Author: Conscience Ekhomwandolor
KADRA is an intelligent credential brute force automation tool designed for authorized penetration testing. It specializes in targeted attacks against authentication services (SSH, RDP, FTP, Telnet, SMTP) using a strategic two-phase approach: common passwords followed by target-specific wordlists.
- π― Features
- π Quick Start
- π¦ Installation
- βοΈ Configuration
- π Usage
- π§ How It Works
- π Output & Results
- βοΈ Legal & Ethical Use
- π Troubleshooting
- π Academic Context
- Focused Scanning: Only scans for SSH (22), RDP (3389), FTP (21), Telnet (23), SMTP (25)
- Fast Detection: Quick port scanning to identify open services
- Service-specific: Uses appropriate usernames for each service type
- Two-Phase Approach:
- Phase 1: Common/default passwords (
passlist.txt) - Phase 2: Target-specific wordlists (generated from URLs)
- Phase 1: Common/default passwords (
- Smart Escalation: Only progresses to Phase 2 if Phase 1 fails
- Service Context: Different username lists for SSH, RDP, FTP, Telnet, SMTP
- Hydra Engine: Industry-standard brute force tool
- CeWL Integration: Generates targeted wordlists from web content
- Parallel Execution: Multi-threaded attacks for efficiency
- Rate Limiting: Configurable attempt rates to avoid detection
- JSON Output: Structured data for automation
- Human-Readable Summaries: Quick overview of findings
- Detailed Logs: Complete audit trail of all attempts
- Credential Tracking: Source attribution for found credentials
# 1. Download/Clone the tool
git clone https://github.com/razielapps/kadra.git
cd kadra
# 2. Make executable
chmod +x kadra.py
# 3. Create setup script and run
python3 -c "import kadra; kadra.create_setup_script()"
sudo bash setup_kadra.sh
# 4. Configure targets
nano targets.txt
# 5. Run KADRA
sudo python3 kadra.py# Test with a single target
sudo python3 kadra.py --target 192.168.1.105
# Or use default targets.txt
sudo python3 kadra.py- Operating System: Kali Linux 2023.x+ (or any Linux with Hydra/CeWL)
- Python: 3.8 or higher
- Required Tools:
hydra(THC-Hydra)cewl(Custom Word List generator)
- Permissions: Root/sudo for raw socket operations
# Run the built-in setup
python3 -c "import kadra; kadra.create_setup_script()"
sudo bash setup_kadra.sh# 1. Install required packages
sudo apt update
sudo apt install -y hydra cewl python3 python3-pip
# 2. Create necessary directories
mkdir -p wordlists results
# 3. Create configuration files
touch targets.txt passlist.txt
# 4. Add default passwords to passlist.txt
cat > passlist.txt << 'EOF'
admin
password
123456
password123
administrator
root
toor
admin123
test
guest
qwerty
letmein
EOF# Check installation
python3 kadra.py --help
# Verify tools are available
which hydra
which cewlkadra/
βββ kadra.py # Main script
βββ targets.txt # Target list (required)
βββ passlist.txt # Common passwords (required)
βββ setup_kadra.sh # Installation script
βββ kadra.log # Log file (auto-generated)
βββ wordlists/ # Generated wordlists (auto)
β βββ https_example_com.txt
β βββ target_specific.txt
βββ results/ # Scan results (auto)
βββ target1_summary.txt
βββ target1_credentials.json
# Add targets (IPs, domains, or URLs)
# One per line, comments with #
192.168.1.105 # Internal server
example.com # Domain (will be resolved)
https://webapp.example.com # URL (wordlist will be generated)
ftp.server.com # FTP server
smtp.corporate.com # SMTP serverSupported Formats:
- IP addresses:
192.168.1.1 - Domains:
example.com(will be DNS resolved) - URLs:
https://example.com(triggers wordlist generation)
# Most common/default passwords
# One per line
admin
password
123456
password123
administrator
root
toor
admin123
test
guest
qwerty
letmein
welcome
12345
12345678
123456789Tip: Start with 15-20 most common passwords. Add service-specific defaults if known.
