chore(deps): bump golang.org/x/crypto from 0.50.0 to 0.52.0

.github/FUNDING.yml

@@ -1,5 +1,5 @@
 # These are supported funding model platforms
 
 github: x90skysn3k
-patreon: t1d3nio
+patreon: x90sky
 

.gitignore

@@ -29,3 +29,6 @@ wordlist/winrm/
 wordlist/asterisk/
 wordlist/teamspeak/
 wordlist/xmpp/
+go.work
+go.work.sum
+docs/superpowers/

README.md

@@ -2,13 +2,13 @@
 
 ![Version](https://img.shields.io/badge/Version-2.6.1-red)[![goreleaser](https://github.com/x90skysn3k/brutespray/actions/workflows/release.yml/badge.svg)](https://github.com/x90skysn3k/brutespray/actions/workflows/release.yml)[![Go Report Card](https://goreportcard.com/badge/github.com/x90skysn3k/brutespray/v2)](https://goreportcard.com/report/github.com/x90skysn3k/brutespray/v2)
 
-Created by: Shane Young/@t1d3nio && Jacob Robles/@shellfail
+Created by: Shane Young/@x90sky && Jacob Robles/@shellfail
 
 Inspired by: Leon Johnson/@sho-luv
 
 ## Description
 
-Brutespray automatically attempts default credentials on discovered services. It takes scan output from Nmap (GNMAP/XML), Nessus, Nexpose, JSON, and lists, then brute-forces credentials across 30+ protocols in parallel. Built in Go with an interactive terminal UI, embedded wordlists, and resume capability.
+Brutespray automatically attempts default credentials on discovered services. It takes scan output from Nmap (GNMAP/XML), Nessus, Nexpose, JSON, and lists, then brute-forces credentials across 40+ protocols in parallel. Built in Go with an interactive terminal UI, embedded wordlists, and resume capability.
 
 <img src="https://i.imgur.com/6fQI6Qs.png" width="500">
 
@@ -44,7 +44,7 @@ See [all examples](docs/examples.md) for more usage patterns.
 
 ## Features
 
-- **30+ protocols** — SSH, FTP, RDP, SMB, MySQL, PostgreSQL, Redis, LDAP, WinRM, and [more](docs/services.md)
+- **40+ protocols** — SSH, FTP, RDP, SMB, MySQL, PostgreSQL, Redis, LDAP, WinRM, and [more](docs/services.md)
 - **Module parameters** — Per-module settings via `-m KEY:VALUE` (auth type, target path, NTLM domain, etc.)
 - **Multi-auth support** — HTTP Digest/NTLM auto-detection, SMTP PLAIN/LOGIN, IMAP/POP3 SASL, SMB pass-the-hash
 - **Interactive TUI** — Tabbed views, live settings, pause/resume hosts ([details](docs/tui.md))
@@ -57,6 +57,25 @@ See [all examples](docs/examples.md) for more usage patterns.
 - **Performance tuning** — Dynamic threading, circuit breaker, rate limiting ([details](docs/advanced.md#performance-tuning))
 - **YAML config files** — Per-engagement settings ([details](docs/usage.md#config-file))
 
+## How brutespray compares
+
+| Feature | brutespray | hydra | medusa | ncrack | brutus |
+|---|---|---|---|---|---|
+| Single static binary | ✅ | ❌ | ❌ | ❌ | ✅ |
+| Interactive TUI | ✅ | ❌ | ❌ | ❌ | ❌ |
+| Checkpoint / resume | ✅ | ❌ | ❌ | ✅ | ❌ |
+| Spray mode (lockout-aware) | ✅ | ❌ | ❌ | ❌ | ❌ |
+| Per-attempt JSONL output | ✅ | ⚠️ | ❌ | ❌ | ❌ (success-only) |
+| SOCKS5 + proxy rotation | ✅ | ⚠️ | ❌ | ❌ | ❌ |
+| Embedded SSH bad-keys (CVE-tagged) | ✅ | ❌ | ❌ | ❌ | ✅ |
+| Pipeline stdin (naabu / fingerprintx / masscan) | ✅ | ❌ | ❌ | ❌ | ✅ |
+| Pre-auth RDP recon (NLA / sticky-keys) | ✅ | ❌ | ❌ | ❌ | ✅ |
+| Nmap gnmap + XML / Nessus / Nexpose import | ✅ | ⚠️ | ❌ | ❌ | ⚠️ (nmap only) |
+| Per-module params (`-m KEY:VAL`) | ✅ | ❌ | ❌ | ❌ | partial |
+| Service count | 41 | 50+ | 34 | 14 | 23 |
+
+> Symbols reflect documented behavior at PR time. Competing tools change quickly.
+
 ## Supported Services
 
