matricali / cbrutekrag Goto Github PK

Penetration tests on SSH servers using brute force or dictionary attacks. Written in C.

License: MIT License

Makefile 0.68% C 96.66% Shell 1.34% CMake 1.32%

ssh brute-force c command-line-tool ethical-hacking penetration-testing pentesting libssh multithreading dictionary-attack

cbrutekrag's Introduction

cbrutekrag

Penetration tests on SSH servers using dictionary attacks. Written in C.

brute krag means "brute force" in afrikáans

Disclaimer

This tool is for ethical testing purpose only. cbrutekrag and its owners can't be held responsible for misuse by users. Users have to act as permitted by local law rules.

Run

$ cbrutekrag -h
       _                _       _
      | |              | |     | |
  ___ | |__  _ __ _   _| |_ ___| | ___ __ __ _  __ _
 / __|| '_ \| '__| | | | __/ _ \ |/ / '__/ _` |/ _` |
| (__ | |_) | |  | |_| | ||  __/   <| | | (_| | (_| |
 \___||_.__/|_|   \__,_|\__\___|_|\_\_|  \__,_|\__, |
          OpenSSH Brute force tool 0.6.0        __/ |
      (c) Copyright 2014-2024 Jorge Matricali  |___/

      https://github.com/matricali/cbrutekrag


usage: ./cbrutekrag [-h] [-v] [-aA] [-D] [-P] [-T TARGETS.lst] [-C credentials.lst]
                [-t THREADS] [-f OUTPUT FORMAT] [-o OUTPUT.txt] [-F SCAN OUTPUT FORMAT] [-O SCAN_OUTPUT.txt] [TARGETS...]

-h, --help                This help
-v, --verbose             Verbose mode
-V, --verbose-sshlib      Verbose mode (sshlib)
-s, --scan                Scan mode
-D, --dry-run             Dry run
-P, --progress            Progress bar
-T, --targets <file>      Targets file
-C, --credentials <file>  Username and password file
-t, --threads <threads>   Max threads
-o, --output <file>       Output log file
-F, --format <pattern>    Output log format
                          Available placeholders:
                          %DATETIME%, %HOSTNAME%
                          %PORT%, %USERNAME%, %PASSWORD%
-O, --scan-output <file>  Output log file for scanner
-F, --scan-format <pattern> Output log format for scanner
                          Available placeholders:
                          %DATETIME%, %HOSTNAME%
                          %PORT%, %BANNER%.
                          Default:
                          "%HOSTNAME%:%PORT%\t%BANNER%\n"
-a, --allow-non-openssh   Accepts non OpenSSH servers
-A, --allow-honeypots     Allow servers detected as honeypots
    --timeout <seconds>   Sets connection timeout (Default: 3)
    --check-http <host>   Tries to open a TCP Tunnel after successful login

Example usages

cbrutekrag -T targets.txt -C combinations.txt -o result.log
cbrutekrag -s -t 8 -C combinations.txt -o result.log 192.168.1.0/24

Supported targets syntax

192.168.0.1
10.0.0.0/8
192.168.100.0/24:2222
127.0.0.1:2222

Combinations file format

root root
root password
root $BLANKPASS
$TARGET root
root $TARGET

Combinations file placeholders

Placeholder	Purpose	As password	As username
$BLANKPASS	Blank password	✔️	-
$TARGET	Use hostname or IP as a password	✔️	✔️

Customizable output format

Output format can be easily customizable using the command line option -f

Example: ./cbrutekrag -f "%HOSTNAME%:%PORT%|%USERNAME%|%PASSWORD%\n", which produces an output like:

