General Notes:

Always try anonymous login if it is avaliable:

Username: anonymous Password: anonymous (or keys you want to put in.)

FTP Enumeration Tools

Manual Connection

$ ftp 172.21.0.0

$ nc -vn 172.21.0.0 21

Connect via Browser

ftp://172.21.0.0

Nmap FTP Enumeration


$ ls -lh /usr/share/nmap/scripts/ | grep ftp
-rw-r--r-- 1 root root 4.5K Oct 12 09:29 ftp-anon.nse
-rw-r--r-- 1 root root 3.2K Oct 12 09:29 ftp-bounce.nse
-rw-r--r-- 1 root root 3.1K Oct 12 09:29 ftp-brute.nse
-rw-r--r-- 1 root root 3.2K Oct 12 09:29 ftp-libopie.nse
-rw-r--r-- 1 root root 3.3K Oct 12 09:29 ftp-proftpd-backdoor.nse
-rw-r--r-- 1 root root 3.7K Oct 12 09:29 ftp-syst.nse
-rw-r--r-- 1 root root 5.9K Oct 12 09:29 ftp-vsftpd-backdoor.nse
-rw-r--r-- 1 root root 5.8K Oct 12 09:29 ftp-vuln-cve2010-4221.nse
-rw-r--r-- 1 root root 5.7K Oct 12 09:29 tftp-enum.nse
$ nmap x.x.x.x -p 21 -sV --script=exampleScript1.nse,exampleScript2.nse

CrackMapExec

- crackmapexec ftp 172.21.0.0
- crackmap exec ftp 172.21.0.0 -u 'a' -p ''
- crackmapexec ftp 172.21.0.0 -u 'anonymous' -p '''

# FTP Default wordlists: 
/usr/share/seclists/Passwords/Default-Credentials/ftp-betterdefaultpasslist.txt

Provide feedback

Saved searches

Use saved searches to filter your results more quickly