SSH brute force tools are used to attempt to gain unauthorized access to an SSH server by repeatedly trying different username and password combinations. These tools can be used to attack both weak and strong passwords, but they are most effective against weak ones.
Disclaimer: This tool is for educational and security testing purposes only. Do not use it for unauthorized access to any system.
- Attempts login using a wordlist of usernames and passwords.
- Supports custom SSH host and port.
- Can be used by security professionals to test SSH security.
- Open Settings > Apps > Optional Features.
- Check if OpenSSH Client is installed. If not, click Add a Feature.
- Search for OpenSSH Client and install it.
- Start Command Prompt as an Administrator.
sudo apt install openssh-clientTo connect to an SSH server:
ssh user@server-ip- Open your terminal.
- Install OpenSSH server:
sudo apt install openssh-server
- Enable SSH server:
sudo systemctl enable ssh - Allow SSH through the firewall:
sudo ufw allow ssh
- Now your SSH server is running!
To use the brute force script, run the following command in Command Prompt (cmd):
python ssh-bf.py --users <path_to_user_wordlist> --passes <path_to_password_wordlist> --host <target_ip>python ssh-bf.py --users D:\PT1\users.txt --passes D:\PT1\pass.txt --host 192.168.1.3To secure your SSH server:
- Use strong passwords or SSH key authentication.
- Change the default SSH port (edit
/etc/ssh/sshd_config). - Use fail2ban to block repeated failed login attempts:
sudo apt install fail2ban
- Disable root login by setting
PermitRootLogin noin/etc/ssh/sshd_config.
This project is for ethical hacking and security research purposes only. Unauthorized use is strictly prohibited.
Happy Ethical Hacking! 🚀