readme

Readme.md

@@ -136,6 +136,30 @@ This will most likely yield no useable information but can be useful to enumerat
 ./stunner brute-transports -s x.x.x.x:3478 -u username -p password
 ```
 
+## brute-password
+
+This command tries all passwords from a given file for a username via the TURN protocol (UDP). This can be useful when analysing a pcap where you can see the username but not the password.
+Please note that an offline bruteforce is much more faster in this case.
+
+### Options
+
+```text
+--debug, -d                   enable debug output (default: false)
+--turnserver value, -s value  turn server to connect to in the format host:port
+--tls                         Use TLS for connecting (false in most tests) (default: false)
+--protocol value              protocol to use when connecting to the TURN server. Supported values: tcp and udp (default: "udp")
+--timeout value               connect timeout to turn server (default: 1s)
+--username value, -u value    username for the turn server
+--passfile value, -p value    passwordfile to use for bruteforce
+--help, -h                    show help (default: false)
+```
+
+### Example
+
+```bash
+./stunner brute-password -s x.x.x.x:3478 -u username -p wordlist.txt
+```
+
 ## memoryleak
 
 This attack works the following way: