SSHatter uses a brute force technique to determine the how to log into an SSH server. It simply tries each combination in a list of usernames and passwords to determine which ones successfully log in.
|Tags||Security Networking Terminals Telnet|
|Operating Systems||OS Independent|
Release Notes: This release adds dumb mode, where SSHatter will check password equals password, username, and blank. It adds sudo mode, where SSHatter will echo the password to STDIN. It adds rudimentry file transfer modes, which also work interactively via "put" and "get". It improves the usage message. There is a new command line interface based on Getops. There is a modular design to allow more code reuse, a new threading model, support for SSH private keys, mass mode for post brute force command execution, and interactive mode for post brute force command execution. Timing attack based username enumeration has been removed for now.
Release Notes: SSHatter now allows timing attacks to be attempted for rudimentary username enumeration. It now allows port numbers to be specified in the target servers file in the format <hostname>:[<portnumber>]. There have also been other miscellaneous improvements and fixes.
Release Notes: This version handles systems configured with AllowUsers correctly, as these systems do not return "Permission denied" on Net::SSH::Perl->login().
Release Notes: Optional reconnection on connection failure was added.
Release Notes: The order of the loops was changed to improve performance.