search

blacklanternsecurity / bbot

A recursive internet scanner for hackers.
https://www.blacklanternsecurity.com/bbot/
GNU General Public License v3.0
4.03k stars 371 forks source link

Add Hydra for ssh,RDP and basic auth brute forcing #1183

Open specters312 opened 3 months ago

specters312 commented 3 months ago

Pretty much being able to identify ports that have login functions and kick off default cred spraying would be a nice touch for this tool I feel.

TheTechromancer commented 3 months ago

This is a good idea and definitely a task that needs doing. Here are a couple relevant discussions:

The fingerprintx currently does a pretty good job of detecting what protocol is running on an open port. When it comes to writing a brute-force module, my hope would be that we could have a dedicated module for each protocol. This would help keep things simple and allow us to give special attention to each one, making sure it worked well and had a quality wordlist specific to that service.

@specters312 you wanna take a stab at writing a module? It could be fun ;)

TheTechromancer commented 3 months ago

Discovered this tool today: https://github.com/evilsocket/legba

If it's good quality (i.e. better than patator/hydra, not exactly a high bar), it could be a BBOT module.

@specters312 have you tried Legba?

specters312 commented 2 months ago

I have not this is exactly what I am looking for though thank you!

TheTechromancer commented 2 months ago

No problem @specters312. If you have questions about the module writing process, feel free to ask here or ping me on discord.

specters312 commented 2 months ago

Will do thank you!