Brute Force Add-on v1.0 Documentation

Check for default and weak credentials across all hosts in your workspace instantly!

Features

  • Check for default and weak credentials in a target environment.
  • Single & built-in multi target selections.
  • Customized wordlist selections for usernames and passwords.
  • Automatic brute forcing of all services via BruteX.
  • Reporting of all output via the Command Execution Add-on.

Requirements

This add-on requires a Sn1per Professional v9.0 license along with the following add-ons and components:

Installation

To install this addon, extract all PHP files to the following location:

/usr/share/sniper/pro/addons/

To access the Brute Force Add-on, do the following:

  1. Reload the Sn1per web interface (ie. https://YOUR_IP_HERE:1337)
  2. Click on any workspace from the Workspace Navigator
  3. Scroll down and click “Brute Force” menu to access the Brute Force Add-on

To add username and password wordlists, create the following directory and copy all wordlists into the appropriate directories:

/usr/share/sniper/wordlists/usernames/
/usr/share/sniper/wordlists/passwords/

Usage

Brute Force A Single Service On A Single Target

To brute force a single service on a single target, do the following:

  1. Click on any workspace from the Workspace Navigator
  2. Scroll down and click “Brute Force” menu to access the Brute Force Add-on
  3. Enter the taget’s IP/hostname/domain in the “Target” input box
  4. Select the service you want to brute force (ie. ssh, etc.) from the “Service” menu
  5. Enter the port number (ie. “22” for standard SSH) in the “Port” input box
  6. To check for a specific username or password, enter them in the “Username” and “Password” input boxes
  7. To use a list of usernames and passwords, select a wordlist for both the “Usernames” and “Passwords” menu items
  8. Click the “Run” button to begin the scan

 

Brute Force All Open Services On ALL Live Hosts

To brute force all open services on ALL live hosts, do the following:

  1. Click on any workspace from the Workspace Navigator
  2. Scroll down and click “Brute Force” menu to access the Brute Force Add-on
  3. Select “Live Hosts” from the “Target List” menu
  4. Select “all” from the “Service” menu
  5. Click the “Run” button to begin the scan

This assumes you have already scanned your workspace for live hosts which will automatically populate your “Live Hosts” target list.

Back to Main Documentation