Penetration tests on SSH servers using dictionary attacks. Written in C.
brute krag means "brute force" in afrikáans
This tool is for ethical testing purpose only. cbrutekrag and its owners can't be held responsible for misuse by users. Users have to act as permitted by local law rules.
$ cbrutekrag -h
_ _ _
| | | | | |
___ | |__ _ __ _ _| |_ ___| | ___ __ __ _ __ _
/ __|| '_ \| '__| | | | __/ _ \ |/ / '__/ _` |/ _` |
| (__ | |_) | | | |_| | || __/ <| | | (_| | (_| |
\___||_.__/|_| \__,_|\__\___|_|\_\_| \__,_|\__, |
OpenSSH Brute force tool 0.6.0 __/ |
(c) Copyright 2014-2024 Jorge Matricali |___/
https://github.com/matricali/cbrutekrag
usage: ./cbrutekrag [-h] [-v] [-aA] [-D] [-P] [-T TARGETS.lst] [-C credentials.lst]
[-t THREADS] [-f OUTPUT FORMAT] [-o OUTPUT.txt] [-F SCAN OUTPUT FORMAT] [-O SCAN_OUTPUT.txt] [TARGETS...]
-h, --help This help
-v, --verbose Verbose mode
-V, --verbose-sshlib Verbose mode (sshlib)
-s, --scan Scan mode
-D, --dry-run Dry run
-P, --progress Progress bar
-T, --targets <file> Targets file
-C, --credentials <file> Username and password file
-t, --threads <threads> Max threads
-o, --output <file> Output log file
-F, --format <pattern> Output log format
Available placeholders:
%DATETIME%, %HOSTNAME%
%PORT%, %USERNAME%, %PASSWORD%
-O, --scan-output <file> Output log file for scanner
-F, --scan-format <pattern> Output log format for scanner
Available placeholders:
%DATETIME%, %HOSTNAME%
%PORT%, %BANNER%.
Default:
"%HOSTNAME%:%PORT%\t%BANNER%\n"
-a, --allow-non-openssh Accepts non OpenSSH servers
-A, --allow-honeypots Allow servers detected as honeypots
--timeout <seconds> Sets connection timeout (Default: 3)
--check-http <host> Tries to open a TCP Tunnel after successful login
cbrutekrag -T targets.txt -C combinations.txt -o result.log
cbrutekrag -s -t 8 -C combinations.txt -o result.log 192.168.1.0/24
- 192.168.0.1
- 10.0.0.0/8
- 192.168.100.0/24:2222
- 127.0.0.1:2222
root root
root password
root $BLANKPASS
$TARGET root
root $TARGET
Placeholder | Purpose | As password | As username |
---|---|---|---|
$BLANKPASS | Blank password | ✔️ | - |
$TARGET | Use hostname or IP as a password | ✔️ | ✔️ |
Output format can be easily customizable using the command line option -f
Example: ./cbrutekrag -f "%HOSTNAME%:%PORT%|%USERNAME%|%PASSWORD%\n"
, which
produces an output like:
192.168.0.100:22|root|toor
192.168.0.105:22|ubnt|ubnt
%DATETIME%\t%HOSTNAME%:%PORT%\t%USERNAME%\t%PASSWORD%\n
2024/04/01 13:05:13 192.168.0.100:22 root admin
Placeholder | Description | Example |
---|---|---|
%DATETIME% | Replaced by Y/m/d HH:ii:ss date |
2024/04/01 12:46:27 |
%HOSTNAME% | Replaced by hostname or IPv4 | 192.168.0.100 |
%PORT% | Replaced by connection port | 22 |
%USERNAME% | Replaced by username used | root |
%PASSWORD% | Replaced by password used | admin |
\n | Replaced by LF | |
\t | Replaced by TAB |
Output format can be easily customizable using the command line option -F
Example: ./cbrutekrag -F "%HOSTNAME%\t%PORT%\t%BANNER%\n"
, which
produces an output like:
192.168.0.100 22 SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2
192.168.0.105 22 SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2
%HOSTNAME%:%PORT%\t%BANNER%\n
192.168.0.100:22 SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2
Placeholder | Description | Example |
---|---|---|
%DATETIME% | Replaced by Y/m/d HH:ii:ss date |
2024/04/01 12:46:27 |
%HOSTNAME% | Replaced by hostname or IPv4 | 192.168.0.100 |
%PORT% | Replaced by connection port | 22 |
%BANNER% | Replaced by server banner | SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2 |
\n | Replaced by LF | |
\t | Replaced by TAB |
cbrutekrag uses libssh - The SSH Library (http://www.libssh.org/)
Requirements:
make
gcc
compilerlibssh-dev
git clone --depth=1 https://github.com/matricali/cbrutekrag.git
cd cbrutekrag
make
make install
Requirements:
cmake
gcc
compilermake
libssl-dev
libz-dev
git clone --depth=1 https://github.com/matricali/cbrutekrag.git
cd cbrutekrag
bash static-build.sh
make install