brut3k1t - Server side brute force module.

brut3k1t – Server side brute force module.

brut3k1t is a server-side bruteforce module that supports dictionary attacks for several protocols. The current protocols that are complete and in support are:
+ ssh
+ ftp
+ smtp
+ instagram
+ facebook



* If you do not supply the port -p flag, the default port for that service will be used. You do not need to provide it for Facebook and Instagram, since they are um… web-based. 🙂
* If you do not supply the delay -d flag, the default delay in seconds will be 1.
* Remember, use the SMTP server address and XMPP server address for the address -a flag, when cracking SMTP and XMPP, respectively.
* Facebook requires the username ID. This is a little bit of a setback since some people do not display their ID publicly on their profile.
* Make sure the wordlist and its directory is specified. If it is in /usr/local/wordlists/wordlist.txt specify that for the wordlist -w flag.
* Remember that some protocols are not based on their default port. A FTP server will not necessarily always be on port 21. Please keep that in mind.
* Use this for educational and ethical hacking purposes, as well as the sake of learning code and security-oriented practices. No script kiddies!

Use & download: