https://github.com/s-r-e-e-r-a-j/sshbuster

SSHBuster is a powerful command-line SSH brute-forcing tool designed for ethical hacking and penetration testing. It performs dictionary-based attacks to find valid SSH login credentials efficiently.
https://github.com/s-r-e-e-r-a-j/sshbuster

bruteforce bruteforcer ethical-hacking ethical-hacking-tools ethicalhacking hacking hacking-tool hacking-tools linux python python3 pythonprojects pythontool pythontools sshbruteforce

Last synced: 3 months ago
JSON representation

SSHBuster is a powerful command-line SSH brute-forcing tool designed for ethical hacking and penetration testing. It performs dictionary-based attacks to find valid SSH login credentials efficiently.

• Host: GitHub
• URL: https://github.com/s-r-e-e-r-a-j/sshbuster
• Owner: s-r-e-e-r-a-j
• License: gpl-3.0
• Created: 2025-08-02T17:37:16.000Z (6 months ago)
• Default Branch: main
• Last Pushed: 2025-08-02T19:08:33.000Z (6 months ago)
• Last Synced: 2025-08-02T19:43:02.721Z (6 months ago)
• Topics: bruteforce, bruteforcer, ethical-hacking, ethical-hacking-tools, ethicalhacking, hacking, hacking-tool, hacking-tools, linux, python, python3, pythonprojects, pythontool, pythontools, sshbruteforce
• Language: Python
• Homepage:
• Size: 56.6 KB
• Stars: 1
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE.md

Awesome Lists containing this project

README

          
# SSHBuster

SSHBuster is a powerful command-line SSH brute-forcing tool designed for ethical hacking and penetration testing. It performs dictionary-based attacks to find valid SSH login credentials efficiently.

---

## Features

- Brute-force **SSH servers** using different username and password combinations  

- Supports:

  - **Username + password wordlists**

  - **Single username + password wordlist**

  - **Username wordlist + single password**

  - **Single username + single password**

- **Multithreaded** for better speed (**default: 2 threads, max: 5**)

-  **Displays real-time progress** showing each username:password combination being tried

- **Displays valid credentials** immediately when found

- Automatically handles **UTF-8** encoded wordlists, with Latin-1 fallback if **UTF-8** decoding fails

---

## ⚠️ Legal Disclaimer

SSHBuster is intended strictly for educational purposes and authorized penetration testing only. Unauthorized use of this tool is illegal and unethical. The author is not responsible for any misuse, damage, or legal consequences resulting from its use.

---

## Requirements

- Python 3.x

- `paramiko` library

Install it with:

```bash

pip3 install paramiko

```

**Note for Kali, Parrot, Ubuntu 23.04+ users:**

If you see an error like:

```go

error: externally-managed-environment

```

then use:

```bash

pip3 install paramiko --break-system-packages

```

## Compatibility

 Linux (Debian, RHEL, Arch, etc.)

## Installation

1. **Clone the repository** 

```bash

git clone https://github.com/s-r-e-e-r-a-j/SSHBuster.git

```

2. **Navigate to the SSHBuster directory**

```bash

cd SSHBuster

```

3. **Run Installer**

```bash

sudo python3 install.py

```

**then type `y` for install**

3. **Run the tool**

```bash

sshbuster [arguments]

```

## Command-Line Arguments

| Argument / Option         | Description                                       |

|---------------------------|---------------------------------------------------|

| `target_ip`               | Target SSH IP address                             |

| `target_port`             | Target SSH port (usually 22)                      |

| `-u`, `--username`        | Single username                                   |

| `-U`, `--userlist`        | Path to username wordlist                         |

| `-p`, `--password`        | Single password                                   |

| `-P`, `--passlist`        | Path to password wordlist                         |

| `-t`, `--threads`         | Number of threads (default: 2, max allowed: 5)    |

> ⚠️ You must provide **either a single username or a username wordlist**, and likewise **either a single password or a password wordlist**.

## Notes

- If you specify more than 5 threads, it will use only 5 for better accuracy.

- Automatically stops when a valid credential is found.

- Wordlists with special characters are supported (UTF-8 and Latin-1 fallback).

## Examples

1. **Brute-force with username and password wordlists**

```bash

sshbuster 192.168.1.100 22 --userlist users.txt --passlist passwords.txt

```

2. **Brute-force with single username and password wordlist**

```bash

sshbuster 192.168.1.100 22 --username root --passlist passwords.txt

```

3. **Brute-force with username wordlist and single password**

```bash

sshbuster 192.168.1.100 22 --userlist users.txt --password 123456

```

4. **Single username and single password**

```bash

sshbuster 192.168.1.100 22 --username admin --password admin123

```

5. **Brute-force using username and password wordlists with 5 threads**

```bash

sshbuster 192.168.1.100 22 --userlist users.txt --passlist passwords.txt --threads 5

```

## Uninstallation

**Run the install.py script**

```bash

sudo python3 install.py

```

**Then Type `n` for uninstall**

## License

This project is licensed under the GNU General Public License v3.0