-
-
Notifications
You must be signed in to change notification settings - Fork 137
ssh_connector.py
This document provides a detailed step-by-step explanation of how the ssh_connector.py
script operates. This script is designed to perform a brute force attack on SSH services (port 22) to identify accessible accounts using various user credentials. Successful connections are logged for further use.
-
Filename:
ssh_connector.py
- Purpose: To conduct brute force attacks on SSH services by attempting multiple user credential combinations and logging successful connections.
The script imports the following modules:
-
Standard Libraries:
os
pandas
paramiko
socket
threading
logging
time
-
External Libraries:
rich.console
rich.progress
-
Custom Modules:
SharedData
Logger
The logger is configured to log messages for ssh_connector.py
at the DEBUG level, ensuring detailed logging of events and errors.
Global variables are defined to provide metadata about the class and module, including:
b_class = "SSHBruteforce"
b_module = "ssh_connector"
b_status = "brute_force_ssh"
b_port = 22
b_parent = None
The SSHBruteforce
class manages the overall process of conducting the SSH brute force attack. It coordinates the attack process and updates the status based on the results.
-
Attributes: Initializes shared data and creates an instance of
SSHConnector
. - Logger: Logs the initialization of the SSH connector.
- Purpose: Initiates the brute force attack on the specified IP and port.
- Logging: Logs the start of the brute force process.
- Returns: The result of the brute force attempt, indicating success or failure.
- Purpose: Executes the brute force attack and updates the status key based on the result.
- Logging: Logs the execution attempt and updates the shared data status.
The SSHConnector
class handles the connection attempts during the brute force attack and manages the results of successful connections.
- Attributes: Sets up shared data, reads user and password lists, and prepares the results file.
- File Handling: Checks if the results file exists; if not, creates it with appropriate headers.
- Purpose: Loads the netkb file and filters it for entries with SSH ports.
- Details: Reads the file and ensures the "Ports" column contains port 22 entries.
- Purpose: Attempts to establish an SSH connection using the provided credentials.
-
Error Handling: Catches exceptions such as
paramiko.AuthenticationException
,socket.error
, andparamiko.SSHException
, logging connection failures. - Returns: A boolean indicating whether the connection was successful.
- Purpose: Executes the brute force attack by iterating over user and password combinations.
-
Progress Tracking: Utilizes
rich.progress
to display the progress of the brute force attack. - Result Logging: Logs successful connections and saves results immediately.
-
Duplicate Removal: Calls
removeduplicates
to ensure no duplicate entries in the results file.
- Purpose: Saves the results of successful connection attempts to a CSV file.
- Details: Converts results to a DataFrame and appends them to the CSV file, ensuring no duplicates.
- Purpose: Removes duplicate entries from the results CSV file.
- Details: Reads the CSV, drops duplicate rows, and rewrites the file without duplicates.
- The
SSHBruteforce
class is initialized with shared data, creating an instance ofSSHConnector
and logging the initialization process.
- The
load_scan_file
method is called to load and filter the netkb file for entries with SSH ports.
- The
bruteforce_ssh
method initiates the brute force attack on a given IP and port by callingrun_bruteforce
.
-
Progress Tracking: Uses
rich.progress
to monitor and display the progress of the attack. -
Connection Attempts: Iterates over the user and password lists, attempting to connect using
ssh_connect
. - Result Logging: Logs successful connections and saves results to a CSV file.
-
Duplicate Removal: Ensures no duplicate entries in the results file by calling
removeduplicates
.
-
Success/Failure: The
execute
method updates the status based on the result of the brute force attack, logging the outcome.
The SSHBruteforce
class is integrated into the orchestrator and called via its execute
method. The process involves:
-
Receiving Target Details: The orchestrator provides IP and port details to the
SSHBruteforce
class. -
Performing Attack: The
execute
method carries out the brute force attack. - Updating Orchestrator: The status (success or failure) is returned to the orchestrator for further action.