commit 3cbc18db8692975d79d0cbed57e006d118e35021 Author: sML Date: Tue Dec 27 10:03:16 2022 +0100 first commit diff --git a/README.md b/README.md new file mode 100644 index 0000000..4e77662 --- /dev/null +++ b/README.md @@ -0,0 +1,38 @@ +# fSSH +fSSH is a program to crack ssh private keys passwords using a dictionary. +Use it only as educational purpose. + +![](fssh.gif) + +# Installation + +```sh +git clone https://code.lacashita.com/sml/fssh +./fssh +``` + +If you prefer, you can compile the code: + +```sh +git clone https://code.lacashita.com/sml/fssh +go build fssh.go +./fssh +``` + +# Usage + +To crack a key: +```sh +fssh -w rockyou.txt -k id_rsa +``` +To crack a key using 5 concurrent processes: +```sh +fssh -w rockyou.txt -k id_rsa -c 5 +``` +To crack a key in verbose mode: +```sh +fssh -w rockyou.txt -k id_rsa -v +``` + +# Notes +This program has been built to play with Go language. diff --git a/fssh b/fssh new file mode 100755 index 0000000..099e864 Binary files /dev/null and b/fssh differ diff --git a/fssh.gif b/fssh.gif new file mode 100644 index 0000000..0f0ced8 Binary files /dev/null and b/fssh.gif differ diff --git a/fssh.go b/fssh.go new file mode 100644 index 0000000..9026736 --- /dev/null +++ b/fssh.go @@ -0,0 +1,130 @@ +/* +Description: Tool to crack private ssh keys using a dictionary. +Auth0r: sml@lacashita.com + +Use it only as educational purpose. +*/ + +package main + +import ( + "bufio" + "flag" + "fmt" + "io/ioutil" + "os" + "sync" + + "golang.org/x/crypto/ssh" +) + +func prepareWordlist(jobs chan string, wordlist *string) { + file, _ := os.Open(*wordlist) + scanner := bufio.NewScanner(file) + for scanner.Scan() { + jobs <- scanner.Text() + } + close(jobs) +} + +func crackKey(jobs chan string, wg *sync.WaitGroup, b []byte, verbo *bool) ssh.AuthMethod { + defer wg.Done() + var key ssh.Signer + var err error + for { + pazz, ok := <-jobs + if !ok { + break + } else { + key, err = ssh.ParsePrivateKeyWithPassphrase(b, []byte(pazz)) + if err != nil { + if *verbo == true { + fmt.Printf("Trying %v\n", pazz) + } + } else { + fmt.Printf("[+] Valid key Found: %v\n", pazz) + os.Exit(0) + } + } + } + return ssh.PublicKeys(key) +} + +func checkKey(keyfile *string) { + var file string + file = *keyfile + _, err := os.Stat(file) + if err != nil { + fmt.Println("Key doesnt exist") + os.Exit(1) + } + +} + +func checkWordlist(keyfile *string) { + var file string + file = *keyfile + _, err := os.Stat(file) + if err != nil { + fmt.Println("Wordlist doesnt exist") + os.Exit(1) + } +} + +func menu(options int) { + if options < 5 { + fmt.Println(` +Parameters: +-w Wordlist with passwords. +-k SSH Key to crack. +-c Number of concurrent processes. +-v Verbose + +Examples of usage: +fssh -w rockyou.txt -k id_rsa + +Example with 5 concurrent processes: +fssh -w rockyou.txt -k id_rsa -c 5 + `) + os.Exit(1) + } +} + +func main() { + var b []byte + var wordlist string + var keyfile string + var verbo bool + var concurrent int + var wg sync.WaitGroup + jobs := make(chan string) + flag.StringVar(&wordlist, "w", "", "Like /usr/share/wordlists/rockyou.txt") + flag.StringVar(&keyfile, "k", "", "Like ~/.ssh/id_rsa") + flag.IntVar(&concurrent, "c", 3, "Concurrency, by default 3") + flag.BoolVar(&verbo, "v", false , "Enable Verbose") + flag.Parse() + menu(len(os.Args)) + checkKey(&keyfile) + checkWordlist(&wordlist) + fmt.Printf(` + __ _____ _____ _ _ + / _/ ____/ ____| | | | + | || (___| (___ | |__| | + | _\___ \\___ \| __ | + | | ____) |___) | | | | + |_||_____/_____/|_| |_| +=========================== + +[-] Cracking the key.... Wait. + +`) + + b, _ = ioutil.ReadFile(keyfile) + go prepareWordlist(jobs, &wordlist) + for i := 0; i < concurrent; i++ { + go crackKey(jobs, &wg, b, &verbo) + wg.Add(1) + } + wg.Wait() + fmt.Printf("[x] Password not found :_(\n") +} diff --git a/go.mod b/go.mod new file mode 100644 index 0000000..06eb3b5 --- /dev/null +++ b/go.mod @@ -0,0 +1,13 @@ +module github.com/melbahja/goph + +go 1.17 + +require ( + github.com/mattn/go-runewidth v0.0.13 // indirect + github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db // indirect + github.com/rivo/uniseg v0.2.0 // indirect + github.com/schollz/progressbar/v3 v3.8.6 // indirect + golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898 // indirect + golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a // indirect + golang.org/x/term v0.0.0-20220411215600-e5f449aeb171 // indirect +) diff --git a/go.sum b/go.sum new file mode 100644 index 0000000..790d9ac --- /dev/null +++ b/go.sum @@ -0,0 +1,33 @@ +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/k0kubun/go-ansi v0.0.0-20180517002512-3bf9e2903213/go.mod h1:vNUNkEQ1e29fT/6vq2aBdFsgNPmy8qMdSay1npru+Sw= +github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= +github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU= +github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= +github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db h1:62I3jR2EmQ4l5rM/4FEfDWcRD+abF5XlKShorW5LRoQ= +github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db/go.mod h1:l0dey0ia/Uv7NcFFVbCLtqEBQbrT4OCwCSKTEv6enCw= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY= +github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= +github.com/schollz/progressbar/v3 v3.8.6 h1:QruMUdzZ1TbEP++S1m73OqRJk20ON11m6Wqv4EoGg8c= +github.com/schollz/progressbar/v3 v3.8.6/go.mod h1:W5IEwbJecncFGBvuEh4A7HT1nZZ6WNIL2i3qbnI0WKY= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +golang.org/x/crypto v0.0.0-20220131195533-30dcbda58838/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898 h1:SLP7Q4Di66FONjDJbCYrCRrh97focO6sLogHO7/g8F0= +golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 h1:SrN+KX8Art/Sf4HNj6Zcz06G7VEz+7w9tdXTPOZ7+l4= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.0.0-20220411215600-e5f449aeb171 h1:EH1Deb8WZJ0xc0WK//leUHXcX9aLE5SymusoTmMZye8= +golang.org/x/term v0.0.0-20220411215600-e5f449aeb171/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=