Brutus implements 22 protocol plugins for credential testing across network services, databases, enterprise infrastructure, web services, and communications protocols.

Plugin Interface

Every protocol implements this minimal interface:

type Plugin interface {
    Name() string
    Test(ctx context.Context, target, username, password string,
         timeout time.Duration) *Result
}

Optional extension for SSH key-based authentication:

type KeyPlugin interface {
    Plugin
    TestKey(ctx context.Context, target, username string,
            key []byte, timeout time.Duration) *Result
}

Network Services (4)

Plugin	Port	Auth Methods	Package
`ssh`	22	Password, Private Keys	`internal/plugins/ssh`
`ftp`	21	Password	`internal/plugins/ftp`
`telnet`	23	Password	`internal/plugins/telnet`
`vnc`	5900	Password	`internal/plugins/vnc`

ssh

Tests SSH password and key-based authentication using golang.org/x/crypto/ssh.

Features:

Password authentication via ssh.Password()
Private key authentication via ssh.PublicKeys() (implements KeyPlugin interface)
Server version banner capture (sshConn.ServerVersion())
Context-aware TCP dialing with configurable timeout
Error classification: "unable to authenticate", "permission denied", "no supported methods remain" -> auth failure; all others -> connection error

Usage:

brutus -target 10.0.0.1:22 -protocol ssh -u root -p toor
brutus -target 10.0.0.1:22 -protocol ssh -u root -k /path/to/private_key
brutus -target 10.0.0.1:22 -protocol ssh --badkeys

ftp

Tests FTP authentication using the github.com/jlaffaye/ftp library. Error classification: FTP 530 response -> auth failure.

telnet

Tests Telnet password authentication with banner capture. Handles prompt detection for username/password fields.

vnc

Tests VNC password-only authentication. VNC uses a challenge-response protocol without usernames.

Web Services (2)

Plugin	Port	Auth Methods	Package
`http`	80	HTTP Basic Auth	`internal/plugins/http`
`https`	443	HTTP Basic Auth (TLS)	`internal/plugins/http`

http / https

Tests HTTP Basic Authentication with banner capture for LLM analysis.

Features:

Basic Auth header injection via req.SetBasicAuth()
TLS support with InsecureSkipVerify for self-signed certificates
Redirect suppression to capture auth responses
Banner construction from Server, X-Powered-By, WWW-Authenticate headers
Application detection from response body (20+ known applications)

Application Detection: Grafana, Prometheus, Nagios, Jenkins, Nexus, Artifactory, SonarQube, Apache Tomcat, Traefik, RabbitMQ, ActiveMQ, Elasticsearch, CouchDB, InfluxDB, Docker Registry, Consul, Etcd, phpMyAdmin, Webmin.

Error classification: HTTP 2xx -> success; 401/403 -> auth failure; all others -> connection error.

Enterprise Infrastructure (3)

Plugin	Port	Auth Methods	Package
`smb`	445	Password, NTLM	`internal/plugins/smb`
`ldap`	389/636	Bind DN	`internal/plugins/ldap`
`rdp`	3389	Password, NLA	`internal/plugins/rdp`

smb

Tests SMB/CIFS authentication using NTLM. Supports Windows file shares and Active Directory.

ldap

Tests LDAP simple bind authentication. Supports both LDAP (389) and LDAPS (636).

rdp

Tests RDP Network Level Authentication. Requires CGO and Rust FFI (internal/plugins/rdp/rdp-ffi/). Not included in pre-built static binaries. Build with make build-rdp.

Databases (10)

Plugin	Port	Auth Methods	Package
`mysql`	3306	Password	`internal/plugins/mysql`
`postgresql`	5432	Password	`internal/plugins/postgresql`
`mssql`	1433	Password	`internal/plugins/mssql`
`mongodb`	27017	Password	`internal/plugins/mongodb`
`redis`	6379	Password (AUTH)	`internal/plugins/redis`
`neo4j`	7687	Password (Bolt)	`internal/plugins/neo4j`
`cassandra`	9042	Password	`internal/plugins/cassandra`
`couchdb`	5984	HTTP Basic	`internal/plugins/couchdb`
`elasticsearch`	9200	HTTP Basic	`internal/plugins/elasticsearch`
`influxdb`	8086	HTTP Basic	`internal/plugins/influxdb`

mysql

Tests MySQL native authentication. Supports MySQL 5.x, 8.x, MariaDB, and Percona Server.

postgresql

Tests PostgreSQL password authentication using the lib/pq driver.

mssql

Tests Microsoft SQL Server authentication using the go-mssqldb driver.

mongodb

Tests MongoDB SCRAM-SHA authentication.

redis

Tests Redis AUTH command. Password-only authentication (optional username in Redis 6+ ACL).

neo4j

Tests Neo4j Bolt protocol authentication over TCP port 7687.

cassandra

Tests Apache Cassandra CQL authentication.

couchdb

Tests CouchDB HTTP Basic Auth against the /_session endpoint.

elasticsearch

Tests Elasticsearch HTTP Basic Auth. Supports both open-source and Elastic Cloud.

influxdb

Tests InfluxDB HTTP Basic Auth against the API endpoint.

Communications (3)

Plugin	Port	Auth Methods	Package
`smtp`	25/587	LOGIN, PLAIN	`internal/plugins/smtp`
`imap`	143/993	Password	`internal/plugins/imap`
`pop3`	110/995	Password	`internal/plugins/pop3`

smtp

Tests SMTP authentication using LOGIN and PLAIN mechanisms. Supports standard (25) and submission (587) with STARTTLS.

imap

Tests IMAP authentication. Supports both IMAP (143) and IMAPS (993).

pop3

Tests POP3 authentication using USER/PASS commands. Supports both POP3 (110) and POP3S (995).

Network Management (1)

Plugin	Port	Auth Methods	Package
`snmp`	161	Community Strings	`internal/plugins/snmp`

snmp

Tests SNMP community string authentication with tiered wordlists.

Tier	Count	Description
`default`	~25	Universal defaults (public, private, cisco, etc.)
`extended`	~75	Adds vendor-specific (HP, Juniper, Dell iDRAC, printers)
`full`	200+	Comprehensive including legacy, regional, IoT, ICS/SCADA

brutus -target 10.0.0.1:161 -protocol snmp --snmp-tier extended

See Wordlists and Defaults for the full SNMP community string reference.

Plugin Summary

Category	Count	Plugins
Network Services	4	`ssh`, `ftp`, `telnet`, `vnc`
Web Services	2	`http`, `https`
Enterprise	3	`smb`, `ldap`, `rdp`
Databases	10	`mysql`, `postgresql`, `mssql`, `mongodb`, `redis`, `neo4j`, `cassandra`, `couchdb`, `elasticsearch`, `influxdb`
Communications	3	`smtp`, `imap`, `pop3`
Network Mgmt	1	`snmp`
Total	23	(22 unique protocols; `http`/`https` share one package)