Question 1

How do I use Brutespray with an Nmap scan?

Accepted Answer

Simply pass the Nmap output file with the -f flag, e.g., 'brutespray -f nmap.gnmap -u admin -p password'. It automatically parses the file to target discovered services without manual intervention.

Question 2

Brutespray vs Hydra: which is better for brute-forcing?

Accepted Answer

Brutespray excels at automating attacks from scan outputs with a user-friendly TUI and embedded wordlists, while Hydra offers more granular protocol control. Brutespray's resume features and scanner integration make it ideal for post-reconnaissance workflows.

Question 3

Can Brutespray perform password spraying attacks?

Accepted Answer

Yes, it includes a password spray mode with configurable delays to avoid account lockouts, detailed in the advanced documentation. This allows testing one password across many users before moving to the next.

Question 4

How to resume an interrupted Brutespray session?

Accepted Answer

Interrupt with Ctrl+C, and Brutespray saves a checkpoint automatically. Use the --resume flag to continue from where you left off, leveraging the built-in checkpoint system for long engagements.

Question 5

What wordlists come with Brutespray?

Accepted Answer

Brutespray includes embedded wordlists compiled into the binary using a layered manifest system, as described in the wordlists guide. You can override them with custom lists for tailored attacks.

Question 6

Does Brutespray support proxy chains for anonymity?

Accepted Answer

Yes, it supports SOCKS5 proxies with authentication, allowing traffic routing through proxies for stealth or network segmentation, as outlined in the advanced usage section.

brutespray

What is brutespray?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions