r4stl1n / ssh-brute-forcer Goto Github PK

A Simple Multi-Threaded SSH Brute Forcer

Python 100.00%

ssh-brute-forcer's Introduction

SSH Brute Forcer

Simple multi threaded SSHBrute Forcer, Standard Brute Forcing and Dictonary based attacks.

Note: The brute force method is really bad just trys random strings with different lengths. Also it will attempt to create a lot of threads if you say 1000 attempts it will create 1000 threads.. Why you might ask because no one should really ever use this feature.

Single Ip Dictonary Attack

python SSHBruteForce.py -i 127.0.0.1 -d True -p 2222 -U ./usernames.txt -P ./passwords.txt

Single Ip Dictonary Attack Specifying threads and timeout

python SSHBruteForce.py -i 127.0.0.1 -d True -p 2222 -U ./usernames.txt -P ./passwords.txt -t 15 -T 30

Multiple Ip Dictonary Attack

python SSHBruteForce.py -I ./targets.txt -d True -p 2222 -U ./usernames.txt -P ./passwords.txt -t 15 -T 30

Single Ip BruteForce Attack

python SSHBruteForce.py -i 127.0.0.1 -p 22 -a 100 -l 8

Multiple Ip BruteForce Attack

python SSHBruteForce.py -I targets.txt -p 22 -a 100 -l 8

Example of targets.txt:

127.0.0.1:22
127.0.0.2:23

Example of usernames.txt:

jimmyj
derpt
marth

Example of passwords.txt:

love
god
sex
secret

For educational use only.

ssh-brute-forcer's People

Contributors

Stargazers

Watchers

Forkers

nozberkaryaindonesia chikatambun 523brain ksmaheshkumar carloslannister pfanner franx47 syjzwjj iosipov aa21 mateqxxz masbog barnett-labs michalkoczwara semeion grievytroll demontager duggan gr3yr0n1n cor3sm4sh3r junaid124 nelodvn theman480 trojanspike timmyburns trevor3000 lucasroot digideskio szkane wuda1990 jurbu phpplay az0ne jerusalemsbell gj3169 sandeep-biswal jrborbars disassembly blckhwk gamblingmaster winstrool areso mrtaheramine grabber danielelic eternalpeace minagushi exploit-inters anarquias bigponzue mikecraig6810 orenyomtov securityanalysts adrielmaciel dlarmeir jul10l1r4 rahmatov davepuchyr dima056359 ebber iridocyclitis562 micsoftvn krnaver atleag thiemer2106 ntnguy tsw424 jaronets add1ct3d chosenonehacks luongphuhoa 0x6b7966 satsin727 sauravhiremath athna deadcyph3r kingbiagio hmyit antiavanti entraentra piterpentester napagit cyberistx kranercc kenderperez fourmansyah kelvinlener nathan-jolivat cdprf ltvthang hollow667 dinarpay astritcepele augustin-carrel kksamoy chaosprint justyntemme lux10n ivanka1230 berilbbj

ssh-brute-forcer's Issues

Codec 'utf-8' cant decode byte "0xf1" in position 923: Error using rockyou.txt

Machine: Wifislax (Slackware likely)

Traceback (most recent call last):
  File "SSHBruteForce.py", line 282, in <module>
    sshBruteForce.startUp()
  File "SSHBruteForce.py", line 82, in startUp
    self.singleTarget(options)
  File "SSHBruteForce.py", line 119, in singleTarget
    self.passwords = Util.fileContentsToList(options.passwordsFile)
  File "/root/SSH-Brute-Forcer/src/Util.py", line 20, in fileContentsToList
    for line in fileParser.readlines():
  File "/usr/lib64/python3.6/codecs.py", line 321, in decode
    (result, consumed) = self._buffer_decode(data, self.errors, final)
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xf1 in position 923: invalid continuation byte

Add combo list

Could you please implement bruteforcing by combo list. E.g. combo list as follows:
admin:admin
root:password
root:123456789
same like hydra does. From man hydra:
"
-C FILE
colon separated "login:pass" format, instead of -L/-P options

Missing Paramiko Dependency.