 `ssh` `ftp` `ftps` `telnet` `smtp` `smtp-vrfy` `imap` `pop3` `mysql` `postgres` `mssql` `mongodb` `redis` `vnc` `snmp` `smbnt` `rdp` `http` `https` `vmauthd` `teamspeak` `asterisk` `nntp` `oracle` `xmpp` `ldap` `ldaps` `winrm` `rexec` `rlogin` `rsh` `wrapper`
@@ -73,7 +92,7 @@ Print discovered services from a scan file with `-P -q`:
 |-------|-------------|
 | [Installation](docs/installation.md) | Go install, release binaries, build from source, Docker |
 | [Usage](docs/usage.md) | CLI flags, config files, input formats |
-| [Services](docs/services.md) | All 30+ protocols with ports, status, and notes |
+| [Services](docs/services.md) | All 40+ protocols with ports, status, and notes |
 | [Examples](docs/examples.md) | Common usage patterns and recipes |
 | [Interactive TUI](docs/tui.md) | Keybindings, tabs, live settings |
 | [Advanced](docs/advanced.md) | Spray mode, proxy, resume, performance tuning |

banner/banner.go

@@ -68,7 +68,7 @@ func Banner(version string, banner_flag bool, noColor bool) {
 ╚═════╝  ╚═╝  ╚═╝  ╚═════╝     ╚═╝    ╚══════╝ ╚══════╝ ╚═╝      ╚═╝  ╚═╝ ╚═╝  ╚═╝    ╚═╝    ` + "\n"
 	quiet_banner :=
 		`Brutespray ` + version + `
-Created by: Shane Young/@t1d3nio && Jacob Robles/@shellfail
+Created by: Shane Young/@x90sky && Jacob Robles/@shellfail
 Inspired by: Leon Johnson/@sho-luv`
 	//ascii art by: Cara Pearson
 	if !banner_flag {

brute/badkeys/SOURCES.md

@@ -0,0 +1,13 @@
+# Bad-keys bundle sources
+
+This package vendors known-compromised SSH client private keys from:
+
+- [Rapid7/ssh-badkeys](https://github.com/rapid7/ssh-badkeys) (MIT) — vendor default keys for F5 BIG-IP, ExaGrid, Ceragon FibeAir, Monroe DASDEC, Barracuda, Array Networks, Loadbalancer.org, Quantum DXi
+- [HashiCorp Vagrant insecure key](https://github.com/hashicorp/vagrant/tree/main/keys) (MIT) — default Vagrant VM identity
+
+Only Rapid7's `authorized/` directory (client identities found in real-world
+`authorized_keys` files) is mirrored here. The `host/` directory (SSH server
+identity keys extracted from firmware) is intentionally excluded — host keys
+are not usable for client-side authentication.
+
+Refreshed via the same monthly cadence as `wordlist/` updates.

brute/badkeys/embed.go

@@ -0,0 +1,6 @@
+package badkeys
+
+import "embed"
+
+//go:embed keys/* metadata.yaml
+var assets embed.FS

brute/badkeys/keys/array-networks-vapv-vxag.key

@@ -0,0 +1,12 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBugIBAAKBgQCUw7F/vKJT2Xsq+fIPVxNC/Dyk+dN9DWQT5RO56eIQasd+h6Fm
+q1qtQrJ/DOe3VjfUrSm7NN5NoIGOrGCSuQFthFmq+9Lpt6WIykB4mau5iE5orbKM
+xTfyu8LtntoikYKrlMB+UrmKDidvZ+7oWiC14imT+Px/3Q7naj0UmOrSTwIVAO25
+Yf3SYNtTYv8yzaV+X9yNr/AfAoGADAcEh2bdsrDhwhXtVi1L3cFQx1KpN0B07JLr
+gJzJcDLUrwmlMUmrXR2obDGfVQh46EFMeo/k3IESw2zJUS58FJW+sKZ4noSwRZPq
+mpBnERKpLOTcWMxUyV8ETsz+9oz71YEMjmR1qvNYAopXf5Yy+4Zq3bgqmMMQyM+K
+O1PdlCkCgYBmhSl9CVPgVMv1xO8DAHVhM1huIIK8mNFrzMJz+JXzBx81ms1kWSeQ
+OC/nraaXFTBlqiQsvB8tzr4xZdbaI/QzVLKNAF5C8BJ4ScNlTIx1aZJwyMil8Nzb
++0YAsw5Ja+bEZZvEVlAYnd10qRWrPeEY1txLMmX3wDa+JvJL7fmuBgIUZoXsJnzs
++sqSEhA35Le2kC4Y1/A=
+-----END DSA PRIVATE KEY-----

