psy преди 2 години
родител
ревизия
acfaba06d8
променени са 10 файла, в които са добавени 585 реда и са изтрити 76 реда
  1. 47 0
      .github/CODE_OF_CONDUCT.md
  2. 36 0
      .github/CONTRIBUTING.md
  3. 36 0
      .github/ISSUE_TEMPLATE/bug_report.md
  4. 22 0
      .github/ISSUE_TEMPLATE/feature_request.md
  5. 44 2
      README.md
  6. 52 0
      docs/AUTHOR
  7. 46 0
      docs/COMMITMENT
  8. 52 74
      LICENSE
  9. 218 0
      fuzzssh.py
  10. 32 0
      payloads/payloads.py

+ 47 - 0
.github/CODE_OF_CONDUCT.md

@@ -0,0 +1,47 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project leader at epsylon@riseup.net. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/
+

Файловите разлики са ограничени, защото са твърде много
+ 36 - 0
.github/CONTRIBUTING.md


+ 36 - 0
.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,36 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: bug report
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+1. Run '...'
+2. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Running environment:**
+ - FuzzSSH version [e.g. 0.1]
+ - Installation method [e.g. git]
+ - Operating system: [e.g. Debian 4.19.16-1~bpo9+1 (2019-02-07) ]
+ - Python version [e.g. 3.7]
+
+**Error details:**
+ - Relevant console output [if any]
+ - Exception traceback [if any]
+
+**Additional context**
+Add any other context about the problem here.
+
+---

+ 22 - 0
.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,22 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: feature request
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.
+
+---

+ 44 - 2
README.md

@@ -1,3 +1,45 @@
-# fuzzssh
 
-FuzzSSH is a free software tool created to detect SSH (protocol) vulnerabilities.
+![c](https://03c8.net/images/fuzzssh_banner.png)
+
+----------
+
+#### Info:
+ 
+ FuzzSSH is a free software tool created to detect SSH (protocol) vulnerabilities.
+
+#### Installing:
+
+ This tool runs on many platforms and it requires Python (3.x.y) and the following lib:
+
+     - python3-paramiko - Make ssh v2 connections (Python 3)
+
+     $ sudo apt-get install python3-paramiko (or: pìp3 install paramiko)
+
+#### Executing:
+  
+ $ python fuzzssh.py (or python3 fuzzssh.py)
+
+----------
+
+#### License:
+
+ FuzzSSH is released under the GPLv3.
+
+#### Contact:
+
+     - psy (epsylon@riseup.net)
+
+#### Contribute: 
+
+ To make donations use the following hash:
+  
+     - Bitcoin: 19aXfJtoYJUoXEZtjNwsah2JKN9CK5Pcjw
+
+----------
+
+####  Screenshots:
+
+![c](https://03c8.net/images/fuzzssh_poc1.png)
+
+![c](https://03c8.net/images/fuzzssh_poc2.png)
+

