nikit0s/brutus
1
0
Fork 0
mirror of https://github.com/praetorian-inc/brutus.git synced 2026-06-20 09:27:34 +00:00
Code Issues Projects Releases Packages Wiki Activity
Page: Home
Pages
Architecture Bad Keys Configuration Home LLM Analyzers Pipeline Integration Plugins Wordlists and Defaults
2 Home
nsportsman edited this page 2026-02-12 14:17:42 -06:00
Table of Contents

Brutus - Modern Credential Testing Tool

Brutus is a multi-protocol authentication testing tool built in pure Go, designed to address a critical gap in offensive security tooling: efficient credential validation across diverse network services.

Key Features

  • 22 Protocols - SSH, MySQL, PostgreSQL, MSSQL, Redis, SMB, RDP, HTTP Basic Auth, SNMP, and more
  • Zero Dependencies - Single static binary, cross-platform (Linux, Windows, macOS)
  • Pipeline Integration - Native support for fingerprintx and naabu workflows
  • Embedded SSH Bad Keys - Built-in rapid7/ssh-badkeys and Vagrant key collections with CVE tracking
  • LLM-Powered Intelligence - Optional AI-based banner analysis for HTTP services (Claude, DeepSeek)
  • Go Library API - Import directly into security automation tools
  • Production Ready - Concurrent worker pools, rate limiting, and comprehensive error handling

Quick Start

# Install
go install github.com/praetorian-inc/brutus/cmd/brutus@latest

# Test SSH with default credentials
brutus -target 192.168.1.100:22 -protocol ssh --defaults

# Full network credential audit pipeline
naabu -host 10.0.0.0/24 -p 22,3306,5432,6379 -silent | fingerprintx | brutus --stdin --defaults --json

Wiki Contents

Page Description
Plugins 22 protocol plugins organized by service category
LLM Analyzers AI-powered banner analysis with Claude and DeepSeek
Bad Keys Embedded SSH key collection with CVE metadata
Wordlists and Defaults Protocol-specific default credential lists and SNMP tiers
Configuration CLI reference, environment variables, and library API
Pipeline Integration fingerprintx and naabu workflow integration
Architecture Project structure, interfaces, concurrency model, and design decisions

Project Goals

  • Replace legacy credential testing tools (THC Hydra, Medusa, Ncrack) with a modern, zero-dependency alternative
  • Provide native pipeline integration with fingerprintx and naabu
  • Enable library-first design for Go security automation tools
  • Embed intelligence (SSH bad keys, LLM credential suggestion) directly into the binary
  • Deliver production-ready credential testing for penetration tests, red team operations, and security validation

Links

Maintained by: Praetorian