Ncrack is a strong and adaptable network authentication cracking tool used to evaluate network service security. It is designed especially for using brute-force attacks to find weak credentials and is a component of the Nmap Project.

Ncrack is a powerful and flexible network authentication cracking tool designed to test the security of network services. It is part of the Nmap Project and is specifically crafted for identifying weak credentials through brute-force attacks.


  • Ncrack supports a variety of network protocols, including SSH, RDP, FTP, HTTP, SMB, and more. This versatility makes it a comprehensive tool for testing the security of different services.
  • Ncrack provides various attack modes, including username/password brute-force, dictionary attacks, and more advanced attacks such as credential recycling. This flexibility allows penetration testers to adapt their approach based on the target environment.
  • Ncrack is designed to efficiently handle multiple concurrent connections and parallelize brute-force attempts. This capability enhances the tool's speed and effectiveness in identifying weak credentials across multiple services.
  • Ncrack comes with a pre-populated credentials database that includes commonly used username/password combinations. This feature aids in quick testing against well-known credential pairs.
  • Ncrack integrates seamlessly with Nmap, allowing users to combine the power of network discovery and service enumeration with robust credential testing. This integration streamlines the overall penetration testing workflow.


Use the following command to install Ncrack from the official Kali Linux repositories:



Initiate a basic Ncrack command by specifying the target service, username, password list, and other relevant parameters. For example:


Replace 22 with the port number of the target service, username with the target username, password_list with the file containing passwords, and target_ip with the IP address of the target.


Table of Contents: