SSHBuster

SSHBuster is a powerful command-line SSH brute-forcing tool designed for ethical hacking and penetration testing. It performs dictionary-based attacks to find valid SSH login credentials efficiently.

---

Features

• Brute-force SSH servers using different username and password combinations
• Supports:
  • Username + password wordlists
  • Single username + password wordlist
  • Username wordlist + single password
  • Single username + single password
• Multithreaded for better speed (default: 2 threads, max: 5)
• Displays real-time progress showing each username:password combination being tried
• Displays valid credentials immediately when found
• Automatically handles UTF-8 encoded wordlists, with Latin-1 fallback if UTF-8 decoding fails

---

⚠️ Legal Disclaimer

SSHBuster is intended strictly for educational purposes and authorized penetration testing only. Unauthorized use of this tool is illegal and unethical. The author is not responsible for any misuse, damage, or legal consequences resulting from its use.

---

Requirements

• Python 3.x
• paramiko library

Install it with:

pip3 install paramiko

Compatibility

Linux (Debian, RedHat, Arch, etc.)

Installation

1. Clone the repository

git clone https://github.com/s-r-e-e-r-a-j/SSHBuster.git

2. Navigate to the SSHBuster directory

cd SSHBuster

3. Run Installer

sudo python3 install.py

then type y for install

3. Run the tool

sshbuster [arguments]

Command-Line Arguments

Argument / Option	Description
target_ip	Target SSH IP address
target_port	Target SSH port (usually 22)
-u, --username	Single username
-U, --userlist	Path to username wordlist
-p, --password	Single password
-P, --passlist	Path to password wordlist
-t, --threads	Number of threads (default: 2, max allowed: 5)

⚠️ You must provide either a single username or a username wordlist, and likewise either a single password or a password wordlist.

Notes

• If you specify more than 5 threads, it will use only 5 for better accuracy.

• Automatically stops when a valid credential is found.

• Wordlists with special characters are supported (UTF-8 and Latin-1 fallback).

Examples

1. Brute-force with username and password wordlists

sshbuster 192.168.1.100 22 --userlist users.txt --passlist passwords.txt

2. Brute-force with single username and password wordlist

sshbuster 192.168.1.100 22 --username root --passlist passwords.txt

3. Brute-force with username wordlist and single password

sshbuster 192.168.1.100 22 --userlist users.txt --password 123456

4. Single username and single password

sshbuster 192.168.1.100 22 --username admin --password admin123

5. Brute-force using username and password wordlists with 5 threads

sshbuster 192.168.1.100 22 --userlist users.txt --passlist passwords.txt --threads 5

Uninstallation

Run the install.py script

sudo python3 install.py

Then Type n for uninstall

License

This project is licensed under the GNU General Public License v3.0