Key settings in kadra.py:
class Config:
# Service definitions
SERVICES = {
'ssh': {'port': 22, 'hydra_module': 'ssh', 'timeout': 30},
'rdp': {'port': 3389, 'hydra_module': 'rdp', 'timeout': 45},
'ftp': {'port': 21, 'hydra_module': 'ftp', 'timeout': 25},
'telnet': {'port': 23, 'hydra_module': 'telnet', 'timeout': 20},
'smtp': {'port': 25, 'hydra_module': 'smtp', 'timeout': 30}
}
# Performance
MAX_THREADS = 3 # Concurrent attacks
HYDRA_TASKS = 16 # Hydra parallel tasks
BRUTE_TIMEOUT = 300 # Max seconds per attack
# CeWL settings
CEWL_DEPTH = 2 # Spidering depth
CEWL_MIN_WORD_LEN = 3 # Minimum word length# Show help with all options
python3 kadra.py --help# Run with default targets.txt and passlist.txt
sudo python3 kadra.py
# Single target (skip targets.txt)
sudo python3 kadra.py --target 192.168.1.105
# Custom targets file
sudo python3 kadra.py --targets my_targets.txt
# Custom password list
sudo python3 kadra.py --passlist custom_passwords.txt# Adjust thread count
sudo python3 kadra.py --threads 5
# Skip wordlist generation (faster)
sudo python3 kadra.py --no-wordlists
# Verbose output for debugging
sudo python3 kadra.py --verbose# Comprehensive attack with wordlists
sudo python3 kadra.py --targets production_servers.txt --threads 4
# Quick test without wordlist generation
sudo python3 kadra.py --target test-server.local --no-wordlists
# Debug mode with maximum output
sudo python3 kadra.py --target 192.168.1.100 --verbose 2>&1 | tee debug.logWhen you run KADRA, it follows this workflow:
-
Load Configuration
- Reads
targets.txtandpasslist.txt - Validates all targets
- Reads
-
Wordlist Generation (if enabled)
- For each URL target, runs CeWL to generate context-aware wordlists
- Saves to
wordlists/directory
-
Service Discovery
- Scans each target for open service ports
- Only proceeds with open services
-
Phase 1: Common Passwords
- Attempts common passwords from
passlist.txt - Tries service-specific usernames
- Stops if credentials found
- Attempts common passwords from
-
Phase 2: Target Wordlists (if Phase 1 fails)
- Uses generated wordlists for targeted attacks
- More sophisticated but slower approach
-
Results & Reporting
- Saves credentials to
results/directory - Generates human-readable summaries
- Logs all activity to
kadra.log
- Saves credentials to
βββββββββββββββββββ
β targets.txt β
ββββββββββ¬βββββββββ
β
ββββββββββΌβββββββββ
β Target Loader β
β β’ Validation β
β β’ DNS Resolve β
ββββββββββ¬βββββββββ
β
ββββββββββΌβββββββββ βββββββββββββββββββ
β Wordlist Gen ββββββ€ CeWL β
β β’ URL parsing β β (for URLs) β
β β’ File save β βββββββββββββββββββ
ββββββββββ¬βββββββββ
β
ββββββββββΌβββββββββ
β Port Scanner β
β β’ SSH (22) β
β β’ RDP (3389) β
β β’ FTP (21) β
β β’ Telnet (23) β
β β’ SMTP (25) β
ββββββββββ¬βββββββββ
β
ββββββββββΌβββββββββ βββββββββββββββββββ
β Phase 1: β β passlist.txt β
β Common PasswordsβββββΊ β
β β β admin β
β β β password β
β β β 123456 β
ββββββββββ¬βββββββββ βββββββββββββββββββ
β
ββββββ΄ββββββ
β Success? ββββYesβββΊ[Save Credentials]
ββββββ¬ββββββ
βNo
β
ββββββββββΌβββββββββ βββββββββββββββββββ
β Phase 2: β β wordlists/ β
β Target Lists βββββΊβ target1.txt β
β β β target2.txt β
β β βββββββββββββββββββ
ββββββββββ¬βββββββββ
β
ββββββ΄ββββββ
β Success? ββββYesβββΊ[Save Credentials]
ββββββ¬ββββββ
βNo
βΌ
[Next Service/Target]
- Common Usernames:
root,ubuntu,admin,ec2-user - Strategy: High-rate attempts with common defaults
- Success Rate: Typically high for misconfigured servers
- Common Usernames:
administrator,admin,user - Strategy: Slower attempts (Windows account lockout)
- Note: Uses Hydra's RDP module with visual feedback
- Common Usernames:
anonymous,ftp,admin - Strategy: Quick anonymous check first
- Success Rate: High for anonymous FTP servers
- Common Usernames:
root,admin,cisco - Strategy: Fast attempts (usually no lockouts)
- Warning: Credentials transmitted in clear text
- Common Usernames:
admin,postmaster,mail - Strategy: VRFY/EXPN testing before brute force
- Use Case: Email server enumeration
# CeWL command used internally
cewl https://target.com \
-d 2 \ # Depth of spidering
-m 3 \ # Minimum word length
--with-numbers \ # Include numbers
--lowercase \ # Convert to lowercase
