To brute-force services, people normally use Hydra, Medusa and Metasploit Framework but Nmap can also be used to brute-force a lot of online services. There are built-in Nmap scripts that support various services. If you have Nmap installed, you can see these scripts in the “/usr/share/nmap/scripts” directory.