A simple tool for brute-forcing FTP using basic cURL commands.
Simply run ./FTPNuker.sh target_host user_name path_to_passlist.txt
The script sends simple cURL requests with the credentials, and scans the response for success login codes (225, 226
).
You can modify the cURL
timeout, target port and frequency of progress echoing inside the bash file.
- This script does not attempt anonymous login
- This won't work on machines that implement protection against FTP bruteforcing
This tool is only for testing and can only be used where strict consent has been given. Do not use it for illegal purposes! It is the end user’s responsibility to obey all applicable local, state and federal laws. I assume no liability and am not responsible for any misuse or damage caused by this tool and software.
Distributed under the GNU License.