brute/badkeys/keys/barracuda_load_balancer_vm.key

@@ -0,0 +1,12 @@
+----BEGIN DSA PRIVATE KEY-----
+MIIBuwIBAAKBgQDKuRHCBXXwoyWpMkJz/wQafaHOpqWmVYLn9GZ6eQuNLcIhtZQE
+kCWZTNajgf4ZAVmHgQh1JHDixJ1V0mcweti/lvyxiqHap7IkD0a+ewAOoz3OpjQZ
+3ox2ovHEnQJfZ/9LNiEI3XK8TPAj6trhMn5tCdwFei6228a+TYBOccTPgwIVAKYW
+T8ztHHaN7Gwn0I6keQfBSNw1AoGAHYNfKAcqf7Y4wyoVoZpr/h21SETpEaksQb7h
+GRJnFpYN/JiyE9W8nX6UqLv1eKyOXLccAnyda0a+uqcOhsAq8+H15slZYa4+065L
+ckPfs0V4cpxeMHTT1hK4TR2/LRpUjhYjgXFE5aLl91f5Gug5HemUK2S0BWh/oI38
+k2WfNh0CgYEArsJgp7RLPOsCeLqoia/eljseBFVDazO5Q0ysUotTw9wgXGGVWREw
+m8wNggFNb9eCiBAAUfVZVfhVAtFT0pBf/eIVLPXyaMw3prBt7LqeBrbagODc3WAA
+dMTPIdYYcOKgv+YvTXa51zG64v6pQOfS8WXgKCzDl44puXfYeDk5lVQCFAPfgalL
++FT93tofXMuNVfeQMLJl
+-----END DSA PRIVATE KEY-----

brute/badkeys/keys/ceragon-fibeair-cve-2015-0936.key

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQDBEh0OUdoiplc0P+XW8VPu57etz8O9eHbLHkQW27EZBEdXEYxr
+MOFXi+PkA0ZcNDBRgjSJmHpo5WsPLwj/L3/L5gMYK+yeqsNu48ONbbqzZsFdaBQ+
+IL3dPdMDovYo7GFVyXuaWMQ4hgAJEc+kk1hUaGKcLENQf0vEyt01eA/k6QIBIwKB
+gQCwhZbohVm5R6AvxWRsv2KuiraQSO16B70ResHpA2AW31crCLrlqQiKjoc23mw3
+CyTcztDy1I0stH8j0zts+DpSbYZnWKSb5hxhl/w96yNYPUJaTatgcPB46xOBDsgv
+4Lf4GGt3gsQFvuTUArIf6MCJiUn4AQA9Q96QyCH/g4mdiwJBAPHdYgTDiQcpUAbY
+SanIpq7XFeKXBPgRbAN57fTwzWVDyFHwvVUrpqc+SSwfzhsaNpE3IpLD9RqOyEr6
+B8YrC2UCQQDMWrUeNQsf6xQer2AKw2Q06bTAicetJWz5O8CF2mcpVFYc1VJMkiuV
+93gCvQORq4dpApJYZxhigY4k/f46BlU1AkAbpEW3Zs3U7sdRPUo/SiGtlOyO7LAc
+WcMzmOf+vG8+xesCDOJwIj7uisaIsy1/cLXHdAPzhBwDCQDyoDtnGty7AkEAnaUP
+YHIP5Ww0F6vcYBMSybuaEN9Q5KfXuPOUhIPpLoLjWBJGzVrRKou0WeJElPIJX6Ll
+7GzJqxN8SGwqhIiK3wJAOQ2Hm068EicG5WQoS+8+KIE/SVHWmFDvet+f1vgDchvT
+uPa5zx2eZ2rxP1pXHAdBSgh799hCF60eZZtlWnNqLg==
+-----END RSA PRIVATE KEY-----

