Penetration tests on SSH servers using dictionary attacks. Written in C.
brute krag means "brute force" in afrikáans
This tool is for ethical testing purpose only. cbrutekrag and its owners can't be held responsible for misuse by users. Users have to act as permitted by local law rules.
$ cbrutekrag -h
_ _ _
| | | | | |
___ | |__ _ __ _ _| |_ ___| | ___ __ __ _ __ _
/ __|| '_ \| '__| | | | __/ _ \ |/ / '__/ _` |/ _` |
| (__ | |_) | | | |_| | || __/ <| | | (_| | (_| |
\___||_.__/|_| \__,_|\__\___|_|\_\_| \__,_|\__, |
OpenSSH Brute force tool 0.6.0 __/ |
(c) Copyright 2014-2024 Jorge Matricali |___/
https://github.com/matricali/cbrutekrag
usage: ./cbrutekrag [-h] [-v] [-aA] [-D] [-P] [-T TARGETS.lst] [-C credentials.lst]
[-t THREADS] [-f OUTPUT FORMAT] [-o OUTPUT.txt] [-F SCAN OUTPUT FORMAT] [-O SCAN_OUTPUT.txt] [TARGETS...]
-h, --help This help
-v, --verbose Verbose mode
-V, --verbose-sshlib Verbose mode (sshlib)
-s, --scan Scan mode
-D, --dry-run Dry run
-P, --progress Progress bar
-T, --targets <file> Targets file
-C, --credentials <file> Username and password file
-t, --threads <threads> Max threads
-o, --output <file> Output log file
-F, --format <pattern> Output log format
Available placeholders:
%DATETIME%, %HOSTNAME%
%PORT%, %USERNAME%, %PASSWORD%
-O, --scan-output <file> Output log file for scanner
-F, --scan-format <pattern> Output log format for scanner
Available placeholders:
%DATETIME%, %HOSTNAME%
%PORT%, %BANNER%.
Default:
"%HOSTNAME%:%PORT%\t%BANNER%\n"
-a, --allow-non-openssh Accepts non OpenSSH servers
-A, --allow-honeypots Allow servers detected as honeypots
--timeout <seconds> Sets connection timeout (Default: 3)
--check-http <host> Tries to open a TCP Tunnel after successful logincbrutekrag -T targets.txt -C combinations.txt -o result.log
cbrutekrag -s -t 8 -C combinations.txt -o result.log 192.168.1.0/24- 192.168.0.1
- 10.0.0.0/8
- 192.168.100.0/24:2222
- 127.0.0.1:2222
root root
root password
root $BLANKPASS
$TARGET root
root $TARGET
| Placeholder | Purpose | As password | As username |
|---|---|---|---|
| $BLANKPASS | Blank password | ✔️ | - |
| $TARGET | Use hostname or IP as a password | ✔️ | ✔️ |
Output format can be easily customizable using the command line option -f
Example: ./cbrutekrag -f "%HOSTNAME%:%PORT%|%USERNAME%|%PASSWORD%\n", which
produces an output like:
192.168.0.100:22|root|toor
192.168.0.105:22|ubnt|ubnt
%DATETIME%\t%HOSTNAME%:%PORT%\t%USERNAME%\t%PASSWORD%\n
2024/04/01 13:05:13 192.168.0.100:22 root admin
| Placeholder | Description | Example |
|---|---|---|
| %DATETIME% | Replaced by Y/m/d HH:ii:ss date |
2024/04/01 12:46:27 |
| %HOSTNAME% | Replaced by hostname or IPv4 | 192.168.0.100 |
| %PORT% | Replaced by connection port | 22 |
| %USERNAME% | Replaced by username used | root |
| %PASSWORD% | Replaced by password used | admin |
| \n | Replaced by LF | |
| \t | Replaced by TAB |
Output format can be easily customizable using the command line option -F
Example: ./cbrutekrag -F "%HOSTNAME%\t%PORT%\t%BANNER%\n", which
produces an output like:
192.168.0.100 22 SSH-2.0-OpenSSH_6.0p1 Debian-4+deb7u2
192.168.0.105 22 SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2
%HOSTNAME%:%PORT%\t%BANNER%\n
192.168.0.100:22 SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2
| Placeholder | Description | Example |
|---|---|---|
| %DATETIME% | Replaced by Y/m/d HH:ii:ss date |
2024/04/01 12:46:27 |
| %HOSTNAME% | Replaced by hostname or IPv4 | 192.168.0.100 |
| %PORT% | Replaced by connection port | 22 |
| %BANNER% | Replaced by server banner | SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2 |
| \n | Replaced by LF | |
| \t | Replaced by TAB |
cbrutekrag uses libssh - The SSH Library (http://www.libssh.org/)
Requirements:
makegcccompilerlibssh-dev
git clone --depth=1 https://github.com/matricali/cbrutekrag.git
cd cbrutekrag
make
make installRequirements:
cmakegcccompilermakelibssl-devlibz-dev
git clone --depth=1 https://github.com/matricali/cbrutekrag.git
cd cbrutekrag
bash static-build.sh
make install