192.168.0.100:22|root|toor
192.168.0.105:22|ubnt|ubnt

Default value

%DATETIME%\t%HOSTNAME%:%PORT%\t%USERNAME%\t%PASSWORD%\n

2024/04/01 13:05:13     192.168.0.100:22     root    admin

Placeholders

Placeholder	Description	Example
%DATETIME%	Replaced by `Y/m/d HH:ii:ss` date	2024/04/01 12:46:27
%HOSTNAME%	Replaced by hostname or IPv4	192.168.0.100
%PORT%	Replaced by connection port	22
%USERNAME%	Replaced by username used	root
%PASSWORD%	Replaced by password used	admin
\n	Replaced by LF
\t	Replaced by TAB

Customizable output format for scanner

Output format can be easily customizable using the command line option -F

Example: ./cbrutekrag -F "%HOSTNAME%\t%PORT%\t%BANNER%\n", which produces an output like:

192.168.0.100 22  SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2
192.168.0.105 22  SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2

Default value

%HOSTNAME%:%PORT%\t%BANNER%\n

192.168.0.100:22  SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2

Placeholders

Placeholder	Description	Example
%DATETIME%	Replaced by `Y/m/d HH:ii:ss` date	2024/04/01 12:46:27
%HOSTNAME%	Replaced by hostname or IPv4	192.168.0.100
%PORT%	Replaced by connection port	22
%BANNER%	Replaced by server banner	SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2
\n	Replaced by LF
\t	Replaced by TAB

Requirements

cbrutekrag uses libssh - The SSH Library (http://www.libssh.org/)

Build

Requirements:

make
gcc compiler
libssh-dev

git clone --depth=1 https://github.com/matricali/cbrutekrag.git
cd cbrutekrag
make
make install

Static build

Requirements:

cmake
gcc compiler
make
libssl-dev
libz-dev

git clone --depth=1 https://github.com/matricali/cbrutekrag.git
cd cbrutekrag
bash static-build.sh
make install

cbrutekrag's People

Contributors

Stargazers

Watchers

cbrutekrag's Issues

Support for port on the targets list

Hello author!
This is a very good project. But I think he can improve it.
When infiltrating into the internal network, we often encounter many SSH protocols for non-standard ports.
When loading a target, I want to test the target in this format.
192.168.1.1#Default 22
192.168.1.2:2222
192.168.1.3:22022
This allows you to test different target ports simultaneously. If you do this, you don't need the -p parameter.
Looking forward to your reply

Port ranges

Improve the selection of ports, adding the possibility of specifying a list of ports or port ranges.

For example:
-p 22,2022,2200-2299

static build compile error...help

[root@localhost cbrutekrag]# ./static-build.sh
~/test/cbrutekrag/external/libssh-0.9.3/build ~/test/cbrutekrag
-- Could NOT find NaCl (missing: NACL_LIBRARIES NACL_INCLUDE_DIRS)
-- Threads_FOUND=TRUE
-- ********************************************
-- ********** libssh build options : **********
-- zlib support: ON
-- libgcrypt support: OFF
-- libmbedTLS support: OFF
-- libnacl support: OFF
-- SFTP support: ON
-- Server support : ON
-- GSSAPI support : ON
-- GEX support : ON
-- Pcap debugging support : ON
-- Build shared library: OFF
-- Unit testing: OFF
-- Client code testing: OFF
-- Blowfish cipher support: OFF
-- Server code testing: OFF
-- Public API documentation generation
-- Benchmarks: OFF
-- Symbol versioning: ON
-- Allow ABI break: OFF
-- Release is final:
-- Global client config: /etc/ssh/ssh_config
-- Global bind config: /etc/ssh/libssh_server_config
-- ********************************************
-- Configuring done
-- Generating done
-- Build files have been written to: /root/test/cbrutekrag/external/libssh-0.9.3/build
[ 1%] Searching for files
[ 1%] Built target dev_header_list_int
[ 1%] Built target dev_header_list
[ 2%] Extracting symbols from headers
[ 2%] Built target libssh_dev.symbols_int
[ 2%] Built target libssh_dev.symbols
[ 4%] Generating the map libssh_dev.map
[WARNING] Overwriting existing file '/root/test/cbrutekrag/external/libssh-0.9.3/build/src/libssh_dev.map'
No symbols added or removed. Nothing done.
[ 4%] Built target libssh_dev.map_int
[ 4%] Built target libssh_dev.map
[100%] Built target ssh
~/test/cbrutekrag
rm -f obj/cbrutekrag.o obj/log.o obj/str.o obj/iprange.o obj/progressbar.o obj/bruteforce_ssh.o obj/detection.o obj/target.o obj/credentials.o obj/macrowrapper.o
mkdir -p obj
Compiled src/cbrutekrag.c successfully!
Compiled src/log.c successfully!
Compiled src/str.c successfully!
Compiled src/iprange.c successfully!
Compiled src/progressbar.c successfully!
Compiled src/bruteforce_ssh.c successfully!
Compiled src/detection.c successfully!
Compiled src/target.c successfully!
Compiled src/credentials.c successfully!
Compiled src/macrowrapper.c successfully!
/usr/bin/ld: cannot find -lrt
/usr/bin/ld: cannot find -lcrypto
/usr/bin/ld: cannot find -lz
/usr/bin/ld: cannot find -lpthread
/usr/bin/ld: cannot find -ldl
/usr/bin/ld: cannot find -lc
collect2: error: ld returned 1 exit status
make: *** [cbrutekrag] Error 1

