Created by Maksim Radaev/@vflame6
bruter is a fast, concurrent network services bruteforce tool written in Go. It supports 36 protocols, scan file auto-detection, and flexible wordlist options — built for pentesters who need reliable credential testing at scale.
- 36 modules — SSH, RDP-adjacent, databases, mail, web, and more
- Scan file auto-detection — feed nmap (GNMAP/XML), Nessus, or Nexpose output directly
- Built-in default wordlists — 17 usernames + 200 passwords with
--defaults - Combo wordlists —
user:passformat with--combo - Parallel execution — configurable per-host threading and concurrent hosts
- Smart probing — auto-detects TLS and tests default credentials before brute
- SOCKS5 proxy support — with optional proxy authentication
- Interface binding — bind to a specific network interface with
-I - Stop-on-success — per-host (
-f) or global (-F) - JSONL output — machine-readable results with
-j - Live progress — real-time status line with speed, ETA, and success count
| Category | Modules |
|---|---|
| Remote Access | ssh, sshkey, rdp, winrm, telnet, rexec, rlogin, rsh, vnc |
| Databases | mysql, mssql, postgres, mongo, redis, clickhouse, etcd |
smtp, imap, pop3 |
|
| Web / HTTP | http-basic, vault |
| Directory | ldap, ldaps |
| File Sharing | ftp, smb |
| Messaging | irc, xmpp, smpp, amqp |
| Network | socks5, snmp, rtsp |
| VoIP | asterisk, teamspeak |
| Cisco | cisco, cisco-enable |
| Other | cobaltstrike |
bruter requires Go 1.25+ to install successfully.
go install -v github.com/vflame6/bruter@latestPre-compiled binaries are available on the Releases page.
Build from source:
git clone https://github.com/vflame6/bruter.git
cd bruter
go build -o bruter main.goBuild with Docker:
docker build -t bruter .
docker run --rm bruter ssh -t 10.0.0.1 -u admin -p passwords.txtbruter [flags] <module> [module-flags]
Brute-force SSH with a password list:
bruter ssh -t 192.168.1.10 -u root -p /usr/share/wordlists/passwords.txtMultiple targets from a file:
bruter ssh -t targets.txt -u users.txt -p passwords.txt -C 50 -c 5Use built-in default wordlists:
bruter mysql -t 10.0.0.5:3306 --defaultsAuto-detect from nmap scan:
nmap -sV -oG scan.gnmap 10.0.0.0/24
bruter all -n scan.gnmap --defaultsAuto-detect from Nessus/Nexpose:
bruter all -n scan.nessus -u admin -p passwords.txt
bruter all -n nexpose-report.xml --defaultsCombo wordlist (user:pass pairs):
bruter ssh -t 10.0.0.1 --combo creds.txtJSONL output for piping:
bruter ftp -t targets.txt --defaults -j | jq '.host'Stop on first success per host, save results:
bruter smb -t targets.txt -u users.txt -p passwords.txt -f -o results.txtThrough a SOCKS5 proxy:
bruter ssh -t 10.0.0.1 -u root -p passwords.txt --proxy 127.0.0.1:1080Bind to a specific interface:
bruter ssh -t 10.0.0.1 -u root -p passwords.txt -I eth0Flags:
-t, --target=TARGET Target host or file (format: host or host:port)
-n, --nmap=NMAP Scan file (nmap GNMAP/XML, Nessus, Nexpose — auto-detected)
-u, --username=USERNAME Username or file with usernames
-p, --password=PASSWORD Password or file with passwords
--combo=COMBO Combo wordlist (user:pass per line)
--defaults Use built-in default wordlists
-C, --concurrent-hosts=32 Parallel targets
-c, --concurrent-threads=10 Threads per target
-d, --delay=0s Delay between attempts (forces single thread)
--timeout=5s Connection timeout
-f, --stop-on-success Stop current host on first valid creds
-F, --stop-on-success-global Stop entire run on first valid creds
--max-retries=30 Connection errors before skipping host (0=disable)
--proxy=IP:PORT SOCKS5 proxy
--proxy-auth=user:pass Proxy credentials
-I, --iface=IFACE Bind to network interface
--user-agent=UA User-Agent for HTTP modules
-q, --quiet Print results only
-D, --debug Debug logging
-v, --verbose Log every attempt
-j, --json JSONL output
-o, --output=FILE Write results to file
Targets use host or host:port format. If port is omitted, the module default is used.
192.168.0.11
192.168.0.12:2222
10.0.0.0/24
Contributions are welcome! Feel free to open an issue or submit a pull request. New module ideas, bug reports, and feature requests are all appreciated.