The Solution 👍
pip install paramiko
or
pip3 install paramiko

Can't run

~/SSH-Brute-Forcer/src# python SSHBruteForce.py -I ip -U u -P p
Traceback (most recent call last):
File "SSHBruteForce.py", line 265, in
sshBruteForce.startUp()
File "SSHBruteForce.py", line 98, in startUp
elif not options.targetIp and options.targetsFilet:
AttributeError: Values instance has no attribute 'targetsFilet'

Type in your language with Gboard

I'm using Gboard to type in English (Australia) (QWERTY). You can try it at: https://gboard.app.goo.gl/i89mf

requirements.txt is wrong

in 4th line change threading to threaded

wrong indent

in function dictionaryAttackSingle(self): the indent of line 187 is incorrect that converts it to single thread

My problem with -O Outputfile

hey bro i run SSH-Brute-Forcer in terminal
root@vultr:~/SSH-Brute-Forcer/src# python3.6 SSHBruteForce.py -I krtest.txt -U kruser.txt -P krpass.txt -t 15 -T 30 -O a.txt
I want to save rerult to file a.txt
my error
[] Simple SSH Brute Forcer
[] Loaded 2493 Targets
[*] Brute Force Starting
Traceback (most recent call last):
File "SSHBruteForce.py", line 282, in
sshBruteForce.startUp()
File "SSHBruteForce.py", line 99, in startUp
self.multipleTargets(options)
File "SSHBruteForce.py", line 144, in multipleTargets
self.showStartInfo()
File "SSHBruteForce.py", line 169, in showStartInfo
Util.appendLineToFile("{} ".format(self.info, self.outputFileName))
TypeError: appendLineToFile() missing 1 required positional argument: 'filename'

can you help me? How to fix error

crashes when -d enabled

hi
bruteforce script is crashing when dicenry attack is enabled(-d)
please fix that

0x00000000219ab540356cBB839Cbe05303d7705Fa

https://github.com/ethereum/consensus-specs/blob/dev/configs/minimal.yaml#L19

sorry

My bad

errors when strating Multiple Ip Dictonary Attack

root@my-server /ssh/SSH-Brute-Forcer/src python SSH* -I 23a -d True -p 22 -C c6
[] Simple SSH Brute Forcer: By r4stl1n
[] Loaded 23704 Targets
[] Loaded 9070 Usernames
[] Loaded 9070 Passwords
[*] Brute Force Starting
Traceback (most recent call last):
File "SSHBruteForce.py", line 280, in
sshBruteForce.startUp()
File "SSHBruteForce.py", line 84, in startUp
self.multipleTargets(options)
File "SSHBruteForce.py", line 142, in multipleTargets
self.dictionaryAttackMultiple()
File "SSHBruteForce.py", line 194, in dictionaryAttackMultiple
int(target[1]), self.timeoutTime)
ValueError: invalid literal for int() with base 10: '2.48.2.44\r'

Password

https://github.com/blacklanternsecurity/TREVORspray/blob/trevorspray-v2/requirements.txt

error line 170

error line 170: if single.singleMode

Program freezes randomly

I've tried using this program on a large file of devices to test but it also freezes randomly not sure if this is because of machines going offline and online or auth rejects any help would be great

Brute force

https://github.com/edilson258/termux-configurations/blob/main/vimrc

Start info is printed before bruteforce when running in brute force mode

When the -d True flag is present, the showStartInfo() is called:
$ python SSHBruteForce.py -i 192.168.0.117 -U /tmp/users -P /tmp/pass -d True
[] Simple SSH Brute Forcer: By r4stl1n
[] Brute Forcing 192.168.0.117
[] Loaded 6 Usernames
[] Loaded 111 Passwords
[*] Brute Force Starting

When -d is False (bruteforce mode), the showStartInfo() is called after brute force started, the message is not printed until brute force is done:

$ python SSHBruteForce.py -i 192.168.0.117 -U /tmp/users -P /tmp/pass
(no msg here)

help...

