Ncrack - High-Speed Network Authentication Cracker

Ncrack is an open source tool for network authentication cracking. It was designed for high-speed parallel cracking using a dynamic engine that can adapt to different network situations.

It can also be extensively fine-tuned for special cases, though the default parameters are generic enough to cover almost every situation. It is built on a modular architecture that allows for easy extension to support additional protocols.

Ncrack is designed for companies and security professionals to audit large networks for default or weak passwords in a rapid and reliable way. It can also be used to conduct fairly sophisticated and intensive brute force attacks against individual services.

The output from Ncrack is a list of found credentials, if any, for each of the targets specified. Ncrack can also print an interactive status report of progress so far and possibly additional debugging information that can help track problems, if the user selected that option.


ncrack [Options] {target and service specification}

Can pass hostnames, IP addresses, networks, etc.
Ex:,,; 10.0.0-255.1-254
-iX : Input from Nmap's -oX XML output format
-iN : Input from Nmap's -oN Normal output format
-iL : Input from list of hosts/networks
--exclude : Exclude hosts/networks
--excludefile : Exclude list from file

Can pass target specific services in ://target (standard) notation or
using -p which will be applied to all hosts in non-standard notation.
Service arguments can be specified to be host-specific, type of service-specific
(-m) or global (-g). Ex: ssh://,at=10,cl=30 -m ssh:at=50 -g cd=3000
Ex2: ncrack -p ssh,ftp:3500,25,ssl
-p : services will be applied to all non-standard notation hosts
-m :: options will be applied to all services of this type
-g : options will be applied to every service globally

Misc options:
ssl: enable SSL over this service
path : used in modules like HTTP ('=' needs escaping if used)

Options which take are in seconds, unless you append 'ms'
(miliseconds), 'm' (minutes), or 'h' (hours) to the value (e.g. 30m).
Service-specific options:
cl (min connection limit): minimum number of concurrent parallel connections
CL (max connection limit): maximum number of concurrent parallel connections
at (authentication tries): authentication attempts per connection
cd (connection delay): delay between each connection initiation
cr (connection retries): caps number of service connection attempts
to (time-out): maximum cracking for service, regardless of success so far
-T<0-5>: Set timing template (higher is faster)
--connection-limit : threshold for total concurrent connections

-U : username file
-P : password file
--user : comma-separated username list
--pass : comma-separated password list
--passwords-first: Iterate password list for each username. Default is opposite.

-oN/-oX : Output scan in normal and XML format, respectively, to the given filename.
-oA : Output in the two major formats at once
-v: Increase verbosity level (use twice or more for greater effect)
-d[level]: Set or increase debugging level (Up to 10 is meaningful)
--nsock-trace : Set nsock trace level (Valid range: 0 - 10)
--log-errors: Log errors/warnings to the normal-format output file
--append-output: Append to rather than clobber specified output files

--resume : Continue previously saved session
-f: quit cracking service after one found credential
-6: Enable IPv6 cracking
-sL or --list: only list hosts and services
--datadir : Specify custom Ncrack data file location
-V: Print version number
-h: Print this help summary page.


ncrack -v --user root localhost:22
ncrack -v -T5
ncrack -v -iX ~/nmap.xml -g CL=5,to=1h

Ncrack - High-Speed Network Authentication Cracker Ncrack - High-Speed Network Authentication Cracker Reviewed by Unknown on 11:01 AM Rating: 5