sprut‘s documentation¶
sprut is a simple python-module for brute-force attacks, that can be used in your scripts.
sprut supports ssh, http-post services. Other popular services and command-line interface will soon be implemented.
Features¶
- Multithreading
- Load balancing
- Modular design
Requirements¶
- Python3
- paramiko, requests packages
Quick start¶
Create
BruteForce
object:>>> b = sprut.BruteForce()
Initialization tasks for attack:
>>> b.init_tasks(...)
Run attack!
>>> b.run(...)
Usage examples:
SSH login-password attack:
>>> b = sprut.BruteForce()
>>> b.init_tasks(target = ['localhost'],
... login = ['admin','user'],
... password = sprut.get_lines_from_file('/home/file_with_passes'))
>>> success = b.run(sprut.Ssh, out_file='/home/success')
HTTP-POST attack with proxy:
>>> b = sprut.BruteForce()
>>> b.set_proxy('http','127.0.0.1', 8080)
>>> b.init_tasks(target=['http://example.com/login'],
... login=sprut.get_lines_from_file('/home/file_with_logins'),
... password=['pass','1234'],
... some_key=['111111','222222'],
... body=['user=^login^&pass=^password^&user_key=^some_key^'],
... fail_msg=['fail'])
>>> success = b.run(sprut.HttpPost, out_file='/home/success')
To implement your own service read doc of Service.__call__()
.
Basic classes¶
-
class
sprut.
BruteForce
¶ BruteForce
is a main class, which you can use to automate brute-force attacks in your scripts.Example:
>>> b = sprut.BruteForce() >>> b.init_tasks(...) >>> b.run(...)
-
init_tasks
(target, login=None, password=None, null=False, same=False, reverse=False, **kwargs)¶ Set queue with tasks by iterable object of
target
, which can be for example host or url,login
,password
and specified params fromkwargs
. Parametersnull
,same
andreverse
have the meaning if service using login-password authentication.Important
Values in
kwargs
,target
,login
andpassword
must be iterable object.Parameters: - target (iterable) – object with hosts or urls
- login (iterable) – object with logins
- password (iterable) – object with passwords
- null (bool) – if True, will be added password ‘’
- same (bool) – if True, will be added password same as login
- reverse (bool) – if True, will be added password as inversed login
Example:
>>> target = ['localhost', '192.168.1.1'] >>> login = ['login', 'user'] >>> password = ['1234', 'qwerty'] >>> b = sprut.BruteForce() >>> b.init_targets(target=target, ... login=login, ... password=password, null=True, same=True)
-
run
(service, out_file=None, exclude_target=False, exclude_login=True, global_exit=False, threads_count=8, status=True, max_retries=inf)¶ This function starts the brute-force attack on initialized tasks by
init_tasks()
.Parameters: - service (class type) – service class (
sprut.HttpPost
,sprut.Ssh
, etc) - out_file (str) – absolute path to success file
- exclude_target (bool) – flag for excluding targets if success will be finded
- exclude_login (bool) – flag for excluding logins if success will be finded
- global_exit (bool) – exit from brute-force if will be finded success
- threads_count (int) – count of threads in brute-force attack
- status (bool) – show status information
- max_retries (int) – max connection retries to target
Returns: successes
Return type: list
- service (class type) – service class (
-
-
class
sprut.
Ssh
¶ Class for SSH service
-
__call__
(target, login, password, timeout=10, port=22)¶ Try to log in ssh server with specified target, pass and sshd port.
Parameters: - target (str) – target host
- login (str) – user login
- password (str) – user password
- timeout (int) – timeout in sec
- port (int) – port of host
Returns: Attempt object with: target, port, login and password
Return type: Raises: Example:
>>> ssh = sprut.Ssh() >>> ssh('localhost','admin','pass')
-
-
class
sprut.
HttpPost
¶ Class for HTTP-post service
-
__call__
(target, body, fail_msg=None, success_msg=None, port=None, timeout=10, **params)¶ Send post request to target URL with body, where using
params
, specifing arguments. Ifparams
islogin='admin', password='pass'
, then body should be like this:user=^login^&password=^password^&key=value
. To recognize success or fail usefail_msg
orsuccess_msg
in response text.Parameters: - target (str) – target url
- body (str) – post body
- fail_msg (str) – fail phrase in response
- success_msg (str) – success phrase in response
- timeout (int) – timeout in sec
Returns: Attempt object with:
target
,**params
Return type: Raises: - ConnError – if cant connect to host or server response bad status
- AuthError – if authentication failed
- SprutException –
fail_msg
andsuccess_msg
is None orRequests
exceptions
Example:
>>> httppost = sprut.HttpPost() >>> httppost(target='http://example.com/login', ... login='admin', ... password='pass', ... some_key='111111', ... body='user=^login^&pass=^password^&user_key=^some_key^', ... fail_msg='fail')
-
-
class
sprut.
Service
¶ Abstract class, that describe authentication method
Service.__call__()
and other methods likeService.set_proxy()
.Variables: CONN_TIMEOUT (float) – 10 -
__call__
(target, timeout=10)¶ Service authentication realization. If success - return
Attemt
object. If authentication fail - raiseAuthError
. If connection error - raiseConnError
. Another errors or exceptions - raiseSprutException
.Note
Signature have to contain
target
parameter. If you use timeout option, then set it byService.CONN_TIMEOUT
. To check connection you can usecheck_connection()
.Example:
>>> class MyService(sprut.Service): ... def __init__(self): ... self.super().__init__() ... def __call__(self, target, login, password, ... port=777, timeout=Service.CONN_TIMEOUT): ... sprut.Service.check_connection(target, port, timeout) ... attempt = sprut.Attempt(target=target, login=login, password=password) ... if success: ... return attempt ... else: ... raise sprut.AuthError(attempt)
-
-
class
sprut.
Attempt
(*args, **kwargs)¶ Class that contain information about success or fail
-
info
¶ return tuple of
*args
and**kwargs
-
-
exception
sprut.
SprutException
¶ Base sprut exception
-
exception
sprut.
AuthError
¶ Exception, which raised when can’t authenticate
-
exception
sprut.
ConnError
(msg)¶ Exception, which raised when can’t connect to host