brute/badkeys/keys/exagrid-cve-2016-1561.key

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWAIBAAKBgGdlD7qeGU9f8mdfmLmFemWMnz1tKeeuxKznWFI+6gkaagqjAF10
+hIruzXQAik7TEBYZyvw9SvYU6MQFsMeqVHGhcXQ5yaz3G/eqX0RhRDn5T4zoHKZa
+E1MU86zqAUdSXwHDe3pz5JEoGl9EUHTLMGP13T3eBJ19MAWjP7Iuji9HAgElAoGA
+GSZrnBieX2pdjsQ55/AJA/HF3oJWTRysYWi0nmJUmm41eDV8oRxXl2qFAIqCgeBQ
+BWA4SzGA77/ll3cBfKzkG1Q3OiVG/YJPOYLp7127zh337hhHZyzTiSjMPFVcanrg
+AciYw3X0z2GP9ymWGOnIbOsucdhnbHPuSORASPOUOn0CQQC07Acq53rf3iQIkJ9Y
+iYZd6xnZeZugaX51gQzKgN1QJ1y2sfTfLV6AwsPnieo7+vw2yk+Hl1i5uG9+XkTs
+Ry45AkEAkk0MPL5YxqLKwH6wh2FHytr1jmENOkQu97k2TsuX0CzzDQApIY/eFkCj
+QAgkI282MRsaTosxkYeG7ErsA5BJfwJAMOXYbHXp26PSYy4BjYzz4ggwf/dafmGz
+ebQs+HXa8xGOreroPFFzfL8Eg8Ro0fDOi1lF7Ut/w330nrGxw1GCHQJAYtodBnLG
+XLMvDHFG2AN1spPyBkGTUOH2OK2TZawoTmOPd3ymK28LriuskwxrceNb96qHZYCk
+86DC8q8p2OTzYwJANXzRM0SGTqSDMnnid7PGlivaQqfpPOx8MiFR/cGr2dT1HD7y
+x6f/85mMeTqamSxjTJqALHeKPYWyzeSnUrp+Eg==
+-----END RSA PRIVATE KEY-----

brute/badkeys/keys/f5-bigip-cve-2012-1493.key

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWgIBAAKBgQC8iELmyRPPHIeJ//uLLfKHG4rr84HXeGM+quySiCRgWtxbw4rh
+UlP7n4XHvB3ixAKdWfys2pqHD/Hqx9w4wMj9e+fjIpTi3xOdh/YylRWvid3Pf0vk
+OzWftKLWbay5Q3FZsq/nwjz40yGW3YhOtpK5NTQ0bKZY5zz4s2L4wdd0uQIBIwKB
+gBWL6mOEsc6G6uszMrDSDRbBUbSQ26OYuuKXMPrNuwOynNdJjDcCGDoDmkK2adDF
+8auVQXLXJ5poOOeh0AZ8br2vnk3hZd9mnF+uyDB3PO/tqpXOrpzSyuITy5LJZBBv
+7r7kqhyBs0vuSdL/D+i1DHYf0nv2Ps4aspoBVumuQid7AkEA+tD3RDashPmoQJvM
+2oWS7PO6ljUVXszuhHdUOaFtx60ZOg0OVwnh+NBbbszGpsOwwEE+OqrKMTZjYg3s
+37+x/wJBAMBtwmoi05hBsA4Cvac66T1Vdhie8qf5dwL2PdHfu6hbOifSX/xSPnVL
+RTbwU9+h/t6BOYdWA0xr0cWcjy1U6UcCQQDBfKF9w8bqPO+CTE2SoY6ZiNHEVNX4
+rLf/ycShfIfjLcMA5YAXQiNZisow5xznC/1hHGM0kmF2a8kCf8VcJio5AkBi9p5/
+uiOtY5xe+hhkofRLbce05AfEGeVvPM9V/gi8+7eCMa209xjOm70yMnRHIBys8gBU
+Ot0f/O+KM0JR0+WvAkAskPvTXevY5wkp5mYXMBlUqEd7R3vGBV/qp4BldW5l0N4G
+LesWvIh6+moTbFuPRoQnGO2P6D7Q5sPPqgqyefZS
+-----END RSA PRIVATE KEY-----

