Projects / SSHatter


SSHatter uses a brute force technique to determine the how to log into an SSH server. It simply tries each combination in a list of usernames and passwords to determine which ones successfully log in.

Operating Systems

RSS Recent releases

  •  15 Dec 2009 01:08

Release Notes: This release adds dumb mode, where SSHatter will check password equals password, username, and blank. It adds sudo mode, where SSHatter will echo the password to STDIN. It adds rudimentry file transfer modes, which also work interactively via "put" and "get". It improves the usage message. There is a new command line interface based on Getops. There is a modular design to allow more code reuse, a new threading model, support for SSH private keys, mass mode for post brute force command execution, and interactive mode for post brute force command execution. Timing attack based username enumeration has been removed for now.

  •  06 Oct 2007 14:05

Release Notes: SSHatter now allows timing attacks to be attempted for rudimentary username enumeration. It now allows port numbers to be specified in the target servers file in the format <hostname>:[<portnumber>]. There have also been other miscellaneous improvements and fixes.

  •  25 Sep 2007 20:41

Release Notes: This version handles systems configured with AllowUsers correctly, as these systems do not return "Permission denied" on Net::SSH::Perl->login().

  •  25 Sep 2007 08:27

Release Notes: Optional reconnection on connection failure was added.

  •  10 Sep 2007 22:32

Release Notes: The order of the loops was changed to improve performance.


Project Spotlight


A minimalist JavaScript gallery.


Project Spotlight


A Thread-safe quad tree C library.