Ncrack – Network Password Cracker

The 2009 Summer of code has a special present for us pentesters. Normally, we use hydra or medusa to crack network service passwords (telnet, ftp, SSH, etc).

Ncrack changes the game a bit.

By bringing the nmap dev team/community to the table it shows promise to fix some current issues in bruteforcing network service passwords. This has already happened in one instance, read the openssh_library paper here. It also gives us the possibility to bruteforce multiple targets and takes the standard nmap target syntax (hostnames, CIDR, range, and single IP’s) which is very extensible and convenient for scripting.

Additionally it can take input from all Nmap’s output files, making certain portions of a pentest faster, meaner, and leaner. We can specify IP’s not to bruteforce, or pass it a whole list of IP’s not to test. It’s multi-threaded and provides easy tuning options (not all have been activated yet). In addition it has a very simple syntax for bruting services on non-standard ports.

While it’s still relatively new and doesn’t have a GUI like Hydra, or as many modules as Medusa, it’s still an awesome addition to any pentesters toolbelt.

Check out the man page here:

The latest version can be downloaded here:

Note: Ncrack is a new project started in the Summer of code: 2009. While it is already useful for some purposes, it is still unfinished, alpha quality software. You can help out by testing it and reporting any problems as described in the section called “Bugs”. Currently It still only has modules for FTP, SSH, TELNET and HTTP(S)

Happy Cracking!

3 thoughts on “Ncrack – Network Password Cracker

  1. NIce! As good as they are Hydra and Medusa are getting a bit dated and something like this looks like just what we need. Being part of Nmap will also ensure its kept updated.

Leave a Reply

Your email address will not be published. Required fields are marked *