+ 52 - 0
docs/AUTHOR

@@ -0,0 +1,52 @@
+========================
+
+ nick: psy (epsylon)
+  
+  <epsylon@riseup.net> 
+
+ web: https://03c8.net
+
+=======================
+
+ code:
+
+ - https://code.03c8.net/epsylon
+ - https://github.com/epsylon
+
+=======================
+
+ software/projects:
+
+ - Anarcha-Pragmatism: Intellectual model (and movement) based on the culture of the "action/reaction".
+ - AnonTwi: Tool for OAuth2 applications (such as: GNUSocial, Twitter) that provides different layers of privacy/encryption.
+ - BrAInStocker: Tool to predict (using Linear Regression) the next number within a series of random numbers.
+ - Bordercheck: Tool to visualize 'real-time' on a world map the geolocation of data when surfing the web.
+ - CIntruder: Tool to bypass captchas using OCR (Optical Character Recognition) bruteforcing methods.
+ - Collatz: Tool to simulate the Collatz's conjeture.
+ - DiaNA: Tool for the search and recognition of patterns in DNA sequences.
+ - DieKunstDerFuge: Video on different topics related to hacktivism recorded during 2013 from an intimate narrative perspective.
+ - ECOin: Decentralized key/value registration and transfer system based on Bitcoin technology (a cryptocurrency).
+ - Euler-Bricks: Tool to search for Euler's "bricks".
+ - FuzzSSH: Tool to detect SSH (protocol) vulnerabilities.
+ - Goldbach: Tool to simulate the Goldbach's conjeture.
+ - Lorea: Social networking autonomous project to build a distributed, encrypted and federated network.
+ - Neuralia: Neural Network that tries to learn and reply the correct answer.
+ - NoINIW-2051: Shell-based CyberPunk m-RPG videogame. 
+ - Orb: Tool for massive footprinting.
+ - PandeMaths: Tool that simulates a mathematical model of pandemics.
+ - pArAnoIA-Browser: Tool designed to surf the Internet using some "paranoic" methods.
+ - Propagare: Tool for extraction, organization and semantic analysis of newspapers.
+ - PyAISnake: Tool to train AI models on solve spatial problems through the classic video game "snake".
+ - PyDog4Apache: Tool to sneak logs from Apache web server.
+ - Smuggler: Tool to detect and exploit HTTP Smuggling vulnerabilities.
+ - UFONet: Denial of Service [DDoS & DoS attacks] Toolkit (a botnet of botnets).
+ - XSSer: Automatic -framework- to detect, exploit and report XSS vulnerabilities.
+
+=======================
+
+ donations: 
+
+  [BTC]: 19aXfJtoYJUoXEZtjNwsah2JKN9CK5Pcjw
+  [ECO]: ETsRCBzaMawx3isvb5svX7tAukLdUFHKze
+
+========================

+ 46 - 0
docs/COMMITMENT

@@ -0,0 +1,46 @@
+GPL Cooperation Commitment
+Version 1.0
+
+Before filing or continuing to prosecute any legal proceeding or claim
+(other than a Defensive Action) arising from termination of a Covered
+License, we commit to extend to the person or entity ('you') accused
+of violating the Covered License the following provisions regarding
+cure and reinstatement, taken from GPL version 3. As used here, the
+term 'this License' refers to the specific Covered License being
+enforced.
+
+    However, if you cease all violation of this License, then your
+    license from a particular copyright holder is reinstated (a)
+    provisionally, unless and until the copyright holder explicitly
+    and finally terminates your license, and (b) permanently, if the
+    copyright holder fails to notify you of the violation by some
+    reasonable means prior to 60 days after the cessation.
+
+    Moreover, your license from a particular copyright holder is
+    reinstated permanently if the copyright holder notifies you of the
+    violation by some reasonable means, this is the first time you
+    have received notice of violation of this License (for any work)
+    from that copyright holder, and you cure the violation prior to 30
+    days after your receipt of the notice.
+
+We intend this Commitment to be irrevocable, and binding and
+enforceable against us and assignees of or successors to our
+copyrights.
+
+Definitions
+
+'Covered License' means the GNU General Public License, version 2
+(GPLv2), the GNU Lesser General Public License, version 2.1
+(LGPLv2.1), or the GNU Library General Public License, version 2
+(LGPLv2), all as published by the Free Software Foundation.
+
+'Defensive Action' means a legal proceeding or claim that We bring
+against you in response to a prior proceeding or claim initiated by
+you or your affiliate.
+
+'We' means each contributor to this repository as of the date of
+inclusion of this file, including subsidiaries of a corporate
+contributor.
+
+This work is available under a Creative Commons Attribution-ShareAlike
+4.0 International license (https://creativecommons.org/licenses/by-sa/4.0/).

