FTP Brute-force

The FTP brute-force module attempts to gain unauthorized access to FTP servers by testing various username and password combinations.

Here are the different ways to use the FTP brute-force module:

Default command

The default command initiates a basic FTP brute-force attempt against the specified target IP address. This command uses built-in wordlists and default settings to perform the authentication attempts. While this is the simplest form of the command, it provides a good starting point for initial reconnaissance.

./NexScan.py ftp -T 127.0.0.1

With verbose output

Adding verbose output provides detailed information about each FTP authentication attempt, including connection details, timing information, and full response messages. This level of detail is particularly useful for debugging connection issues or understanding the server's behavior during testing.

./NexScan.py ftp -T 127.0.0.1 -v

With stop on success option

The stop on success option halts the brute-force process as soon as valid credentials are found. This is useful when you only need to verify if the target is vulnerable to unauthorized access and want to minimize network traffic.

./NexScan.py ftp -T 127.0.0.1 -s

Optional arguments for FTP brute-force:

-T, --target: Specifies the target for the scan.
-p, --password: Specify single password
-P, --passwordfile: Specify password list file
-u, --user: Specify target username
-U, --userfile: Specify file containing list of usernames
-s, --stop: Stop on first successful login
-v, --verbose: Enable verbose output

Default command​

With verbose output​

Default command

With verbose output