【安全工具】SSH暴力破解工具

admin
admin
admin
140350
文章
117
评论
2023年5月16日08:07:43评论75 views字数 2186阅读7分17秒阅读模式

点击上方蓝字“Ots安全”一起玩耍

用 Python 编写的模块化暴力破解工具,用于非常快速的密码喷射 SSH,以及不久的将来其他网络服务。


即将推出:FTP、SMB、HTTP(s) POST、HTTP(s) GET、HTTP BASIC AUTH 感谢@0dayctf、Rondons、Enigma 和 001 的测试和贡献


安装:

cd /opt git clone https://github.com/Cerbrutus-BruteForcer/cerbrutus

用法:

python3 /opt/cerbrutus/cerbrutus.py --helpusage: cerbrutus.py [-h] -U USERS -P PASSWORDS [-p PORT] [-t THREADS] [-q [QUIET [QUIET ...]]] Host Service
Python based network brute forcing tool!
positional arguments:  Host                  The host to connect to - in IP or VHOST/Domain Name form  Service               The service to brute force (currently implemented 'SSH')
optional arguments:  -h, --help            show this help message and exit  -U USERS, --users USERS                        Either a single user, or the path to the file of users you wish to use  -P PASSWORDS, --passwords PASSWORDS                        Either a single password, or the path to the password list you wish to use  -p PORT, --port PORT  The port you wish to target (only required if running on a non standard port)        -t THREADS, --threads THREADSNumber of threads to use  -q [QUIET [QUIET ...]], --quiet [QUIET [QUIET ...]]Do not print banner
/opt/cerbrutus/cerbrutus.py 10.10.10.10 SSH -U "username" -P /opt/wordlists/fasttrack.txt -t 10
        ================================================================            __    ___  ____   ____   ____  __ __  ______  __ __  _____           /  ]  /  _]|     |     |    |  |  ||      ||  |  |/ ___/          /  /  /  [_ |  D  )|  o  )|  D  )  |  ||      ||  |  (   _         /  /  |    _]|    / |     ||    /|  |  ||_|  |_||  |  |__  |        /   _ |   [_ |     |  O  ||    |  :  |  |  |  |  :  |/   |             ||     ||  .  |     ||  .       |  |  |  |     |    |         ____||_____||__|_||_____||__|_|__,_|  |__|   __,_| ___|
        Network Brute Force Tool        https://github.com/Cerbrutus-BruteForcer/cerbrutus        ================================================================
[*] - Initialising password list...Read in 224 words from /opt/wordlists/fasttrack.txt[+] - Running with 10 threads...[*] - Starting attack against [email protected][*] - Trying: 65/224

测试运行:

# The password is in line number 12600 in rockyou

64 threads -> 1400 seconds ~ 7 minutes (hydra took 30 minutes)1000 threads -> 464 seconds -> 27 requests per second100 threads took 1000 seconds -> 12 requests per second 

# the password is in line 460 100 threads took 32 seconds -> 14 requests per second1000 threads took 16 seconds -> 28 requests per second64 threads took 51 seconds -> 9 requests per second (hydra took the same time)

# word number 20k in rockyou1100 threads took 637 seconds which means 31 rps110 threads took 1457 seconds so that's 13.7 rps

使用 paramiko 的自定义实现来克服为 ssh 暴力破解实现它的一些小问题。- https://github.com/paramiko/paramiko/


项目地址:https://github.com/Cerbrutus-BruteForcer/cerbrutus

【安全工具】SSH暴力破解工具

原文始发于微信公众号(Ots安全):【安全工具】SSH暴力破解工具

免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2023年5月16日08:07:43
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   【安全工具】SSH暴力破解工具https://cn-sec.com/archives/1105655.html
                  免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉.

发表评论

匿名网友 填写信息