Файловите разлики са ограничени, защото са твърде много
+ 52 - 74
LICENSE


+ 218 - 0
fuzzssh.py

@@ -0,0 +1,218 @@
+#!/usr/bin/env python3 
+# -*- coding: utf-8 -*-"
+"""
+FuzzSSH (Simple SSH Fuzzer) - 2022 - by psy (epsylon@riseup.net)
+
+You should have received a copy of the GNU General Public License along
+with FuzzSSH; if not, write to the Free Software Foundation, Inc., 51
+Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+----------
+See following RFCs for more info:
+    rfc4251 - The SSH Protocol Architecture
+    rfc4252 - The SSH Authentication Protocol
+    rfc4253 - The SSH Transport Layer Protocol
+    rfc4254 - The SSH Connection Protocol
+----------
+Current [01/22][Paramiko] tested parameters: 
+    username, password, pkey, key_filename, timeout, allow_agent, 
+    look_for_keys, compress, sock, gss_auth, gss_kex, gss_deleg_creds, 
+    gss_host, banner_timeout, auth_timeout, gss_trust_dns, passphrase, 
+    disabled_algorithms
+"""
+import sys, time, os
+try:
+    import paramiko
+except:
+    print("\nError importing: paramiko lib. \n\n To install it on Debian based systems:\n\n $ 'sudo apt-get install python3-paramiko'\n")
+    sys.exit()
+
+VERSION = "v:0.1beta"
+RELEASE = "12012022"
+SOURCE1 = "https://code.03c8.net/epsylon/fuzzssh"
+SOURCE2 = "https://github.com/epsylon/fuzzssh"
+CONTACT = "epsylon@riseup.net - (https://03c8.net)"
+
+try:
+    import payloads.payloads # import payloads
+except:
+    print ("\n[Info] Try to run the tool with Python3.x.y... (ex: python3 fuzzssh.py) -> [EXITING!]\n")
+    sys.exit()
+
+def progressbar(it, prefix="", size=60, file=sys.stdout):
+    count = len(it)
+    def show(j):
+        x = int(size*j/count)
+        file.write("%s[%s%s] %i/%i\r" % (prefix, "#"*x, "."*(size-x), j, count))
+        file.flush()        
+    show(0)
+    for i, item in enumerate(it):
+        yield item
+        show(i+1)
+    file.write("\n")
+    file.flush()
+
+def payloading():
+    print("\n"+"="*50 + "\n")
+    payloads_numbers = payloads.payloads.numbers # load 'numbers' payloads
+    num_payloads_numbers = len(payloads_numbers)
+    payloads_overflows = payloads.payloads.overflows # load 'overflows' payloads
+    num_payloads_overflows = len(payloads_overflows)
+    payloads_strings = payloads.payloads.strings # load 'strings' payloads
+    num_payloads_strings = len(payloads_strings)
+    payloads_bugs = payloads.payloads.bugs # load 'bugs' payloads
+    num_payloads_bugs = len(payloads_bugs)
+    return payloads_numbers, num_payloads_numbers, payloads_overflows, num_payloads_overflows, payloads_strings, num_payloads_strings, payloads_bugs, num_payloads_bugs
+
+def send_payload(client, payload, parameter, verbosity, num_payloads, method):
+    try: # FUZZED PARAMETERS
+        if parameter == "USERNAME":
+            client.connect(hostname=str(target),port=int(port),username=payload, password=None, pkey=None, key_filename=None, timeout=None, allow_agent=True, look_for_keys=True, compress=False, sock=None, gss_auth=False, gss_kex=False, gss_deleg_creds=True, gss_host=None, banner_timeout=None, auth_timeout=None, gss_trust_dns=True, passphrase=None, disabled_algorithms=None)
+        elif parameter == "PASSWORD":
+            client.connect(hostname=str(target),port=int(port),username=None, password=payload, pkey=None, key_filename=None, timeout=None, allow_agent=True, look_for_keys=True, compress=False, sock=None, gss_auth=False, gss_kex=False, gss_deleg_creds=True, gss_host=None, banner_timeout=None, auth_timeout=None, gss_trust_dns=True, passphrase=None, disabled_algorithms=None)
+        elif parameter == "PKEY":
+            client.connect(hostname=str(target),port=int(port),username=None, password=None, pkey=payload, key_filename=None, timeout=None, allow_agent=True, look_for_keys=True, compress=False, sock=None, gss_auth=False, gss_kex=False, gss_deleg_creds=True, gss_host=None, banner_timeout=None, auth_timeout=None, gss_trust_dns=True, passphrase=None, disabled_algorithms=None)