check your email! :)

check your email bro i sent something there !

Detect SonicWall SSH

I still got many duplicates output from honeypot would be great if cbrutekrag could skip the same cracked IP

Progress bar bug

When the terminal size is too low the progress bar gets stuck

Parsing error , Invalid port

if this script is not the fastest script , its one of the best and fastest ssh brute tools on github ,but in version 0.6.0 when trying to brute ip addrsses from list code gives error (An error occurred parsing ... on line .. , Ivalid port (22 ) format of file is ip:port , i tried previous versions and they were fine

Option to only scan good IPs and other option to export good IPs while running brute forcing to a new file (different with ouput file). Specs grabber

That way we can recheck those IPs again with different combo, and with specs grabber we can filter server by cpu/ram...

Add option to output -s (Scan) results

Hi,
Please add an option to output filtered hosts from -s option.
Thanks

Static Compile issue

Ubuntu 22.0, CentOS 8 similar error

~/cbrutekrag
rm -f obj/cbrutekrag.o obj/log.o obj/str.o obj/iprange.o obj/progressbar.o obj/bruteforce_ssh.o obj/detection.o obj/target.o obj/credentials.o
mkdir -p obj
Compiled src/cbrutekrag.c successfully!
Compiled src/log.c successfully!
Compiled src/str.c successfully!
Compiled src/iprange.c successfully!
Compiled src/progressbar.c successfully!
Compiled src/bruteforce_ssh.c successfully!
Compiled src/detection.c successfully!
Compiled src/target.c successfully!
Compiled src/credentials.c successfully!
/usr/bin/ld: obj/log.o:/root/cbrutekrag/src/log.c:30: multiple definition of `g_verbose'; obj/cbrutekrag.o:/root/cbrutekrag/src/cbrutekrag.c:46: first defined here
/usr/bin/ld: obj/detection.o: in function `detection_detect_ssh':
/root/cbrutekrag/src/detection.c:156: undefined reference to `FdSet'
collect2: error: ld returned 1 exit status
make: *** [Makefile.static:31: cbrutekrag] Error 1

Build failing on Debian 7 and Debian 8 i386

On Debian Wheezy

W: Failed to fetch http://deb.debian.org/debian/dists/wheezy/main/binary-amd64/Packages  404  Not Found
W: Failed to fetch http://deb.debian.org/debian/dists/wheezy-updates/main/binary-amd64/Packages  404  Not Found
W: Failed to fetch http://security.debian.org/dists/wheezy/updates/main/binary-amd64/Packages  404  Not Found
W: Failed to fetch http://ftp.debian.org/debian/dists/wheezy-backports/main/source/Sources  404  Not Found
W: Failed to fetch http://ftp.debian.org/debian/dists/wheezy-backports/main/binary-amd64/Packages  404  Not Found
E: Some index files failed to download. They have been ignored, or old ones used instead.
make: *** [/build/cbrutekrag_0.4.6-1_amd64.changes] Error 100

