Python bot for brute force SSH testing
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
|
|
# [How to Brute-Force SSH Servers in Python](https://www.thepythoncode.com/article/brute-force-ssh-servers-using-paramiko-in-python)
|
|
|
|
|
|
|
|
|
|
This project aims to demonstrate botted SSH brute force hacking with a Python script.
|
|
|
|
|
It is used with a dictionnary (wordlist.txt).
|
|
|
|
|
|
|
|
|
|
## INSTALLATION
|
|
|
|
|
|
|
|
|
|
```bash
|
|
|
|
|
pip3 install -r requirements.txt
|
|
|
|
|
```
|
|
|
|
|
- Help:
|
|
|
|
|
```bash
|
|
|
|
|
python bruteforce_ssh.py --help
|
|
|
|
|
```
|
|
|
|
|
**Output:**
|
|
|
|
|
```bash
|
|
|
|
|
usage: bruteforce_ssh.py [-h] [-P PASSLIST] [-u USER] host
|
|
|
|
|
|
|
|
|
|
SSH Bruteforce Python script.
|
|
|
|
|
|
|
|
|
|
positional arguments:
|
|
|
|
|
host Hostname or IP Address of SSH Server to bruteforce.
|
|
|
|
|
|
|
|
|
|
optional arguments:
|
|
|
|
|
-h, --help show this help message and exit
|
|
|
|
|
-P PASSLIST, --passlist PASSLIST
|
|
|
|
|
File that contain password list in each line.
|
|
|
|
|
-u USER, --user USER Host username.
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
## UTILISATION
|
|
|
|
|
|
|
|
|
|
If you want to bruteforce against the server `192.168.1.101` for example, the user `root` and a password list of `wordlist.txt`:
|
|
|
|
|
```bash
|
|
|
|
|
python bruteforce_ssh.py 192.168.1.101 -u root -P wordlist.txt
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
## UPDATE
|
|
|
|
|
|
|
|
|
|
- [x] 09/11/22: add "allow_agent=False,look_for_keys=False" to client.connect() args to avoid "Quota exceeded, retrying with delay..." error.
|