-w target.txt # Output fileGenerated wordlists include:
- Page titles and headings
- Body text content
- Metadata keywords
- URLs and paths
- Email-like patterns
- Number variations
results/
βββ 192_168_1_105_20240115_143022.json
βββ 192_168_1_105_summary.txt
βββ example_com_20240115_143512.json
βββ example_com_summary.txt
{
"target": "192.168.1.105",
"ip": "192.168.1.105",
"open_services": {
"ssh": true,
"rdp": false,
"ftp": true,
"telnet": false,
"smtp": true
},
"credentials_found": [
{
"service": "ssh",
"username": "root",
"password": "password123",
"host": "192.168.1.105",
"port": 22,
"password_source": "common"
}
],
"timestamp": "2024-01-15T14:30:22"
}============================================================
KADRA - Credential Bruteforce Summary
============================================================
Target: 192.168.1.105
IP Address: 192.168.1.105
Scan Time: 2024-01-15T14:30:22
Open Services:
SSH : OPEN
RDP : closed
FTP : OPEN
TELNET : closed
SMTP : OPEN
Credentials Found:
1. Service: SSH
Username: root
Password: password123
Source: common
Host: 192.168.1.105:22
============================================================
kadra.log contains:
- Timestamped operations
- Scan progress
- Attack attempts
- Success/failure notifications
- Error messages and debugging info
- β Penetration Testing: With written authorization from system owner
- β Security Research: In controlled lab environments
- β Educational Purposes: Classroom learning (like this project)
- β Self-Assessment: Testing your own systems/networks
- β Bug Bounty Programs: Within explicitly defined scope
- β Unauthorized Testing: Any system without explicit permission
- β Production Systems: Without formal approval and scheduling
- β Third-Party Services: Cloud providers, ISPs, etc.
- β Malicious Activities: Data theft, disruption, or damage
- β Illegal Access: Violating computer fraud laws
Users must ensure compliance with:
- Computer Fraud and Abuse Act (CFAA)
- General Data Protection Regulation (GDPR)
- Local cybersecurity laws
- Terms of Service agreements
- Organizational security policies
If vulnerabilities are found:
- Document findings thoroughly
- Notify system owner immediately
- Provide remediation recommendations
- Delete any captured data after reporting
- Maintain confidentiality until fixed
# Solution: Install Hydra
sudo apt update
sudo apt install hydra
# Verify installation
which hydra# Solution: Install CeWL
sudo apt update
sudo apt install cewl
# Verify installation
which cewl# Solution: Run with sudo
sudo python3 kadra.py
# Alternative: Set capabilities (advanced)
sudo setcap cap_net_raw+ep $(which python3)# Adjust in Config class:
Config.BRUTE_TIMEOUT = 600 # Increase timeout
Config.HYDRA_TASKS = 8 # Reduce parallel tasks- Check
passlist.txt- Add more common passwords - Verify services - Ensure ports are actually open
- Check network - Firewall may be blocking
- Review logs -
kadra.logfor detailed info
# Enable verbose logging
sudo python3 kadra.py --verbose 2>&1 | tee debug.log
# Check log file
tail -f kadra.log| Setting | Fast Scan | Thorough Scan |
|---|---|---|
| Threads | 5 | 2 |
| Wordlists | Disabled | Enabled |
| Timeout | 120s | 300s |
| CeWL Depth | 1 | 3 |
For advanced projects, consider adding:
- Hash Cracking: Integrate John the Ripper or Hashcat
- API Support: Cloud service credential testing
- Reporting Dashboard: Web interface for results
- Machine Learning: Predict password patterns
- Distributed Attacks: Multi-system coordination
- Medusa: Alternative to Hydra
- Patator: Multi-protocol brute forcer
- Ncrack: From Nmap developers
- BruteSpray: Post-Nmap brute forcing
- NIST SP 800-63: Digital Identity Guidelines
- ISO/IEC 27001: Information Security Management
- PCI DSS: Payment Card Industry Security
- CIS Benchmarks: Security configuration guidelines
This tool is for educational and authorized security testing only.
Never use KADRA on systems you don't own or have explicit written permission to test.
By using this tool, you accept full responsibility for your actions.
KADRA - Because sometimes, the key is just trying the most obvious things first.
Built for educational purposes. Use responsibly.