On Debian Jessie arch=i386

W: There is no public key available for the following key IDs:
AA8E81B4331F7F50
W: Failed to fetch http://ftp.debian.org/debian/dists/jessie-backports/main/source/Sources  404  Not Found
W: Failed to fetch http://ftp.debian.org/debian/dists/jessie-backports/main/binary-i386/Packages  404  Not Found
E: Some index files failed to download. They have been ignored, or old ones used instead.
/pack//deb.mk:115: recipe for target '/build/cbrutekrag_0.4.6-1_i386.changes' failed
make: *** [/build/cbrutekrag_0.4.6-1_i386.changes] Error 100

Implement Fake Process

Hello !
A Fake Process will be awesome.
This is an example of a fake process command line :

trcpy(argv[0],FAKE); // fake the proccess name.
while(fgets(buff,sizeof(buff),fp))
{
c=strchr(buff,'n');
if(c!=NULL) *c='.';
if (!(fork()))
{
where=0;
// printf("--> attacking %s",buff);
for (i=0; i<count; i=i+2){
// printf("--> Trying %s:%s %sn",a[i],a[i+1],buff);
checkauth(a[i],a[i+1],buff); // try to auth
}
exit(0);

this is taken from
https://github.com/MrMugiwara/against-cracker/blob/master/against.py
Of course, this is py, but i guess this can also be done in C.
Thank you, Brother !

./cbrutekrag -sa -o LOCAL.log -t 1 10.9.1.160
           _                _       _
          | |              | |     | |
      ___ | |__  _ __ _   _| |_ ___| | ___ __ __ _  __ _
     / __|| '_ \| '__| | | | __/ _ \ |/ / '__/ _` |/ _` |
    | (__ | |_) | |  | |_| | ||  __/   <| | | (_| | (_| |
     \___||_.__/|_|   \__,_|\__\___|_|\_\_|  \__,_|\__, |
              OpenSSH Brute force tool 0.5.0        __/ |
          (c) Copyright 2014-2018 Jorge Matricali  |___/


Amount of username/password combinations: 7
Number of targets: 1
Total attemps: 7
Max threads: 1

[2020/01/22 14:51:59] Starting servers discoverage process...
[2020/01/22 14:51:59] [!] 10.9.1.160:22 - SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.3
[2020/01/22 14:51:59] Detection process took 0.123840 seconds.
[2020/01/22 14:51:59] Number of targets after filtering: 1.
[2020/01/22 14:51:59] Starting brute-force process...
[2020/01/22 14:52:07] Error: signal 11:

./cbrutekrag(err_handler+0x2b)[0x5639f850de5b]
/lib/x86_64-linux-gnu/libc.so.6(+0x3ef20)[0x7f818b551f20]
/lib/x86_64-linux-gnu/libc.so.6(+0xa9e8a)[0x7f818b5bce8a]
./cbrutekrag(main+0x411)[0x5639f850d881]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xe7)[0x7f818b534b97]
./cbrutekrag(_start+0x2a)[0x5639f850dd4a]

matricali / cbrutekrag Goto Github PK

cbrutekrag's Introduction

cbrutekrag

Disclaimer

Run

Example usages

Supported targets syntax

Combinations file format

Combinations file placeholders

Customizable output format

Default value

Placeholders

Customizable output format for scanner

Default value

Placeholders

Requirements

Build

Static build

cbrutekrag's People

Contributors

Stargazers

Watchers

Forkers

cbrutekrag's Issues

Recommend Projects

Recommend Topics

Recommend Org