-
Notifications
You must be signed in to change notification settings - Fork 0
waived/ssh-self-rep
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
_____ _____ _____ _____ _____ __ _____ _____ _____ _____ | __| __| | | | __| __| | | __| | __ | __| _ | |__ |__ | | |__ | __| |__| __| | -| __| __| |_____|_____|__|__| |_____|_____|_____|__| |__|__|_____|__| OVERVIEW: This script acts as a password-spraying engine. It generates random IP addresses and probes them for an SSH connection. If a connection is found, the script will then attempt to login via either user-specific credentials or the ones pre-set in the script. If a connection is successful, the script will send BASH commands which will download and auto-execute the user-specified payload. Beware: scanning with this tool can anger ISPs, and termination of internet service is a possibility. All responsibility falls on the end-user. You have been warned! FEATURES: THREADING: This script supports multi-threading. This boosts effeciency as multiple IP addresses can be scanned at any given time. However, the downside is that when engaging multiple IP addresses, this activity can bog down a network. Be cautious of your bandwidth consumption and system resources. BLACKLIST: This script generates IP addresses following no particular scheme. By default, internal IPs and subnets are blocked for efficiency and to reduce and false positives. HOST COUNT: The user can specify how many IP addresses that are to be probed. Of course, this script also has to option to run indefinitely. COMMAND: The user can specify a command statement to run upon the successful breach of an SSH connection. It must be wrapped in quotes. COMBOLIST: By default, this script uses known weak SSH credentials to attempt a breach. Additionally, a combo-list (with the format <username>:<password>) can also be specified. Default preset credentials will still be used against the host. KNOWN BUGS: I'm lazy and spent very little time field testing this. It is possible. FUTURE UPDATES: Maybe, idk...lmao
About
Self-replicating SSH script - scans internet and attempts to hijack insecure SSH connections + download/exec a shell
Topics
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published