brute/badkeys/keys/loadbalancer.org-enterprise-va.key

@@ -0,0 +1,12 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBugIBAAKBgQCsCgcOw+DgNR/7g+IbXYdOEwSB3W0o3l1Ep1ibHHvAtLb6AdNW
+Gq47/UxY/rX3g2FVrVCtQwNSZMqkrqALQwDScxeCOiLMndCj61t3RxU3IOl5c/Hd
+yhGh6JGPdzTpgf8VhJIZnvG+0NFNomYntqYFm0y11dBQPpYbJE7Tx1t/lQIVANHJ
+rJSVVkpcTB4XdtR7TfO317xVAoGABDytZN2OhKwGyJfenZ1Ap2Y7lkO8V8tOtqX+
+t0LkViOi2ErHJt39aRJJ1lDRa/3q0NNqZH4tnj/bh5dUyNapflJiV94N3637LCzW
+cFlwFtJvD22Nx2UrPn+YXrzN7mt9qZyg5m0NlqbyjcsnCh4vNYUiNeMTHHW5SaJY
+TeYmPP8CgYAjEe5+0m/TlBtVkqQbUit+s/g+eB+PFQ+raaQdL1uztW3etntXAPH1
+MjxsAC/vthWYSTYXORkDFMhrO5ssE2rfg9io0NDyTIZt+VRQMGdi++dH8ptU+ldl
+2ZejLFdTJFwFgcfXz+iQ1mx6h9TPX1crE1KoMAVOj3yKVfKpLB1EkAIUCsG3dIJH
+SzmJVCWFyVuuANR2Bnc=
+-----END DSA PRIVATE KEY-----

brute/badkeys/keys/monroe-dasdec-cve-2013-0137.key

@@ -0,0 +1,12 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBuwIBAAKBgQDdwCE68iTEMjimYwJMvpkP/KThyJbuKvKc5kdKqLSmi5tssnuW
+tD2NqzmkEQM4uxD4XgV26k2/GvE6x4RlyOT+xlB2iYaOR4RJ8PuU8ALz+9i+y3D8
+MTMY/6y3Ef41frizLFXiVVo8CXFL/N8sz16FYytIayJvkSy3rkzPoE8pRwIVAPmA
+F1excCJPPVq3MyDfEMUXXOWjAoGAJS8ukwjJTgTNCHD7Lz//WxIw49DPGGWs3are
+GpjtiGjVD2Lff7CLCzkH8SI/JsgytUzqfDckSXqe1eWiAhuH90Pl5LZZi83Vp97I
+721riAF3taKYxtk+vWIcXx2a/Fp+z+LaQoMqjOLh5lCq35wc0EPb5FFFrGaFFzNm
+e71F1X0CgYAU6eNlphQWDwx0KOBiiYhF9BM6kDbQlyw8333rAG3G4CcjI2G8eYGt
+pBNliaD185UjCEsjPiudhGil/j4Zt/+VY3aGOLoi8kqXBBc8ZAML9bbkXpyhQhMg
+wiywx3ciFmvSn2UAin8yurStYPQxtXauZN5PYbdwCHPS7ApIStdpMAIVAJ+eePIA
+Azb0ux287wRfcfdbjlDM
+-----END DSA PRIVATE KEY-----

brute/badkeys/keys/quantum-dxi-v1000.key

@@ -0,0 +1,12 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBugIBAAKBgQCEgBNwgF+IbMU8NHUXNIMfJ0ONa91ZI/TphuixnilkZqcuwur2
+hMbrqY8Yne+n3eGkuepQlBBKEZSd8xPd6qCvWnCOhBqhkBS7g2dH6jMkUl/opX/t
+Rw6P00crq2oIMafR4/SzKWVW6RQEzJtPnfV7O3i5miY7jLKMDZTn/DRXRwIVALB2
++o4CRHpCG6IBqlD/2JW5HRQBAoGAaSzKOHYUnlpAoX7+ufViz37cUa1/x0fGDA/4
+6mt0eD7FTNoOnUNdfdZx7oLXVe7mjHjqjif0EVnmDPlGME9GYMdi6r4FUozQ33Y5
+PmUWPMd0phMRYutpihaExkjgl33AH7mp42qBfrHqZ2oi1HfkqCUoRmB6KkdkFosr
+E0apJ5cCgYBLEgYmr9XCSqjENFDVQPFELYKT7Zs9J87PjPS1AP0qF1OoRGZ5mefK
+6X/6VivPAUWmmmev/BuAs8M1HtfGeGGzMzDIiU/WZQ3bScLB1Ykrcjk7TOFD6xrn
+k/inYAp5l29hjidoAONcXoHmUAMYOKqn63Q2AsDpExVcmfj99/BlpQIUYS6Hs70u
+B3Upsx556K/iZPPnJZE=
+-----END DSA PRIVATE KEY-----

