Giters

matricali / cbrutekrag

Penetration tests on SSH servers using brute force or dictionary attacks. Written in C.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

sshbrute-forceccommand-line-toolethical-hackingpenetration-testingpentestinglibsshmultithreadingdictionary-attackssh-serverpenetration-testsssh-serversport-scannerhoneypot-detectordictionary-attacksssh-bruteforcebruteforcessh-client

license GitHub contributors Build Status Static Build Status Latest stable release

cbrutekrag

Penetration tests on SSH servers using dictionary attacks. Written in C.

brute krag means "brute force" in afrikáans

Disclaimer

This tool is for ethical testing purpose only. cbrutekrag and its owners can't be held responsible for misuse by users. Users have to act as permitted by local law rules.

Requirements

cbrutekrag uses libssh - The SSH Library (http://www.libssh.org/)

Build

Requirements:

  • make
  • gcc compiler
  • libssh-dev
git clone --depth=1 https://github.com/matricali/cbrutekrag.git
cd cbrutekrag
make
make install

Static build

Requirements:

  • cmake
  • gcc compiler
  • make
  • libssl-dev
  • libz-dev
git clone --depth=1 https://github.com/matricali/cbrutekrag.git
cd cbrutekrag
bash static-build.sh
make install

Run

$ cbrutekrag -h
       _                _       _
      | |              | |     | |
  ___ | |__  _ __ _   _| |_ ___| | ___ __ __ _  __ _
 / __|| '_ \| '__| | | | __/ _ \ |/ / '__/ _` |/ _` |
| (__ | |_) | |  | |_| | ||  __/   <| | | (_| | (_| |
 \___||_.__/|_|   \__,_|\__\___|_|\_\_|  \__,_|\__, |
          OpenSSH Brute force tool 0.5.0        __/ |
      (c) Copyright 2014-2022 Jorge Matricali  |___/


usage: ./cbrutekrag [-h] [-v] [-aA] [-D] [-P] [-T TARGETS.lst] [-C credentials.lst]
                [-t THREADS] [-F OUTPUT FORMAT] [-o OUTPUT.txt] [TARGETS...]

  -h                This help
  -v                Verbose mode
  -V                Verbose mode (sshlib)
  -s                Scan mode
  -D                Dry run
  -P                Progress bar
  -T <targets>      Targets file
  -C <combinations> Username and password file
  -t <threads>      Max threads
  -o <output>       Output log file
  -F <format>       Output log format
                    Available placeholders:
                    %DATETIME%, %HOSTNAME%
                    %PORT%, %USERNAME%, %PASSWORD%
  -a                Accepts non OpenSSH servers
  -A                Allow servers detected as honeypots.

Example usages

cbrutekrag -T targets.txt -C combinations.txt -o result.log
cbrutekrag -s -t 8 -C combinations.txt -o result.log 192.168.1.0/24

Supported targets syntax

  • 192.168.0.1
  • 10.0.0.0/8
  • 192.168.100.0/24:2222
  • 127.0.0.1:2222

Combinations file format

root root
root password
root $BLANKPASS
$TARGET root
root $TARGET

Combinations file placeholders

Placeholder Purpose As password As username
$BLANKPASS Blank password ✔️ -
$TARGET Use hostname or IP as a password ✔️ ✔️

Customizable output format

Output format can be easily customizable using the command line option -F

Example: ./cbrutekrag -F "%HOSTNAME%:%PORT%|%USERNAME%|%PASSWORD%\n", which produces an output like:

192.168.0.100:22|root|toor
192.168.0.105:22|ubnt|ubnt

Default value

%DATETIME%\t%HOSTNAME%:%PORT%\t%USERNAME%\t%PASSWORD%\n

2024/04/01 13:05:13     192.168.0.100:22     root    admin

Placeholders

Placeholder Description Example
%DATETIME% Replaced by Y/m/d HH:ii:ss date 2024/04/01 12:46:27
%HOSTNAME% Replaced by hostname or IPv4 192.168.0.100
%PORT% Replaced by connection port 22
%USERNAME% Replaced by username used root
%PASSWORD% Replaced by password used admin
\n Replaced by LF
\t Replaced by TAB

About

Penetration tests on SSH servers using brute force or dictionary attacks. Written in C.

sshbrute-forceccommand-line-toolethical-hackingpenetration-testingpentestinglibsshmultithreadingdictionary-attackssh-serverpenetration-testsssh-serversport-scannerhoneypot-detectordictionary-attacksssh-bruteforcebruteforcessh-client

License:MIT License

Languages

Language:C 96.1%Language:Shell 2.6%Language:Makefile 1.3%