A multi-threaded SSH brute force tool written in Python with password generation capabilities and robust error handling.
- Multi-threaded brute forcing for faster credential testing
- Password generation with customizable character sets and lengths
- Flexible input options - single user/password or wordlists
- Robust error handling with retry mechanisms
- Color-coded output for better readability
- Automatic credential saving when successful
- SSH connection timeout handling
- Python 3.6 or higher
- Required Python packages:
pip install paramiko coloramagit clone <repository-url>
cd SSHCrackerAdvpython sshcracker.py <target_host> [options]| Argument | Description |
|---|---|
host |
Target hostname or IP address (required) |
-u, --user |
Single username to test |
-U, --userlist |
File containing usernames (one per line) |
-P, --passlist |
File containing passwords (one per line) |
--generate |
Generate passwords on the fly |
--min-length |
Minimum password length for generation (default: 1) |
--max-length |
Maximum password length for generation (default: 4) |
--chars |
Character set for password generation |
--threads |
Number of concurrent threads (default: 4) |
# Single user with password list
python sshcracker.py 192.168.1.100 -u admin -P passwords.txt
# Multiple users with password list
python sshcracker.py 192.168.1.100 -U users.txt -P passwords.txt
# Multi-threaded attack
python sshcracker.py 192.168.1.100 -U users.txt -P passwords.txt --threads 8# Generate passwords with default settings (1-4 chars, lowercase + digits)
python sshcracker.py 192.168.1.100 -u admin --generate
# Custom password generation
python sshcracker.py 192.168.1.100 -u admin --generate --min-length 3 --max-length 6 --chars "abc123"
# Generate with uppercase, lowercase, and digits
python sshcracker.py 192.168.1.100 -u admin --generate --chars "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"admin
user
root
guest
test
password
123456
admin
password123
qwerty
The tool provides color-coded output:
- 🔴 Red: Failed attempts and errors
- 🔵 Blue: Informational messages and retries
- 🟢 Green: Successful credential discovery
[+] Found combo:
HOSTNAME: 192.168.1.100
USERNAME: admin
PASSWORD: password123
- Connection timeouts: Automatically handles unreachable hosts
- Authentication failures: Logs failed attempts
- SSH exceptions: Implements retry mechanism with exponential backoff
- Rate limiting: Built-in delays to prevent overwhelming the target
- Credential saving: Successful credentials are saved to
credentials.txt - Thread safety: Safe concurrent operation
- Clean shutdown: Stops all threads when credentials are found
- Multi-threading: Configurable number of worker threads
- Queue-based processing: Efficient task distribution
- Early termination: Stops immediately when credentials are found
- Only test on your own systems or with written authorization
- Respect rate limits to avoid overwhelming target systems
- Use responsible disclosure for any vulnerabilities found
- Follow local laws and regulations
- Start with a small number of threads to avoid detection
- Use realistic wordlists rather than exhaustive generation
- Monitor network traffic to avoid triggering security systems
- Always obtain proper authorization before testing
- "Host unreachable": Check network connectivity and firewall settings
- "SSH Exception": The tool will automatically retry with exponential backoff
- "Permission denied": Normal behavior for incorrect credentials
- High CPU usage: Reduce thread count or password generation complexity
- Use wordlists instead of generation for better performance
- Adjust thread count based on target system capabilities
- Consider using smaller character sets for password generation
Feel free to contribute by:
- Reporting bugs
- Suggesting new features
- Submitting pull requests
- Improving documentation
This project is for educational purposes only. Use responsibly and ethically.