LinuxCommandLibrary

ncrack

Network authentication cracking

SYNOPSIS

ncrack [options]

PARAMETERS

-h, --help
    Display help information.

-v, --verbose
    Increase verbosity level (can be used multiple times).

-d, --debug
    Enable debugging mode.

-iL
    Input from list of hosts/networks.

-p
    Ports to crack.

-u
    Username to use (or username list).

-P , -f
    Password to use (or password list).

--userdb
    Use users from a database file.

--passdb
    Use passwords from a database file.

-T
    Milliseconds to wait between attempts.

--resume
    Resume aborted cracking session.

-o
    Save output to file.

DESCRIPTION

ncrack is a network authentication cracking tool designed to brute-force authentication protocols. It allows for fast, reliable, and sophisticated brute-force attacks against multiple hosts simultaneously. Unlike other brute-forcing tools, ncrack adapts its behavior dynamically based on network response, optimizing the cracking process.

It supports various protocols like SSH, FTP, Telnet, HTTP(S), POP3, SMTP, and more. ncrack is designed to be modular, allowing for easy addition of new protocols and cracking techniques. It also offers advanced features such as timing control, credential management, and report generation. Its capabilities enable security professionals to audit network security and identify weak passwords.

CAVEATS

ncrack can be resource-intensive and may trigger intrusion detection systems. Always obtain proper authorization before using it on a network.

TARGET SPECIFICATION

Targets can be specified as IP addresses, hostnames, or network ranges using CIDR notation (e.g., 192.168.1.0/24).

MODULES

ncrack supports a module system which allows it to extend and customize its functionality. The default module is 'ssh'. Use the command 'ncrack --list-modules' for a list of available modules.

HISTORY

ncrack was developed as a part of the Nmap project by Ron Bowes. Its aim was to create a flexible and high-performance network authentication cracking tool. The project was motivated by the need for an open-source solution that could address weaknesses in network services and assist in security auditing.

SEE ALSO

hydra(1), medusa(1)

Copied to clipboard