Configuration

Brutus supports configuration via CLI flags, environment variables, and the Go library API.

CLI Reference

Usage: brutus [options]

Target Options

Flag	Description
`-target`	Target host:port (e.g., `192.168.1.100:22`)
`--stdin`	Read targets from stdin (fingerprintx JSON format)

Protocol Options

Flag	Description
`-protocol`	Protocol to test (e.g., `ssh`, `mysql`). Auto-detected in `--stdin` mode.

Credential Options

Flag	Short	Description
`-user`	`-u`	Comma-separated usernames (default: `root,admin`)
`-pass`	`-p`	Comma-separated passwords
`-users`	`-U`	File containing usernames (one per line)
`-passwords`	`-P`	File containing passwords (one per line)
`-k`		SSH private key file path
`--defaults`		Use protocol-specific default credentials
`--badkeys`		Test embedded SSH bad keys

Performance Options

Flag	Short	Description	Default
`-threads`	`-t`	Concurrent threads	`10`
`--timeout`		Per-credential timeout	`10s`
`--stop-on-success`		Stop after first valid credential	`true`

LLM Options

Flag	Description
`--llm`	LLM provider: `claude` or `deepseek`
`--llm-key`	LLM API key (or use environment variable)

SNMP Options

Flag	Description	Default
`--snmp-tier`	Community string tier: `default`, `extended`, `full`	`default`

Output Options

Flag	Short	Description
`--json`		JSON output format
`-output`	`-o`	Write results to file
`-verbose`	`-v`	Verbose output
`-quiet`	`-q`	Suppress banner and progress
`--version`		Print version and exit

Environment Variables

LLM API Keys

export ANTHROPIC_API_KEY="sk-ant-..."   # Claude (auto-detected)
export DEEPSEEK_API_KEY="..."           # DeepSeek (auto-detected)

Auto-detection priority (when --llm not set):

ANTHROPIC_API_KEY -> claude
DEEPSEEK_API_KEY -> deepseek
Neither -> LLM disabled

Exit Codes

Code	Meaning
0	At least one valid credential found
1	No valid credentials found or error

Usage Examples

# Single credential test
brutus -target 10.0.0.1:22 -protocol ssh -u root -p toor

# Default credentials
brutus -target 10.0.0.1:3306 -protocol mysql --defaults

# Password file
brutus -target 10.0.0.1:22 -protocol ssh -u root -P passwords.txt

# Bad keys
brutus -target 10.0.0.1:22 -protocol ssh --badkeys

# LLM-powered HTTP testing
export DEEPSEEK_API_KEY="your-key"
brutus -target 10.0.0.1:80 -protocol http --defaults

# Pipeline mode
naabu -host 10.0.0.0/24 -silent | fingerprintx | brutus --stdin --defaults --json

# JSON filtering
brutus --stdin --defaults --json | jq '.[] | select(.success == true)'

Library API

Basic Usage

import (
    "github.com/praetorian-inc/brutus/pkg/brutus"
    _ "github.com/praetorian-inc/brutus/internal/plugins"
)

config := &brutus.Config{
    Target:        "192.168.1.100:22",
    Protocol:      "ssh",
    Usernames:     []string{"root", "admin"},
    Passwords:     []string{"password", "admin", "toor"},
    Timeout:       5 * time.Second,
    Threads:       10,
    StopOnSuccess: true,
}

results, err := brutus.Brute(config)

With LLM

config.LLMConfig = &brutus.LLMConfig{
    Enabled:  true,
    Provider: "deepseek",
    APIKey:   os.Getenv("DEEPSEEK_API_KEY"),
}

With Bad Keys

import "github.com/praetorian-inc/brutus/pkg/badkeys"

config := &brutus.Config{
    Target:    "192.168.1.100:22",
    Protocol:  "ssh",
    Usernames: badkeys.GetUsernames(),
    Keys:      badkeys.GetKeys(),
}

Querying Plugins

protocols := brutus.ListPlugins()   // List all registered protocols
plugin, err := brutus.GetPlugin("ssh")  // Get specific plugin

Build Configuration

make build          # Standard (no RDP, no CGO)
make build-rdp      # With RDP (requires Rust + CGO)
make build-all      # Cross-platform (Linux, macOS, Windows)
make test           # Run tests with race detector
make lint           # Run linter