https://github.com/s-r-e-e-r-a-j/sshbuster

SSHBuster is a powerful command-line SSH brute-forcing tool designed for ethical hacking and penetration testing. It performs dictionary-based attacks to find valid SSH login credentials efficiently.
https://github.com/s-r-e-e-r-a-j/sshbuster

bruteforce bruteforcer ethical-hacking ethical-hacking-tools ethicalhacking hacking hacking-tool hacking-tools linux python python3 pythonprojects pythontool pythontools sshbruteforce

Last synced: 2 months ago
JSON representation

SSHBuster is a powerful command-line SSH brute-forcing tool designed for ethical hacking and penetration testing. It performs dictionary-based attacks to find valid SSH login credentials efficiently.

• Host: GitHub
• URL: https://github.com/s-r-e-e-r-a-j/sshbuster
• Owner: s-r-e-e-r-a-j
• License: gpl-3.0
• Created: 2025-08-02T17:37:16.000Z (2 months ago)
• Default Branch: main
• Last Pushed: 2025-08-02T19:08:33.000Z (2 months ago)
• Last Synced: 2025-08-02T19:43:02.721Z (2 months ago)
• Topics: bruteforce, bruteforcer, ethical-hacking, ethical-hacking-tools, ethicalhacking, hacking, hacking-tool, hacking-tools, linux, python, python3, pythonprojects, pythontool, pythontools, sshbruteforce
• Language: Python
• Homepage:
• Size: 56.6 KB
• Stars: 1
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE.md

Awesome Lists containing this project

README

          
# SSHBuster

SSHBuster is a powerful command-line SSH brute-forcing tool designed for ethical hacking and penetration testing. It performs dictionary-based attacks to find valid SSH login credentials efficiently.

---

## Features

- Brute-force **SSH servers** using different username and password combinations  

- Supports:

  - **Username + password wordlists**

  - **Single username + password wordlist**

  - **Username wordlist + single password**

  - **Single username + single password**

- **Multithreaded** for better speed (**default: 2 threads, max: 5**)

-  **Displays real-time progress** showing each username:password combination being tried

- **Displays valid credentials** immediately when found

- Automatically handles **UTF-8** encoded wordlists, with Latin-1 fallback if **UTF-8** decoding fails

---

## ⚠️ Legal Disclaimer

SSHBuster is intended for **educational purposes** and **authorized penetration testing** only.  

**Unauthorized use is illegal.**  

The author is not responsible for misuse or damages caused by this tool.

---

## Requirements

- Python 3.x

- `paramiko` library

Install it with:

```bash

pip3 install paramiko

```

## Compatibility

 Linux (Debian, RedHat, Arch, etc.)

## Installation

1. **Clone the repository** 

```bash

git clone https://github.com/s-r-e-e-r-a-j/SSHBuster.git

```

2. **Navigate to the SSHBuster directory**

```bash

cd SSHBuster

```

3. **Run Installer**

```bash

sudo python3 install.py

```

**then type `y` for install**

3. **Run the tool**

```bash

sshbuster [arguments]

```

## Command-Line Arguments

| Argument / Option         | Description                                       |

|---------------------------|---------------------------------------------------|

| `target_ip`               | Target SSH IP address                             |

| `target_port`             | Target SSH port (usually 22)                      |

| `-u`, `--username`        | Single username                                   |

| `-U`, `--userlist`        | Path to username wordlist                         |

| `-p`, `--password`        | Single password                                   |

| `-P`, `--passlist`        | Path to password wordlist                         |

| `-t`, `--threads`         | Number of threads (default: 2, max allowed: 5)    |

> ⚠️ You must provide **either a single username or a username wordlist**, and likewise **either a single password or a password wordlist**.

## Notes

- If you specify more than 5 threads, it will use only 5 for better accuracy.

- Automatically stops when a valid credential is found.

- Wordlists with special characters are supported (UTF-8 and Latin-1 fallback).

## Examples

1. **Brute-force with username and password wordlists**

```bash

sshbuster 192.168.1.100 22 --userlist users.txt --passlist passwords.txt

```

2. **Brute-force with single username and password wordlist**

```bash

sshbuster 192.168.1.100 22 --username root --passlist passwords.txt

```

3. **Brute-force with username wordlist and single password**

```bash

sshbuster 192.168.1.100 22 --userlist users.txt --password 123456

```

4. **Single username and single password**

```bash

sshbuster 192.168.1.100 22 --username admin --password admin123

```

5. **Brute-force using username and password wordlists with 5 threads**

```bash

sshbuster 192.168.1.100 22 --userlist users.txt --passlist passwords.txt --threads 5

```

## Uninstallation

**Run the install.py script**

```bash

sudo python3 install.py

```

**Then Type `n` for uninstall**

## License

This project is licensed under the GNU General Public License v3.0