sshspray

command module

v0.0.0-...-744f61e Latest Latest Go to latest Published: Feb 12, 2019 License: Zlib Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/magisterquis/sshspray

Links

Open Source Insights

README ¶

sshspray

sshspray runs a script on multiple targets in parallel. It relies on the servers having the same creds.

For legal use only.

Authentication

A single username is used for every target. Credentials can be in the form of a password with -pass (which can be - to read a single line from stdin), an SSH key with -key, or no creds at all, which only tries SSH's none auth mechanism. If the password is not set, a blank password will be attempted.

Script

The script is run by spawning an interpreter and passing the script on stdin. For bash scripts, this means that every command must return or be backgrounded, otherwise the connection will hang.

The command to use to spawn the script can be set with -interpreter, and the script file with -script. Under the hood, this opens an SSH channel, starts a session, and requests the command specified with -interpreter be executed. The contents of the script file are sent to the command's standard input.

An example script useful for backdooring a Linux host is included in this repository as sshspray.script, which is the default script filename.

Targets

Targets may be specified as IP addresses, CIDR ranges, or hostnames. If a hostname resolves to multiple IP addresses, all will be attacked. By default, a one second timeout is applied to connection attempts and SSH handshakes. The number of targets to be attacked in parallel is settable with -parallel.

Examples

Try to run bad.sh against all hosts on a couple of small internal ranges with the username kitten and password meow

sshspray -user kitten -password meow -script bad.sh 192.168.3.0/27 192.168.5.0/27

Use a stolen key and a stolen password against everything in a large network

sshspray -user itadmin -pass spring2018 -key id_rsa.itadmin -script bad.sh -parallel 1000 172.16.0.0/12

Run a script against a specific target list with long timeouts

sshspray -user root -pass password1 -targets ./vulnlist -timeout 1m

Usage

Usage: sshspray [options] target [target...]

Makes SSH connections to the given targets, which may be hostnames, IP
addresses, or CIDR blocks, requests runs the give script on them using the
given interpreter.  By default, it's similar to

cat scriptfile | ssh user@target /bin/sh

Auth can either be via password or SSH private key.  If neither are given,
none authentication will still be attempted.  This is almost certainly not what
you want.

No host key validation checking is performed as this is meant to be used at the
start of exercises before the blue team has time to do anything.

Options:
  -interpreter command
    	Interpreter command to which to pass script (default "/bin/sh")
  -key key
    	SSH private key
  -parallel N
    	Attack N targets in parallel (default 200)
  -pass password
    	SSH password, or - to read from stdin
  -script file
    	Name of script file to run on targets (default "sshspray.script")
  -targets file
    	Optional file with targets, one per line
  -timeout delay
    	Connection and Authentication timeout delay (default 4s)
  -user username
    	SSH username (default "root")

Windows

Should work just fine. Binaries available upon request.

Documentation ¶

Overview ¶

sshspray runs a script on multiple SSH servers, in parallel

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL