Thursday, August 9, 2012

3:31 PM


This Windows-only cracker bangs against network services of remote systems trying to guess passwords by using a dictionary and permutations thereof. It supports HTTP, POP3, FTP, SMB, TELNET, IMAP, NNTP, and more. No source code is available. UNIX users should take a look at THC Hydra

Below is a screenshot of the main Brutus window in action. Brutus is running against a web server here using the HTTP basic authentication type. Brutus is going for the user admin using brute force to generate passwords (every 5 character combination using 'a-z'), the maximum number of passwords attempted will be just under 12 million. The status bar indicates that Brutus has attempted just over 1.16 million attempts and is running at an average speed of 501 attempts per second (that's over 30,000 per minute.) The worst case remaining execution time for this attack is just under six hours.

What is Brutus?

Many people refer to Brutus as a remote on-line password cracker, this is fairly accurate and I suppose it just about sums Brutus up.
Back to Top

What does it do?

Being a remote online password cracker, Brutus tends to crack passwords remotely, in an online fashion.
Back to Top

Is there any other software like Brutus?

There are more tools now than there were when Brutus was originally released, some tools of note include :
wwwhack  -  Offering HTTP, POP3 & FTP - generally nice and easy to use.
Entry - Offering HTTP, POP3 & FTP - commercial and freeware versions.
There are others too, go with whatever suits you (sir.)
Back to Top

What is a BAD file?

That's a Brutus Application Definition file! These are small files that contain configuration information for Brutus, usually for a particular authentication type/device. Brutus can import and export BAD files so you can install new authentication types (applications) into Brutus or you can create new custom authentication types and export them for others to use. Here's some I made earlier.
Back to Top

What is a BRU file?

That's a Brutus Restore file. These file hold a saved session and can be loaded into Brutus to facilitate resuming previous attack sessions.

he current version of Brutus is 'Brutus AET2', it was released on the 28th January 2000. File size is 331 kb, there are multiple download sites - take your pick. This is the primary site and always contains an up to date version, the mirror sites should also be up to date.
Site 1 (UK) HoobieNet master copy, local
Site 2 (AU) NetworkPunk mirror copy
Site 3 (UK) The Dogz Bollox mirror copy



Post a Comment