Auth_Brute mixin: Add report_host/report_service & remove dup IP:PORT#21396
Merged
Conversation
4dbbfe0 to
3b6b989
Compare
7a66394 to
a1ef429
Compare
Contributor
Author
Before$ git status
On branch master
Your branch is up to date with 'origin/master'.
nothing to commit, working tree clean
$
$ ./msfconsole -q -x 'workspace -D; set VERBOSE true;
use auxiliary/scanner/smb/smb_login;
set RHOSTS 10.0.0.10;
set ANONYMOUS_LOGIN true; set BLANK_PASSWORDS true; set USER_AS_PASS true;
set USERNAME msfadmin; set PASSWORD incorrect;
run'
[*] Deleted workspace: default
[*] Recreated the default workspace
VERBOSE => true
[*] New in Metasploit 6.4 - The CreateSession option within this module can open an interactive session
RHOSTS => 10.0.0.10
ANONYMOUS_LOGIN => true
BLANK_PASSWORDS => true
USER_AS_PASS => true
USERNAME => msfadmin
PASSWORD => incorrect
[*] 10.0.0.10:445 - 10.0.0.10:445 - Starting SMB login bruteforce
[+] 10.0.0.10:445 - 10.0.0.10:445 - Success: '.\:' Guest
[-] 10.0.0.10:445 - 10.0.0.10:445 - Failed: '.\msfadmin:incorrect',
[-] 10.0.0.10:445 - 10.0.0.10:445 - Failed: '.\msfadmin:msfadmin',
[-] 10.0.0.10:445 - 10.0.0.10:445 - Failed: '.\msfadmin:',
[*] 10.0.0.10:445 - Scanned 1 of 1 hosts (100% complete)
[*] 10.0.0.10:445 - Bruteforce completed, 1 credential was successful.
[*] 10.0.0.10:445 - You can open an SMB session with these credentials and CreateSession set to true
[*] Auxiliary module execution completed
msf auxiliary(scanner/smb/smb_login) >After$ git status
On branch auth_brute_mixin
Your branch is up to date with 'origin/auth_brute_mixin'.
nothing to commit, working tree clean
$
$ ./msfconsole -q -x 'workspace -D; set VERBOSE true;
use auxiliary/scanner/smb/smb_login;
set RHOSTS 10.0.0.10;
set ANONYMOUS_LOGIN true; set BLANK_PASSWORDS true; set USER_AS_PASS true;
set USERNAME msfadmin; set PASSWORD incorrect;
run'
[*] Deleted workspace: default
[*] Recreated the default workspace
VERBOSE => true
[*] New in Metasploit 6.4 - The CreateSession option within this module can open an interactive session
RHOSTS => 10.0.0.10
ANONYMOUS_LOGIN => true
BLANK_PASSWORDS => true
USER_AS_PASS => true
USERNAME => msfadmin
PASSWORD => incorrect
[*] 10.0.0.10:445 - Starting SMB login bruteforce
[+] 10.0.0.10:445 - Success: '.\:' Guest
[-] 10.0.0.10:445 - Failed: '.\msfadmin:incorrect',
[-] 10.0.0.10:445 - Failed: '.\msfadmin:msfadmin',
[-] 10.0.0.10:445 - Failed: '.\msfadmin:',
[*] 10.0.0.10:445 - Scanned 1 of 1 hosts (100% complete)
[*] 10.0.0.10:445 - Bruteforce completed, 1 credential was successful.
[*] 10.0.0.10:445 - You can open an SMB session with these credentials and CreateSession set to true
[*] Auxiliary module execution completed
msf auxiliary(scanner/smb/smb_login) > |
Contributor
Author
|
Think I've finished tweaking with this PR! |
This was referenced May 21, 2026
Contributor
Author
|
Think I've finished tweaking with this PR! |
jheysel-r7
reviewed
Jun 9, 2026
|
Metasploit |
jheysel-r7
approved these changes
Jun 22, 2026
Contributor
Release NotesThis makes improvements to the auth_brute mixin. It adds report_host and report_service calls to the mixin and removes duplicate printing of IP:PORT in the print_brute statements. |
Contributor
Author
|
Wooo! Thanks @jheysel-r7 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The idea of this PR to update the authbrute force mixin, so each module doesn't need to be udpated to support being able to detect if a host is up, but the service attacking isn't on the target.
Example:
Both now are in
hosts, without having to update any modules. Doing it via mixin.Before
After