+        elif parameter == "KEY_FILENAME":
+            client.connect(hostname=str(target),port=int(port),username=None, password=None, pkey=None, key_filename=payload, timeout=None, allow_agent=True, look_for_keys=True, compress=False, sock=None, gss_auth=False, gss_kex=False, gss_deleg_creds=True, gss_host=None, banner_timeout=None, auth_timeout=None, gss_trust_dns=True, passphrase=None, disabled_algorithms=None)
+        elif parameter == "TIMEOUT":
+            client.connect(hostname=str(target),port=int(port),username=None, password=None, pkey=None, key_filename=None, timeout=payload, allow_agent=True, look_for_keys=True, compress=False, sock=None, gss_auth=False, gss_kex=False, gss_deleg_creds=True, gss_host=None, banner_timeout=None, auth_timeout=None, gss_trust_dns=True, passphrase=None, disabled_algorithms=None)
+        elif parameter == "ALLOW_AGENT":
+            client.connect(hostname=str(target),port=int(port),username=None, password=None, pkey=None, key_filename=None, timeout=None, allow_agent=payload, look_for_keys=True, compress=False, sock=None, gss_auth=False, gss_kex=False, gss_deleg_creds=True, gss_host=None, banner_timeout=None, auth_timeout=None, gss_trust_dns=True, passphrase=None, disabled_algorithms=None)
+        elif parameter == "LOOK_FOR_KEYS":
+            client.connect(hostname=str(target),port=int(port),username=None, password=None, pkey=None, key_filename=None, timeout=None, allow_agent=True, look_for_keys=payload, compress=False, sock=None, gss_auth=False, gss_kex=False, gss_deleg_creds=True, gss_host=None, banner_timeout=None, auth_timeout=None, gss_trust_dns=True, passphrase=None, disabled_algorithms=None)
+        elif parameter == "COMPRESS":
+            client.connect(hostname=str(target),port=int(port),username=None, password=None, pkey=None, key_filename=None, timeout=None, allow_agent=True, look_for_keys=True, compress=payload, sock=None, gss_auth=False, gss_kex=False, gss_deleg_creds=True, gss_host=None, banner_timeout=None, auth_timeout=None, gss_trust_dns=True, passphrase=None, disabled_algorithms=None)
+        elif parameter == "SOCK":
+            client.connect(hostname=str(target),port=int(port),username=None, password=None, pkey=None, key_filename=None, timeout=None, allow_agent=True, look_for_keys=True, compress=False, sock=payload, gss_auth=False, gss_kex=False, gss_deleg_creds=True, gss_host=None, banner_timeout=None, auth_timeout=None, gss_trust_dns=True, passphrase=None, disabled_algorithms=None)
+        elif parameter == "GSS_AUTH":
+            client.connect(hostname=str(target),port=int(port),username=None, password=None, pkey=None, key_filename=None, timeout=None, allow_agent=True, look_for_keys=True, compress=False, sock=None, gss_auth=payload, gss_kex=False, gss_deleg_creds=True, gss_host=None, banner_timeout=None, auth_timeout=None, gss_trust_dns=True, passphrase=None, disabled_algorithms=None)
+        elif parameter == "GSS_KEX":
+            client.connect(hostname=str(target),port=int(port),username=None, password=None, pkey=None, key_filename=None, timeout=None, allow_agent=True, look_for_keys=True, compress=False, sock=None, gss_auth=False, gss_kex=payload, gss_deleg_creds=True, gss_host=None, banner_timeout=None, auth_timeout=None, gss_trust_dns=True, passphrase=None, disabled_algorithms=None)
+        elif parameter == "GSS_DELEG_CREDS":
+            client.connect(hostname=str(target),port=int(port),username=None, password=None, pkey=None, key_filename=None, timeout=None, allow_agent=True, look_for_keys=True, compress=False, sock=None, gss_auth=False, gss_kex=False, gss_deleg_creds=payload, gss_host=None, banner_timeout=None, auth_timeout=None, gss_trust_dns=True, passphrase=None, disabled_algorithms=None)
+        elif parameter == "GSS_HOST":
+            client.connect(hostname=str(target),port=int(port),username=None, password=None, pkey=None, key_filename=None, timeout=None, allow_agent=True, look_for_keys=True, compress=False, sock=None, gss_auth=False, gss_kex=False, gss_deleg_creds=True, gss_host=payload, banner_timeout=None, auth_timeout=None, gss_trust_dns=True, passphrase=None, disabled_algorithms=None)
