Pipeline Integration

Navigation: Home | Plugins | LLM Analyzers | Bad Keys | Wordlists and Defaults | Configuration | Architecture

---

Overview

Brutus is designed for seamless pipeline integration with fingerprintx (service identification) and naabu (port scanning). The --stdin flag reads fingerprintx JSON output and automatically maps services to protocol plugins.

naabu -host 10.0.0.0/24 -p 22,3306,5432,6379 -silent | fingerprintx | brutus --stdin --defaults --json

---

Pipeline Architecture

 naabu (port scan) --> fingerprintx (service ID) --> brutus (credential testing)
    host:port              JSON stream                  JSON results

---

Input Format

Brutus accepts fingerprintx JSON, one object per line:

{"ip":"192.168.1.100","port":22,"service":"ssh","version":"OpenSSH_8.9p1"}
{"ip":"192.168.1.101","port":3306,"service":"mysql","version":"8.0.32"}
{"ip":"192.168.1.102","port":6379,"service":"redis","version":"7.0.5"}

Service-to-Protocol Mapping

fingerprintx Service	Brutus Protocol
ssh	ssh
ftp	ftp
telnet	telnet
vnc	vnc
http / https	http / https
smb	smb
ldap	ldap
rdp	rdp
mysql	mysql
postgresql / postgres	postgresql
mssql	mssql
mongodb	mongodb
redis	redis
neo4j	neo4j
cassandra	cassandra
couchdb	couchdb
elasticsearch	elasticsearch
influxdb	influxdb
smtp	smtp
imap	imap
pop3	pop3
snmp	snmp

Unsupported services are silently skipped.

---

Output Format

JSON (--json)

[
  {"protocol":"ssh","target":"192.168.1.100:22","username":"root","password":"toor","success":true,"duration":"1.23s"},
  {"protocol":"mysql","target":"192.168.1.101:3306","username":"root","password":"","success":true,"duration":"0.89s"}
]

Field	Type	Description
protocol	string	Protocol tested
target	string	Target host:port
username	string	Username tested
password	string	Password tested
success	bool	Authentication succeeded
error	string	Error message (if any)
duration	string	Time taken
banner	string	Captured service banner
llm_suggested	bool	Credential was LLM-suggested

Human-Readable (default)

[+] VALID: root:toor @ 192.168.1.100:22 (1.23s)
[-] ERROR: ubuntu:ubuntu @ 192.168.1.100:22 - connection reset
Results: 1 valid, 3 failed, 1 error (total: 5)

---

Real-World Scenarios

Corporate Network Audit

naabu -host 10.10.10.0/24 -p 22,23,21,3306,5432,6379,27017,445 -silent | \
  fingerprintx | \
  brutus --stdin --defaults --json -o results.json

cat results.json | jq '.[] | select(.success == true)'

Database Hunting

naabu -host 192.168.0.0/16 -p 3306,5432,1433,27017,6379,9042 -silent | \
  fingerprintx | \
  brutus --stdin --defaults -t 5 --json | tee database-findings.json

jq -r 'select(.success) | "\(.target) \(.username):\(.password)"' database-findings.json

SSH Key Spraying

naabu -host 10.0.0.0/24 -p 22 -silent | \
  fingerprintx | \
  brutus --stdin -u root,admin,ubuntu,deploy -k /path/to/found_key --json

Bad Keys Network Sweep

naabu -host 10.0.0.0/8 -p 22 -rate 1000 -silent | \
  fingerprintx | \
  brutus --stdin --badkeys --json -o ssh-key-findings.json

Web Admin Panel Discovery (LLM)

export DEEPSEEK_API_KEY="your-key"
naabu -host 10.0.0.0/24 -p 80,443,3000,8080,9090 -silent | \
  fingerprintx | \
  brutus --stdin --defaults --json

SNMP Community String Sweep

naabu -host 10.0.0.0/24 -p 161 -silent | \
  fingerprintx | \
  brutus --stdin --snmp-tier extended --json

---

Comparison with Legacy Workflows

Traditional (Hydra)

nmap -sV 10.0.0.0/24 -oG - | grep open > ports.txt
awk '{print $2":"$5}' ports.txt | cut -d'/' -f1 > targets.txt
grep ":22$" targets.txt | xargs -I{} hydra -L users.txt -P pass.txt ssh://{}
grep ":3306$" targets.txt | xargs -I{} hydra -L users.txt -P pass.txt mysql://{}
# ... repeat for each protocol

Praetorian (Brutus)

naabu -host 10.0.0.0/24 -silent | fingerprintx | brutus --stdin --defaults --json

Advantages: Single command, automatic protocol detection, native JSON, no scripting required.

---

Navigation: Home | Plugins | LLM Analyzers | Bad Keys | Wordlists and Defaults | Configuration | Architecture