Skip to content

Turn PuTTY into an SSH login bruteforcing tool.

License

GPL-3.0, Unknown licenses found

Licenses found

GPL-3.0
LICENSE
Unknown
LICENSE-PuTTY
Notifications You must be signed in to change notification settings

InfosecMatter/SSH-PuTTY-login-bruteforcer

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

SSH PuTTY login bruteforcer

The ssh-putty-brute.ps1 is a wrapper script which uses PuTTY clients (either putty.exe or plink.exe) to perform SSH login bruteforce attacks.

See the main article for detailed description: https://www.infosecmatter.com/ssh-brute-force-attack-tool-using-putty-plink-ssh-putty-brute-ps1/

Usage and examples

The tool requires either putty.exe or plink.exe executables in the PATH or in the current working directory.

Here's how to use this tool:

import-module .\ssh-putty-brute.ps1

# Usage:
ssh-putty-brute [-h ip|ips.txt] [-p port] [-u user|users.txt] [-pw pass|pwdlist.txt]

# Examples:
ssh-putty-brute -h 10.10.5.11 -p 22 -u root -pw P@ssw0rd
ssh-putty-brute -h 10.10.5.11 -p 22 -u root -pw (Get-Content .\pwdlist.txt)

Screenshots

SSH login attack against a single target:

ssh-putty-bruteforce-login-attack-0

SSH password spraying accross the network:

ssh-putty-bruteforce-login-attack-password-spraying

Hunting for default SSH credentials:

ssh-putty-bruteforce-login-attack-full

For more information, visit: https://www.infosecmatter.com/ssh-brute-force-attack-tool-using-putty-plink-ssh-putty-brute-ps1/

Releases

No releases published

Packages

No packages published