SSHBuster

SSHBuster is a powerful command-line SSH brute-forcing tool designed for ethical hacking and penetration testing. It performs dictionary-based attacks to find valid SSH login credentials efficiently.

---

Features

• Brute-force SSH servers using different username and password combinations
• Supports:
  • Username + password wordlists
  • Single username + password wordlist
  • Username wordlist + single password
  • Single username + single password
• Multithreaded for better speed (default: 2 threads, max: 5)
• Displays real-time progress showing each username:password combination being tried
• Displays valid credentials immediately when found
• Automatically handles UTF-8 encoded wordlists, with Latin-1 fallback if UTF-8 decoding fails

---

⚠️ Legal Disclaimer

SSHBuster is intended for educational purposes and authorized penetration testing only.
Unauthorized use is illegal.
The author is not responsible for misuse or damages caused by this tool.

---

Requirements

• Python 3.x
• paramiko library

Install it with:

pip3 install paramiko

Compatibility

Linux (Debian, RedHat, Arch, etc.)

Installation

1. Clone the repository

git clone https://github.com/s-r-e-e-r-a-j/SSHBuster.git

2. Navigate to the SSHBuster directory

cd SSHBuster

3. Run Installer

sudo python3 install.py

then type y for install

3. Run the tool

sshbuster [arguments]

Command-Line Arguments

Argument / Option	Description
target_ip	Target SSH IP address
target_port	Target SSH port (usually 22)
-u, --username	Single username
-U, --userlist	Path to username wordlist
-p, --password	Single password
-P, --passlist	Path to password wordlist
-t, --threads	Number of threads (default: 2, max allowed: 5)

⚠️ You must provide either a single username or a username wordlist, and likewise either a single password or a password wordlist.

Notes

• If you specify more than 5 threads, it will use only 5 for better accuracy.

• Automatically stops when a valid credential is found.

• Wordlists with special characters are supported (UTF-8 and Latin-1 fallback).

Examples

1. Brute-force with username and password wordlists

sshbuster 192.168.1.100 22 --userlist users.txt --passlist passwords.txt

2. Brute-force with single username and password wordlist

sshbuster 192.168.1.100 22 --username root --passlist passwords.txt

3. Brute-force with username wordlist and single password

sshbuster 192.168.1.100 22 --userlist users.txt --password 123456

4. Single username and single password

sshbuster 192.168.1.100 22 --username admin --password admin123

5. Brute-force using username and password wordlists with 5 threads

sshbuster 192.168.1.100 22 --userlist users.txt --passlist passwords.txt --threads 5

Uninstallation

Run the install.py script

sudo python3 install.py

Then Type n for uninstall

License

This project is licensed under the GNU General Public License v3.0