+        elif parameter == "BANNER_TIMEOUT":
+            client.connect(hostname=str(target),port=int(port),username=None, password=None, pkey=None, key_filename=None, timeout=None, allow_agent=True, look_for_keys=True, compress=False, sock=None, gss_auth=False, gss_kex=False, gss_deleg_creds=True, gss_host=None, banner_timeout=payload, auth_timeout=None, gss_trust_dns=True, passphrase=None, disabled_algorithms=None)
+        elif parameter == "AUTH_TIMEOUT":
+            client.connect(hostname=str(target),port=int(port),username=None, password=None, pkey=None, key_filename=None, timeout=None, allow_agent=True, look_for_keys=True, compress=False, sock=None, gss_auth=False, gss_kex=False, gss_deleg_creds=True, gss_host=None, banner_timeout=None, auth_timeout=payload, gss_trust_dns=True, passphrase=None, disabled_algorithms=None)
+        elif parameter == "GSS_TRUST_DNS":
+            client.connect(hostname=str(target),port=int(port),username=None, password=None, pkey=None, key_filename=None, timeout=None, allow_agent=True, look_for_keys=True, compress=False, sock=None, gss_auth=False, gss_kex=False, gss_deleg_creds=True, gss_host=None, banner_timeout=None, auth_timeout=None, gss_trust_dns=payload, passphrase=None, disabled_algorithms=None)
+        elif parameter == "PASSPHRASE":
+            client.connect(hostname=str(target),port=int(port),username=None, password=None, pkey=None, key_filename=None, timeout=None, allow_agent=True, look_for_keys=True, compress=False, sock=None, gss_auth=False, gss_kex=False, gss_deleg_creds=True, gss_host=None, banner_timeout=None, auth_timeout=None, gss_trust_dns=True, passphrase=payload, disabled_algorithms=None)
+        elif parameter == "DISABLED_ALGORITHMS":
+            client.connect(hostname=str(target),port=int(port),username=None, password=None, pkey=None, key_filename=None, timeout=None, allow_agent=True, look_for_keys=True, compress=False, sock=None, gss_auth=False, gss_kex=False, gss_deleg_creds=True, gss_host=None, banner_timeout=None, auth_timeout=None, gss_trust_dns=True, passphrase=None, disabled_algorithms=payload)
+    except paramiko.SSHException as e: # https://docs.paramiko.org/en/stable/api/ssh_exception.html
+        exception = str(e)
+        if not os.path.exists('exceptions.log'):
+            os.mknod('exceptions.log')
+        if not exception in open('exceptions.log').read():
+            f = open("exceptions.log", "a")
+            f.write("Exception error: %s\n\n" % exception)
+            f.close()
+    client.close() # close SSH client
+
+def exploit(target, port, user, pw, verbosity, payloads_numbers, num_payloads_numbers, payloads_overflows, num_payloads_overflows, payloads_strings, num_payloads_strings, payloads_bugs, num_payloads_bugs):
+    try:
+        client = paramiko.SSHClient()
+        client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
+        client.load_system_host_keys()
+        paramiko.util.log_to_file("/dev/null", level="INFO") # logs + bypass -> paramiko.SSHException issue (https://github.com/paramiko/paramiko/issues/1752)
+        print("[Info] Trying SSH [NORMAL] connection...\n")
+        client.connect(hostname=str(target),port=int(port),username=str(user),password=str(pw),timeout=10,banner_timeout=200,look_for_keys=False,allow_agent=False)
+        print("\n[Info] [NORMAL] Connection established -> OK!")
+        if verbosity is True:
+            b = client.get_transport().remote_version
+            print ("\n  -> [*] Banner:")
+            print("      -> "+str(b))
+            so = client._transport.get_security_options()
+            print ("\n  -> [*] Ciphering algorithms:")
+            for c in so.ciphers:
+                print("      -> "+str(c))
+            print ("\n  -> [*] Key exchange algorithms:")
+            for k in so.kex:
+                print("      -> "+str(k))