brute/badkeys/keys/vagrant-default.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzI
+w+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoP
+kcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2
+hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NO
+Td0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcW
+yLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQIBIwKCAQEA4iqWPJXtzZA68mKd
+ELs4jJsdyky+ewdZeNds5tjcnHU5zUYE25K+ffJED9qUWICcLZDc81TGWjHyAqD1
+Bw7XpgUwFgeUJwUlzQurAv+/ySnxiwuaGJfhFM1CaQHzfXphgVml+fZUvnJUTvzf
+TK2Lg6EdbUE9TarUlBf/xPfuEhMSlIE5keb/Zz3/LUlRg8yDqz5w+QWVJ4utnKnK
+iqwZN0mwpwU7YSyJhlT4YV1F3n4YjLswM5wJs2oqm0jssQu/BT0tyEXNDYBLEF4A
+sClaWuSJ2kjq7KhrrYXzagqhnSei9ODYFShJu8UWVec3Ihb5ZXlzO6vdNQ1J9Xsf
+4m+2ywKBgQD6qFxx/Rv9CNN96l/4rb14HKirC2o/orApiHmHDsURs5rUKDx0f9iP
+cXN7S1uePXuJRK/5hsubaOCx3Owd2u9gD6Oq0CsMkE4CUSiJcYrMANtx54cGH7Rk
+EjFZxK8xAv1ldELEyxrFqkbE4BKd8QOt414qjvTGyAK+OLD3M2QdCQKBgQDtx8pN
+CAxR7yhHbIWT1AH66+XWN8bXq7l3RO/ukeaci98JfkbkxURZhtxV/HHuvUhnPLdX
+3TwygPBYZFNo4pzVEhzWoTtnEtrFueKxyc3+LjZpuo+mBlQ6ORtfgkr9gBVphXZG
+YEzkCD3lVdl8L4cw9BVpKrJCs1c5taGjDgdInQKBgHm/fVvv96bJxc9x1tffXAcj
+3OVdUN0UgXNCSaf/3A/phbeBQe9xS+3mpc4r6qvx+iy69mNBeNZ0xOitIjpjBo2+
+dBEjSBwLk5q5tJqHmy/jKMJL4n9ROlx93XS+njxgibTvU6Fp9w+NOFD/HvxB3Tcz
+6+jJF85D5BNAG3DBMKBjAoGBAOAxZvgsKN+JuENXsST7F89Tck2iTcQIT8g5rwWC
+P9Vt74yboe2kDT531w8+egz7nAmRBKNM751U/95P9t88EDacDI/Z2OwnuFQHCPDF
+llYOUI+SpLJ6/vURRbHSnnn8a/XG+nzedGH5JGqEJNQsz+xT2axM0/W/CRknmGaJ
+kda/AoGANWrLCz708y7VYgAtW2Uf1DPOIYMdvo6fxIB5i9ZfISgcJ/bbCUkFrhoH
++vq/5CIWxCPp0f85R4qxxQ5ihxJ0YDQT9Jpx4TMss4PSavPaBH3RXow5Ohe+bYoQ
+NE5OgEXk2wVfZczCZpigBKbKZHNYcelXtTt/nP3rsCuGcM4h53s=
+-----END RSA PRIVATE KEY-----

