a/loot/README.md b/loot/README.md
@@ -1,30 +1,35 @@
-# BruteX v1.2 by 1N3 @ CrowdShield
-# https://crowdshield.com
-#
+# BruteX v1.3 by 1N3 @ CrowdShield
+https://crowdshield.com
 
-Automatically brute force all services running on a target including:
+##Automatically brute force all services running on a target
 
-- Open ports
-- DNS domains
-- Usernames
-- Passwords
+* Open ports
+* DNS domains
+* Usernames
+* Passwords
 
-USAGE:
+##USAGE:
+```
 ./brutex target <port>
-
-DEPENDENCIES:
-
-- NMap
-- Hydra
-- SNMPWalk
-- DNSEnum
-
-CHANGELOG:
-- 20150915 - v1.2 adds dnsenum / removes DNSDict6 as no longer supported on Kali 2.0
-- 20150904 - v1.2 removed wfuzz web file brute forcing as it was too error prone and noisy
-- 20150904 - v1.2 adds the ability to specify a port to target (ie. 23 for telnet) to automatically brute force
-- 20150904 - v1.2 added additional ports to scan and brute force
-- 20150904 - v1.2 added additional default users to brute force
+```
+
+##DEPENDENCIES:
+```
+* NMap
+* Hydra
+* SNMPWalk
+* DNSEnum
+```
+
+##CHANGELOG:
+* v1.3 added faster scan options for nmap
+* v1.3 revised password brute force lists for more efficient service brute forcing
+* v1.3 added wordlist directory with new wordlist selections
+* v1.2 adds dnsenum / removes DNSDict6 as no longer supported on Kali 2.0
+* v1.2 removed wfuzz web file brute forcing as it was too error prone and noisy
+* v1.2 adds the ability to specify a port to target (ie. 23 for telnet) to automatically brute force
+* v1.2 added additional ports to scan and brute force
+* v1.2 added additional default users to brute force
 
 To brute force multiple hosts, use brutex-massscan and include the IP's/hostnames to scan in the targets.txt file.
 

diff --git a/wordlists/ftp-default-userpass.txt b/wordlists/ftp-default-userpass.txt
@@ -0,0 +1,10 @@
+anonymous:anonymous
+anonymous:[email protected]
+admin:admin
+admin:password
+ftp:ftp
+ftp:password
+guest:guest
+root:root
+root:toor
+test:test
diff --git a/wordlists/mssql-default-userpass.txt b/wordlists/mssql-default-userpass.txt
@@ -0,0 +1,3 @@
+sa:
+sa:sa
+sa:password
diff --git a/wordlists/mysql-default-userpass.txt b/wordlists/mysql-default-userpass.txt
@@ -0,0 +1,3 @@
+root:
+root:password
+root:mysql