+        print("\n[Info] [NORMAL] Connection closed -> OK!")
+        print("\n"+"="*50)
+    except:
+        print("="*50)
+        print (f"\n[Error] [NORMAL] Connection failed! -> [PASSING!]")
+    client.close() # close SSH client
+    print("\n -> [*] Starting to test SSH (protocol)...")
+    parameters = ("USERNAME", "PASSWORD", "PKEY", "KEY_FILENAME", "TIMEOUT", "ALLOW_AGENT", "LOOK_FOR_KEYS", "COMPRESS", "SOCK", "GSS_AUTH", "GSS_KEX", "GSS_DELEG_CREDS", "GSS_HOST", "BANNER_TIMEOUT", "AUTH_TIMEOUT", "GSS_TRUST_DNS", "PASSPHRASE", "DISABLED_ALGORITHMS") # FUZZED PARAMETERS
+    for parameter in parameters:
+        print("\n     -> [SSH] -> ["+str(parameter)+"]...\n")
+        method = "         [*] Numbers       "
+        for i in progressbar(range(num_payloads_numbers),method+" ", 40):
+            time.sleep(0.7)
+        for number in payloads_numbers:
+            send_payload(client, number, parameter, verbosity, num_payloads_numbers, method)
+            time.sleep(0.2)
+        method = "         [*] Overflows     "
+        for i in progressbar(range(num_payloads_overflows),method+" ", 40):
+            time.sleep(0.7)
+        for overflow in payloads_overflows:
+            send_payload(client, overflow, parameter, verbosity, num_payloads_overflows, method)
+            time.sleep(0.2)
+        method = "         [*] Format Strings"
+        for i in progressbar(range(num_payloads_strings),method+" ", 40):
+            time.sleep(0.7)
+        for string in payloads_strings:
+            send_payload(client, string, parameter, verbosity, num_payloads_strings, method)
+            time.sleep(0.2)
+        method = "         [*] Known bugs    "
+        for i in progressbar(range(num_payloads_bugs),method+" ", 40):
+            time.sleep(0.7)
+        for bug in payloads_bugs:
+            send_payload(client, bug, parameter, verbosity, num_payloads_bugs, method)
+            time.sleep(0.2)
+        print("\n"+"-"*15)
+
+def set_target():
+    target = input("\n  + Enter TARGET (ex: '100.0.0.1'): ")
+    if target == "": # exit when no 'target' set
+        print("\n"+"="*50)
+        print("\n[Error] Not ANY target detected... Exiting!\n")
+        sys.exit()
+    port = input("\n  + Enter PORT (ex: '22'): ")
+    try: # check port as integer num
+        port = int(port)
+    except:
+        port = 22
+    if port == "": # default when no 'port' set
+        port = 22
+    user = input("\n  + Enter USER (ex: 'root'): ")
+    if user == "": # default when no 'user' set
+        user = "root"
+    pw = input("\n  + Enter PASSWORD (ex: '12345'): ")
+    verbosity = input("\n  + Enter VERBOSITY (ex: 'true'): ")
+    if verbosity == "True" or verbosity == "true": # default when no 'verbosity' set
+        verbosity = True
+    else:
+        verbosity = False
+    return target, port, user, pw, verbosity
+
+def print_banner():
+    print("\n"+"="*50)
+    print(" _____      __________        _   _ ")
+    print("|  ___|   _|__  /__  /___ ___| | | |")
+    print("| |_ | | | | / /  / // __/ __| |_| |")
+    print("|  _|| |_| |/ /_ / /_\__ \__ \  _  |")
+    print("|_|   \__,_/____/____|___/___/_| |_| by psy")
+    print('\n"SSH Fuzzing Tool (Simple SSH Fuzzer)')
+    print("\n"+"-"*15+"\n")
+    print(" * VERSION: ")
+    print("   + "+VERSION+" - (rev:"+RELEASE+")")
+    print("\n * SOURCES:")
+    print("   + "+SOURCE1)
+    print("   + "+SOURCE2)
+    print("\n * CONTACT: ")
+    print("   + "+CONTACT+"\n")
+    print("-"*15+"\n")
+    print("="*50)
+
+# sub_init #
+print_banner() # show banner
+print("\n"+"="*50)
+target, port, user, pw, verbosity = set_target()
+payloads_numbers, num_payloads_numbers, payloads_overflows, num_payloads_overflows, payloads_strings, num_payloads_strings, payloads_bugs, num_payloads_bugs = payloading()
+exploit(target, port, user, pw, verbosity, payloads_numbers, num_payloads_numbers, payloads_overflows, num_payloads_overflows, payloads_strings, num_payloads_strings, payloads_bugs, num_payloads_bugs)