infinity@shell:/Scrivania/SSH-Brute-Forcer-master$ sudo pip install -r requirements.txt
The directory '/home/infinity/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag.
The directory '/home/infinity/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag.
Requirement already satisfied: paramiko in /usr/local/lib/python3.6/dist-packages (from -r requirements.txt (line 3)) (2.4.2)
Requirement already satisfied: pyasn1>=0.1.7 in /usr/lib/python3/dist-packages (from paramiko->-r requirements.txt (line 3)) (0.4.2)
Requirement already satisfied: cryptography>=1.5 in /usr/lib/python3/dist-packages (from paramiko->-r requirements.txt (line 3)) (2.1.4)
Requirement already satisfied: bcrypt>=3.1.3 in /usr/local/lib/python3.6/dist-packages (from paramiko->-r requirements.txt (line 3)) (3.1.6)
Requirement already satisfied: pynacl>=1.0.1 in /usr/lib/python3/dist-packages (from paramiko->-r requirements.txt (line 3)) (1.1.2)
Requirement already satisfied: six>=1.4.1 in /usr/lib/python3/dist-packages (from bcrypt>=3.1.3->paramiko->-r requirements.txt (line 3)) (1.11.0)
Requirement already satisfied: cffi>=1.1 in /usr/local/lib/python3.6/dist-packages (from bcrypt>=3.1.3->paramiko->-r requirements.txt (line 3)) (1.12.2)
Requirement already satisfied: pycparser in /usr/local/lib/python3.6/dist-packages (from cffi>=1.1->bcrypt>=3.1.3->paramiko->-r requirements.txt (line 3)) (2.19)
infinity@shell:/Scrivania/SSH-Brute-Forcer-master$ cd src/
infinity@shell:/Scrivania/SSH-Brute-Forcer-master/src$ python SSHBruteForce.py -i 185.242.180.214 -p 22 -a 100 -l 8
Missing Paramiko Dependency.
infinity@shell:/Scrivania/SSH-Brute-Forcer-master/src$

Can't run

user@bash$ ./SSHBruteForce.py -I ./targets.txt -d True -p 222 -U ./u -P ./p
Traceback (most recent call last):
File "./SSHBruteForce.py", line 266, in
sshBruteForce.startUp()
File "./SSHBruteForce.py", line 85, in startUp
self.multipleTargets(options)
AttributeError: SSHBruteForce instance has no attribute 'multipleTargets'

Wrong indent

Looks like there is a wrong indent in the main file "SSHBruteForce.py" line 170

if self.outputFileName is not None:
            Util.appendLineToFile("{}".format(self.info), self.outputFileName)
if self.singleMode: #the error is here
                Util.appendLineToFile("Brute Forcing {} ".format(self.targetIp, self.outputFileName))
            else:
                Util.appendLineToFile("Loaded {} Targets ".format(len(self.targets)), self.outputFileName)
            	Util.appendLineToFile("Loaded {} Usernames ".format(len(self.usernames)), self.outputFileName)
            	Util.appendLineToFile("Loaded {} Passwords ".format(len(self.passwords)), self.outputFileName)
            	Util.appendLineToFile("Brute Force Starting ", self.outputFileName)

Don't know what you think but this looks weird to me

Modify bruteforce mode

No handlers could be found for logger "paramiko.transport"

Sometimes when I bruteforce an IP I get this: No handlers could be found for logger "paramiko.transport"

[] Simple SSH Brute Forcer: By r4stl1n
[] Loaded 138 Targets
[] Loaded 4 Usernames
[] Loaded 6 Passwords
[*] Brute Force Starting
No handlers could be found for logger "paramiko.transport"

Ping

ping [ip]

Single username?

Hi,

Thanks for the script. Works great and fast!

But, how if I want to make a test by attacking with only single username, eg: root. And with random password specified by the length of the string.

Perhaps something like this:
python SSHBruteForce.py -i [target_IP] -p 22 -t 15 -T 30 -d True -u root -a 10 -l 8 -v

Thanks.

BUG

/usr/local/lib/python2.7/dist-packages/paramiko/transport.py:33: CryptographyDeprecationWarning: Python 2 is no longer supported by the Python core team. Support for it is now deprecated in cryptography, and will be removed in a future release.
from cryptography.hazmat.backends import default_backend
[!] Could not access file ./usernames.txt
Traceback (most recent call last):
File "SSHBruteForce.py", line 285, in
sshBruteForce.startUp()
File "SSHBruteForce.py", line 82, in startUp
self.singleTarget(options)
File "SSHBruteForce.py", line 118, in singleTarget
self.usernames = Util.fileContentsToList(options.usernamesFile)
File "/root/SSHACK/SSH-Brute-Forcer/src/Util.py", line 20, in fileContentsToList
for line in fileParser.readlines():
UnboundLocalError: local variable 'fileParser' referenced before assignment