sprut‘s documentation

sprut is a simple python-module for brute-force attacks, that can be used in your scripts.

sprut supports ssh, http-post services. Other popular services and command-line interface will soon be implemented.

Features

  • Multithreading
  • Load balancing
  • Modular design

Requirements

  • Python3
  • paramiko, requests packages

Quick start

  1. Create BruteForce object:

    >>> b = sprut.BruteForce()
    
  2. Initialization tasks for attack:

    >>> b.init_tasks(...)
    
  3. Run attack!

    >>> b.run(...)
    

Usage examples:

SSH login-password attack:

>>> b = sprut.BruteForce()
>>> b.init_tasks(target = ['localhost'],
... login = ['admin','user'],
... password = sprut.get_lines_from_file('/home/file_with_passes'))
>>> success = b.run(sprut.Ssh, out_file='/home/success')

HTTP-POST attack with proxy:

>>> b = sprut.BruteForce()
>>> b.set_proxy('http','127.0.0.1', 8080)
>>> b.init_tasks(target=['http://example.com/login'],
... login=sprut.get_lines_from_file('/home/file_with_logins'),
... password=['pass','1234'],
... some_key=['111111','222222'],
... body=['user=^login^&pass=^password^&user_key=^some_key^'],
... fail_msg=['fail'])
>>> success = b.run(sprut.HttpPost, out_file='/home/success')

To implement your own service read doc of Service.__call__().

Basic classes

class sprut.BruteForce

BruteForce is a main class, which you can use to automate brute-force attacks in your scripts.

Example:

>>> b = sprut.BruteForce()
>>> b.init_tasks(...)
>>> b.run(...)
init_tasks(target, login=None, password=None, null=False, same=False, reverse=False, **kwargs)

Set queue with tasks by iterable object of target, which can be for example host or url, login, password and specified params from kwargs. Parameters null, same and reverse have the meaning if service using login-password authentication.

Important

Values in kwargs, target, login and password must be iterable object.

Parameters:
  • target (iterable) – object with hosts or urls
  • login (iterable) – object with logins
  • password (iterable) – object with passwords
  • null (bool) – if True, will be added password ‘’
  • same (bool) – if True, will be added password same as login
  • reverse (bool) – if True, will be added password as inversed login

Example:

>>> target = ['localhost', '192.168.1.1']
>>> login = ['login', 'user']
>>> password = ['1234', 'qwerty']
>>> b = sprut.BruteForce()
>>> b.init_targets(target=target, 
... login=login, 
... password=password, null=True, same=True)
run(service, out_file=None, exclude_target=False, exclude_login=True, global_exit=False, threads_count=8, status=True, max_retries=inf)

This function starts the brute-force attack on initialized tasks by init_tasks().

Parameters:
  • service (class type) – service class (sprut.HttpPost, sprut.Ssh, etc)
  • out_file (str) – absolute path to success file
  • exclude_target (bool) – flag for excluding targets if success will be finded
  • exclude_login (bool) – flag for excluding logins if success will be finded
  • global_exit (bool) – exit from brute-force if will be finded success
  • threads_count (int) – count of threads in brute-force attack
  • status (bool) – show status information
  • max_retries (int) – max connection retries to target
Returns:

successes

Return type:

list

class sprut.Ssh

Class for SSH service

__call__(target, login, password, timeout=10, port=22)

Try to log in ssh server with specified target, pass and sshd port.

Parameters:
  • target (str) – target host
  • login (str) – user login
  • password (str) – user password
  • timeout (int) – timeout in sec
  • port (int) – port of host
Returns:

Attempt object with: target, port, login and password

Return type:

Attempt

Raises:

Example:

>>> ssh = sprut.Ssh()
>>> ssh('localhost','admin','pass')
class sprut.HttpPost

Class for HTTP-post service

__call__(target, body, fail_msg=None, success_msg=None, port=None, timeout=10, **params)

Send post request to target URL with body, where using params, specifing arguments. If params is login='admin', password='pass', then body should be like this: user=^login^&password=^password^&key=value. To recognize success or fail use fail_msg or success_msg in response text.

Parameters:
  • target (str) – target url
  • body (str) – post body
  • fail_msg (str) – fail phrase in response
  • success_msg (str) – success phrase in response
  • timeout (int) – timeout in sec
Returns:

Attempt object with: target, **params

Return type:

Attempt

Raises:
  • ConnError – if cant connect to host or server response bad status
  • AuthError – if authentication failed
  • SprutExceptionfail_msg and success_msg is None or Requests exceptions

Example:

>>> httppost = sprut.HttpPost()
>>> httppost(target='http://example.com/login',
...     login='admin',
...     password='pass',
...     some_key='111111',
...     body='user=^login^&pass=^password^&user_key=^some_key^',
...     fail_msg='fail')
class sprut.Service

Abstract class, that describe authentication method Service.__call__() and other methods like Service.set_proxy().

Variables:CONN_TIMEOUT (float) – 10
__call__(target, timeout=10)

Service authentication realization. If success - return Attemt object. If authentication fail - raise AuthError. If connection error - raise ConnError. Another errors or exceptions - raise SprutException.

Note

Signature have to contain target parameter. If you use timeout option, then set it by Service.CONN_TIMEOUT. To check connection you can use check_connection().

Example:

>>> class MyService(sprut.Service):
...     def __init__(self):
...             self.super().__init__()
...     def __call__(self, target, login, password,
...     port=777, timeout=Service.CONN_TIMEOUT):
...             sprut.Service.check_connection(target, port, timeout)
...             attempt = sprut.Attempt(target=target, login=login, password=password)
...             if success:
...                     return attempt
...             else:
...                     raise sprut.AuthError(attempt)
static check_connection(host, port, timeout=10)

Checking connection to host by trying to create socket. If timeout exceeded, then ConnError raised.

Parameters:
  • host – target host
  • port – port of host
  • timeout – timeout in sec
Raises:

ConnError – connection problems to host

class sprut.Attempt(*args, **kwargs)

Class that contain information about success or fail

info

return tuple of *args and **kwargs

exception sprut.SprutException

Base sprut exception

exception sprut.AuthError

Exception, which raised when can’t authenticate

exception sprut.ConnError(msg)

Exception, which raised when can’t connect to host