+ 32 - 0
payloads/payloads.py

@@ -0,0 +1,32 @@
+#!/usr/bin/env python3 
+# -*- coding: utf-8 -*-"
+"""
+FuzzSSH (Simple SSH Fuzzer) - 2022 - by psy (epsylon@riseup.net)
+
+You should have received a copy of the GNU General Public License along
+with FuzzSSH; if not, write to the Free Software Foundation, Inc., 51
+Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+"""
+numbers = ("0", "-0", "1", "-1", "32767", "-32768", "2147483647", "-2147483647", "2147483648", "-2147483648",
+            "4294967294", "4294967295", "4294967296", "357913942", "-357913942", "536870912", "-536870912",
+            "1.79769313486231E+308", "3.39519326559384E-313", "99999999999", "-99999999999", "0x100", "0x1000",
+            "0x3fffffff", "0x7ffffffe", "0x7fffffff", "0x80000000", "0xffff", "0xfffffffe", "0xfffffff", "0xffffffff",
+            "0x10000", "0x100000", "0x99999999", "65535", "65536", "65537", "16777215", "16777216", "16777217", "-268435455")
+
+overflows = ('A' * 600, 'A' * 1200, 'A' * 2200, 'A' * 4200, 'A' * 8200, 'A' * 11000,
+             'A' * 22000, 'A' * 52000, 'A' * 110000, 'A' * 550000, 'A' * 1100000,
+             'A' * 2200000, 'A' * 5500000, 'A' * 12000000, "\0x99" * 1200)
+
+strings = ("%n%n%n%n%n", "%p%p%p%p%p", "%s%s%s%s%s", "%d%d%d%d%d", "%x%x%x%x%x",
+              "%s%p%x%d", "%.1024d", "%.1025d", "%.2048d", "%.2049d", "%.4096d", "%.4097d",
+              "%99999999999s", "%08x", "%%20n", "%%20p", "%%20s", "%%20d", "%%20x",
+              "%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%",
+              "%n%n%n%n%n%n%n%n%n%n%p%p%p%p%p%p%p%p%p%p%x%x%x%x%x%x%x%x%x%x%d%d%d%d%d%d%d%d%d%d%s%s%s%s%s%s%s%s%s%s",
+              "\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD\0xCD",
+              "\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB\0xCB")
+
+bugs = ("~!@#$%^&*()-=_+", "[]\{}|;:,./<>?\\", "<<<<<<<<<<>>>>>>>>>>", "\\\\\\\\\\//////////", "^^^^^^^^^^^^^^^^^^^^",
+             "||||||||||~~~~~~~~~~", "?????[[[[[]]]]]{{{{{}}}}}((())", "test|touch /tmp/ZfZ-PWNED|test", "test`touch /tmp/ZfZ-PWNED`test",
+             "test'touch /tmp/ZfZ-PWNED'test", "test;touch /tmp/ZfZ-PWNED;test", "test&&touch /tmp/ZfZ-PWNED&&test", "test|C:/WINDOWS/system32/calc.exe|test",
+             "test`C:/WINDOWS/system32/calc.exe`test", "test'C:/WINDOWS/system32/calc.exe'test", "test;C:/WINDOWS/system32/calc.exe;test",
+             "/bin/sh", "C:/WINDOWS/system32/calc.exe", "�����", "%0xa", "%u000", "/" * 200, "\\" * 200, "-----99999-----", "[[[abc123]]]", "|||/////|||")