Crowbar – Brute-force Penetration Testing Tool

Crowbar (formally known as Levye) is a brute forcing tool that can be used during penetration tests. It was developed to brute force some protocols in a different manner according to other popular brute forcing tools.

As an example, while most brute forcing tools use username and password for SSH brute force, This toot uses SSH key(s). This allows for any private keys that have been obtained during penetration tests, to be used to attack other SSH servers.

Crowbar - Bruteforcing Tool
Crowbar – Bruteforcing Tool

Currently supported protocols/services are:

  • OpenVPN (-b openvpn)
  • Remote Desktop Protocol (RDP) with NLA support (-b rdp)
  • SSH private key authentication (-b sshkey)
  • VNC key authentication (-b vpn)

The tool generates 2 files for logging and result that are located in your current directory. Default log file name is crowbar.log which stores all brute force attempts while execution. If you don’t want use default log file, you should use -l log_path. The second file is crowbar.out which stores successful attempts while execution. If you don’t want use default output file, you should use -o output_path.

You can read more and download this tool over here:

Notify of
Inline Feedbacks
View all comments