first commit

README.md

@@ -0,0 +1,38 @@
+# fSSH
+fSSH is a program to crack ssh private keys passwords using a dictionary.
+Use it only as educational purpose.
+
+![](fssh.gif)
+
+# Installation
+
+```sh
+git clone https://code.lacashita.com/sml/fssh
+./fssh
+```
+
+If you prefer, you can compile the code:
+
+```sh
+git clone https://code.lacashita.com/sml/fssh
+go build fssh.go
+./fssh
+```
+
+# Usage
+
+To crack a key:
+```sh
+fssh -w rockyou.txt -k id_rsa
+```
+To crack a key using 5 concurrent processes:
+```sh
+fssh -w rockyou.txt -k id_rsa -c 5
+```
+To crack a key in verbose mode:
+```sh
+fssh -w rockyou.txt -k id_rsa -v
+```
+
+# Notes
+This program has been built to play with Go language.

fssh.go

@@ -0,0 +1,130 @@
+/*
+Description: Tool to crack private ssh keys using a dictionary.
+Auth0r: sml@lacashita.com
+
+Use it only as educational purpose.
+*/
+
+package main
+
+import (
+	"bufio"
+	"flag"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"sync"
+
+	"golang.org/x/crypto/ssh"
+)
+
+func prepareWordlist(jobs chan string, wordlist *string) {
+	file, _ := os.Open(*wordlist)
+	scanner := bufio.NewScanner(file)
+	for scanner.Scan() {
+		jobs <- scanner.Text()
+	}
+	close(jobs)
+}
+
+func crackKey(jobs chan string, wg *sync.WaitGroup, b []byte, verbo *bool) ssh.AuthMethod {
+	defer wg.Done()
+	var key ssh.Signer
+	var err error
+	for {
+		pazz, ok := <-jobs
+		if !ok {
+			break
+		} else {
+			key, err = ssh.ParsePrivateKeyWithPassphrase(b, []byte(pazz))
+			if err != nil  { 
+				if *verbo == true {
+								fmt.Printf("Trying %v\n", pazz)
+				}
+			} else {
+				fmt.Printf("[+] Valid key Found: %v\n", pazz)
+				os.Exit(0)
+			}
+		}
+	}
+	return ssh.PublicKeys(key)
+}
+
+func checkKey(keyfile *string) {
+	var file string
+	file = *keyfile
+	_, err := os.Stat(file)
+	if err != nil {
+		fmt.Println("Key doesnt exist")
+		os.Exit(1)
+	}
+
+}
+
+func checkWordlist(keyfile *string) {
+	var file string
+	file = *keyfile
+	_, err := os.Stat(file)
+	if err != nil {
+		fmt.Println("Wordlist doesnt exist")
+		os.Exit(1)
+	}
+}
+
+func menu(options int) {
+	if options < 5 {
+		fmt.Println(`
+Parameters:
+-w Wordlist with passwords.
+-k SSH Key to crack.
+-c Number of concurrent processes.
+-v Verbose
+
+Examples of usage:
+fssh -w rockyou.txt -k id_rsa 
+
+Example with 5 concurrent processes:
+fssh -w rockyou.txt -k id_rsa -c 5
+		`)
+		os.Exit(1)
+	}
+}
+
+func main() {
+	var b []byte
+	var wordlist string
+	var keyfile string
+	var verbo bool
+	var concurrent int
+	var wg sync.WaitGroup
+	jobs := make(chan string)
+	flag.StringVar(&wordlist, "w", "", "Like /usr/share/wordlists/rockyou.txt")
+	flag.StringVar(&keyfile, "k", "", "Like ~/.ssh/id_rsa")
+	flag.IntVar(&concurrent, "c", 3, "Concurrency, by default 3")
+	flag.BoolVar(&verbo, "v", false , "Enable Verbose")
+	flag.Parse()
+	menu(len(os.Args))
+	checkKey(&keyfile)
+	checkWordlist(&wordlist)
+	fmt.Printf(`
+   __ _____ _____ _    _ 
+  / _/ ____/ ____| |  | |
+ | || (___| (___ | |__| |
+ |  _\___ \\___ \|  __  |
+ | | ____) |___) | |  | |
+ |_||_____/_____/|_|  |_|
+===========================
+
+[-] Cracking the key.... Wait.
+
+`)
+
+	b, _ = ioutil.ReadFile(keyfile)
+	go prepareWordlist(jobs, &wordlist)
+	for i := 0; i < concurrent; i++ {
+		go crackKey(jobs, &wg, b, &verbo)
+		wg.Add(1)
+	}
+	wg.Wait()
+	fmt.Printf("[x] Password not found :_(\n")
+}

go.mod

@@ -0,0 +1,13 @@
+module github.com/melbahja/goph
+
+go 1.17
+
+require (
+	github.com/mattn/go-runewidth v0.0.13 // indirect
+	github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db // indirect
+	github.com/rivo/uniseg v0.2.0 // indirect
+	github.com/schollz/progressbar/v3 v3.8.6 // indirect
+	golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898 // indirect
+	golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a // indirect
+	golang.org/x/term v0.0.0-20220411215600-e5f449aeb171 // indirect
+)

go.sum

@@ -0,0 +1,33 @@
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/k0kubun/go-ansi v0.0.0-20180517002512-3bf9e2903213/go.mod h1:vNUNkEQ1e29fT/6vq2aBdFsgNPmy8qMdSay1npru+Sw=
+github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
+github.com/mattn/go-runewidth v0.0.13 h1:lTGmDsbAYt5DmK6OnoV7EuIF1wEIFAcxld6ypU4OSgU=
+github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
+github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db h1:62I3jR2EmQ4l5rM/4FEfDWcRD+abF5XlKShorW5LRoQ=
+github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db/go.mod h1:l0dey0ia/Uv7NcFFVbCLtqEBQbrT4OCwCSKTEv6enCw=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY=
+github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
+github.com/schollz/progressbar/v3 v3.8.6 h1:QruMUdzZ1TbEP++S1m73OqRJk20ON11m6Wqv4EoGg8c=
+github.com/schollz/progressbar/v3 v3.8.6/go.mod h1:W5IEwbJecncFGBvuEh4A7HT1nZZ6WNIL2i3qbnI0WKY=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+golang.org/x/crypto v0.0.0-20220131195533-30dcbda58838/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898 h1:SLP7Q4Di66FONjDJbCYrCRrh97focO6sLogHO7/g8F0=
+golang.org/x/crypto v0.0.0-20220518034528-6f7dac969898/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 h1:SrN+KX8Art/Sf4HNj6Zcz06G7VEz+7w9tdXTPOZ7+l4=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a h1:dGzPydgVsqGcTRVwiLJ1jVbufYwmzD3LfVPLKsKg+0k=
+golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.0.0-20220411215600-e5f449aeb171 h1:EH1Deb8WZJ0xc0WK//leUHXcX9aLE5SymusoTmMZye8=
+golang.org/x/term v0.0.0-20220411215600-e5f449aeb171/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=