brute/badkeys/metadata.yaml

@@ -0,0 +1,59 @@
+# Rapid7 ssh-badkeys snapshot + Vagrant insecure key
+# Only the authorized/ directory (client private keys found in real-world
+# authorized_keys files) is mirrored here. The host/ directory (SSH server
+# identity keys extracted from firmware) is intentionally excluded — host keys
+# are not usable for client-side authentication.
+
+- file: vagrant-default.key
+  username: vagrant
+  vendor: HashiCorp Vagrant
+  cve: ""
+  description: Vagrant insecure default SSH key (any Vagrant VM using the default insecure keypair)
+
+- file: f5-bigip-cve-2012-1493.key
+  username: root
+  vendor: F5 BIG-IP
+  cve: CVE-2012-1493
+  description: F5 BIG-IP 9.x-11.x hardcoded root SSH key used for device communication
+
+- file: exagrid-cve-2016-1561.key
+  username: root
+  vendor: ExaGrid
+  cve: CVE-2016-1561
+  description: ExaGrid EX-series backup appliance hardcoded backdoor SSH key
+
+- file: ceragon-fibeair-cve-2015-0936.key
+  username: mateidu
+  vendor: Ceragon FibeAir
+  cve: CVE-2015-0936
+  description: Ceragon FibeAir IP-10 microwave radio hardcoded support/admin SSH key
+
+- file: monroe-dasdec-cve-2013-0137.key
+  username: root
+  vendor: Monroe Electronics DASDEC
+  cve: CVE-2013-0137
+  description: Monroe Electronics / Digital Alert Systems DASDEC EAS device hardcoded key
+
+- file: barracuda_load_balancer_vm.key
+  username: cluster
+  vendor: Barracuda Networks
+  cve: CVE-2014-8428
+  description: Barracuda Load Balancer VM hardcoded cluster SSH key
+
+- file: array-networks-vapv-vxag.key
+  username: sync
+  vendor: Array Networks
+  cve: ""
+  description: Array Networks vAPV / vxAG SSL VPN hardcoded sync user SSH key
+
+- file: loadbalancer.org-enterprise-va.key
+  username: root
+  vendor: Loadbalancer.org
+  cve: ""
+  description: Loadbalancer.org Enterprise VA 7.5.2 static root SSH key
+
+- file: quantum-dxi-v1000.key
+  username: root
+  vendor: Quantum
+  cve: ""
+  description: Quantum DXi V1000 deduplication appliance hardcoded root SSH key

brute/badkeys/registry.go

@@ -0,0 +1,63 @@
+// Package badkeys provides a curated, embedded bundle of known-compromised
+// SSH private keys (Rapid7 ssh-badkeys + Vagrant + vendor defaults). Each
+// entry pairs a key with its default username and CVE metadata so brute
+// modules can surface CVE-tagged findings without external files.
+package badkeys
+
+import (
+	"crypto/sha256"
+	"encoding/hex"
+	"fmt"
+
+	"gopkg.in/yaml.v3"
+)
+
+type Entry struct {
+	File        string
+	Username    string
+	Vendor      string
+	CVE         string
+	Description string
+	PEM         []byte
+	PEMHash     string // SHA-256 of the raw PEM file bytes (NOT an OpenSSH-format fingerprint); used for change-detection across vendor updates
+}
+
+type metaEntry struct {
+	File        string `yaml:"file"`
+	Username    string `yaml:"username"`
+	Vendor      string `yaml:"vendor"`
+	CVE         string `yaml:"cve"`
+	Description string `yaml:"description"`
+}
+
+func Load() ([]Entry, error) {
+	raw, err := assets.ReadFile("metadata.yaml")
+	if err != nil {
+		return nil, fmt.Errorf("read metadata.yaml: %w", err)
+	}
+	var metas []metaEntry
+	if err := yaml.Unmarshal(raw, &metas); err != nil {
+		return nil, fmt.Errorf("parse metadata.yaml: %w", err)
+	}
+	out := make([]Entry, 0, len(metas))
+	for _, m := range metas {
+		pem, err := assets.ReadFile("keys/" + m.File)
+		if err != nil {
+			return nil, fmt.Errorf("read keys/%s: %w", m.File, err)
+		}
+		if len(pem) == 0 {
+			return nil, fmt.Errorf("keys/%s: file is empty", m.File)
+		}
+		sum := sha256.Sum256(pem)
+		out = append(out, Entry{
+			File:        m.File,
+			Username:    m.Username,
+			Vendor:      m.Vendor,
+			CVE:         m.CVE,
+			Description: m.Description,
+			PEM:         pem,
+			PEMHash:     hex.EncodeToString(sum[:]),
+		})
+	}
+	return out, nil
+}