FTP Enumeration

Basic FTP Commands

# Connect to FTP
ftp target.com

# Anonymous login
ftp target.com
# Username: anonymous
# Password: anonymous@target.com

Nmap FTP Scripts

# FTP enumeration
nmap --script ftp-* -p 21 target.com

# Anonymous login check
nmap --script ftp-anon -p 21 target.com

# FTP bounce
nmap --script ftp-bounce -p 21 target.com

# Brute force
nmap --script ftp-brute -p 21 target.com

FTP Clients

Standard FTP

# Connect
ftp target.com

# List files
ls
dir

# Download file
get filename

# Upload file
put filename

# Download multiple files
mget *.txt

# Binary mode
binary

# ASCII mode
ascii

NCFTP

# Connect
ncftp target.com

# Recursive download
ncftpget -R target.com /remote/path /local/path

File Transfer

# Download file with wget
wget ftp://target.com/file.txt

# Download with authentication
wget ftp://username:password@target.com/file.txt

# Recursive download
wget -r ftp://target.com/directory/

Hydra - FTP Brute Force

# Single user
hydra -l username -P /usr/share/wordlists/rockyou.txt ftp://target.com

# Multiple users
hydra -L users.txt -P /usr/share/wordlists/rockyou.txt ftp://target.com

# Specific port
hydra -l username -P passwords.txt ftp://target.com:2121