Penetration tests on SSH servers using brute force or dictionary attacks. Written in Python.
brute krag means "brute force" in afrikáans
This tool is for ethical testing purpose only.
brutekrag and its owners can't be held responsible for misuse by users.
Users have to act as permitted by local law rules.
- Python 2.7
- see requeriments.txt
It can be easily installed using pip
pip install brutekrag
Then you can do
$ brutekrag --help
usage: brutekrag [-h] [-t TARGET] [-T TARGETS] [-pF PASSWORDS] [-uF USERS]
[-sF SINGLE] [--separator SEPARATOR] [-p PORT] [-u USER]
[-P PASSWORD] [--timeout TIMEOUT] [--threads THREADS]
[-o OUTPUT] [--progress] [-v] [--version]
_ _ _
| | | | | |
| |__ _ __ _ _| |_ ___| | ___ __ __ _ __ _
| '_ \| '__| | | | __/ _ \ |/ / '__/ _` |/ _` |
| |_) | | | |_| | || __/ <| | | (_| | (_| |
|_.__/|_| \__,_|\__\___|_|\_\_| \__,_|\__, |
OpenSSH Brute force tool 0.3.1 __/ |
(c) Copyright 2014 Jorge Matricali |___/
optional arguments:
-h, --help show this help message and exit
-t TARGET, --target TARGET
Target hostname or IPv4.
-T TARGETS, --targets TARGETS
Targets file that containas one hostname or IPv4 per line.
-pF PASSWORDS, --passwords PASSWORDS
Path to password dictionary file. One password per line.
-uF USERS, --users USERS
Path to users list file. One user per line.
-sF SINGLE, --single SINGLE
Path to a file that contains a combination of both username and password. One combination per line, separated by space character by default.
--separator SEPARATOR
Custom username/password separator. It's should be used in conjunction with -sF.
-p PORT, --port PORT Target port (default 22).
-u USER, --user USER Single user bruteforce.
-P PASSWORD, --password PASSWORD
Single password bruteforce.
--timeout TIMEOUT Connection timeout (in seconds, 1 default).
--threads THREADS Total number of threads to use (default 1).
-o OUTPUT, --output OUTPUT
Output file for compromised hosts.
--progress Progress bar.
-v, --verbose Verbose output.
--version Prints version and banner.
# One target, one user, many passwords
brutekrag -t 10.10.0.14 --user root --passwords passwords.txt
# Many targets, one user, empty password
brutekrag -T targets.txt --user root --password ''
# One target, many pre-made combinations of user and password
brutekrag -t 192.168.0.1 --single combined.txt