How to SSH bruteforce on Linux/Mac OS X

SSH is an acronym for Secure Socket sHell, which provides a secure connection access to a remote machine.

By using this SSH Bruteforce tool, you can test security stuff like iptables, sshguard or fail2ban to see whether the rules or policy that have been set working or not. You also able to see the procedure of real hacking attempt.

Like most of brute forcing tools, first you’ll need a big passlist. You can get one from here:

Get SSHBrute python script:

To get it to work you will need this packages:

For Mac OS X user, this is the requirement:

  • Xcode 4.3 (App Store link) or later installed including Command Line Tools or install GCC and Command Line Tools without Xcode
  • Get Paramiko 1.7.7.2+ (or whatever the newest version is), this package includes PyCrypto

Download Paramiko at here:

Then, unzip the Paramiko archive and go to that directory:

Type the following command to start installing:

After that, unzip SSHBrute:

Go to SSHBrute directory:

To start the script, run this command:

The parameter:
-h = hostname/IP address
-u = username/username list
-d = password list

This is how the tool works:

One thought on “How to SSH bruteforce on Linux/Mac OS X

  1. Bruno

    I tried
    gh0st:brutessh zer0$ python brutessh.py -h IP_ADDRESS -u USER -d passlist.txt
    and it didn’t work. I had to use
    python brutessh.py -h IP_ADDRESS -u USER -d passlist.txt

    hope this helps other people

    Reply

Any Comments?