Ncrack is a high-speed network authentication cracking tool. It
was built to help companies secure their networks by proactively
testing all their hosts and networking devices for poor
passwords. Security professionals also rely on Ncrack when auditing
their clients. Ncrack was designed using a modular approach, a
command-line syntax similar to Nmap and a dynamic engine that can
adapt its behaviour based on network feedback. It allows for rapid,
yet reliable large-scale auditing of multiple hosts.
Ncrack's features include a very flexible interface granting the user
full control of network operations, allowing for very sophisticated
bruteforcing attacks, timing templates for ease of use, runtime
interaction similar to Nmap's and many more. Protocols supported
include RDP, SSH, http(s), SMB, pop3(s), VNC, FTP, and telnet.
Ncrack was started as a "Google Summer of Code" Project in 2009.
While it is already useful for some purposes, it is still unfinished,
alpha quality software. It is released as a standalone tool and can be
downloaded from the section below. Be sure to read the
Ncrack man page to fully understand Ncrack usage. If you
are a developer and want to write your own Ncrack modules, studying the Ncrack Developer's Guide would be the first step.
Ncrack is available for many different platforms, including Linux, *BSD,
Windows and Mac OS X. There are already installers for Windows and Mac OS X
and a universal source code tarball that can be compiled on every
system. You can also download the latest version straight from the SVN
repository. Older versions are available from the dist directory.
For the more
security-paranoid (smart) users, GPG detached signatures and SHA-1
hashes for each release are available in the sigs
directory (verification is similar to the Nmap verification instructions).
Code patches to fix bugs are even better than bug reports.
If you wish to contribute code to Ncrack there is a TODO list you
can have a look at (file "docs/TODO" in the source package).
Also, there are some instructions for creating patch files and
sending them, here.