Ncrack is a high-speed network authentication cracking tool. It
was built to help companies secure their networks by proactively
testing all their hosts and networking devices for poor
passwords. Security professionals also rely on Ncrack when auditing
their clients. Ncrack was designed using a modular approach, a
command-line syntax similar to Nmap and a dynamic engine that can
adapt its behaviour based on network feedback. It allows for rapid,
yet reliable large-scale auditing of multiple hosts.
Ncrack's features include a very flexible interface granting the user
full control of network operations, allowing for very sophisticated
bruteforcing attacks, timing templates for ease of use, runtime
interaction similar to Nmap's and many more. Protocols supported
include RDP, SSH, http(s), SMB, pop3(s), VNC, FTP, and telnet.
Ncrack was written as a "Google Summer of Code" Project in 2009.
While it is useful for some purposes, it is unfinished,
alpha quality software and isn't currently maintained. In most cases, you may have better luck using the brute force scripts included as part of Nmap's Scripting Engine (NSE). Ncrack is released as a standalone tool and can be
downloaded from the section below. Be sure to read the
Ncrack man page to fully understand Ncrack usage. If you
are a developer and want to write your own Ncrack modules, studying the Ncrack Developer's Guide would be the first step.
Ncrack is available for many different platforms, including Linux, *BSD,
Windows and Mac OS X. There are already installers for Windows and Mac OS X
and a universal source code tarball that can be compiled on every
system. You can also download the latest version straight from the SVN
repository. Older versions are available from the dist directory.
For the more
security-paranoid (smart) users, GPG detached signatures and SHA-1
hashes for each release are available in the sigs
directory (verification is similar to the Nmap verification instructions).
Specific details and instructions are available for the source code distribution, Windows binaries, and Mac OS X binaries, and Current subversion repository source.
The Ncrack tarball compiles under Windows, Mac OS X, Linux and other UNIX
platforms like *BSD. The standard procedure of compilation on most UNIX
systems usually goes like this:
tar -xzf ncrack-0.4ALPHA.tar.gz
Ncrack ALPHA release tarball:
Ncrack has been ported to Windows and has been tested on Windows XP so far.
Since this is an experimental version, please
notify us for any problems or successful
results on other platforms.
There is a ready-to-use Windows installer available, which makes the whole
procedure of getting and deploying Ncrack, painless:
Ncrack ALPHA release Windows installer:
Ncrack has been ported to Mac OS X and there is a disk image file containing
Ncrack ALPHA release Mac OS X installer:
Ncrack is in constant development. Stable releases may not be made often enough
for those who want to always have the latest feature additions and bug fixes.
The Ncrack SVN repository is freely accessible so you can always get the latest
development version running the following command:
svn co https://svn.nmap.org/ncrack
Questions, comments and bug reports are always welcome. Please use the Nmap
development mailing list (nmap-dev). To subscribe, please visit:
Code patches to fix bugs are even better than bug reports.
If you wish to contribute code to Ncrack there is a TODO list you
can have a look at (file "docs/TODO" in the source package).
Also, there are some instructions for creating patch files and
sending them, here.
For contact information, please visit section
in the man page.