loading
loading
Passwords
Secure Shell Bruteforcer: a faster and simpler way to brute-force SSH servers.
overview
ssb brute-forces SSH logins. Give it a host, a user, and a wordlist, and it tries every password against the server, reporting any credential that authenticates. It trades the breadth of a multi-protocol cracker for speed against the one protocol it targets.
Concurrency is the design. By default ssb runs a hundred attempts at once, so a password list that would crawl on a single-threaded tool finishes far sooner. Connection retries and a per-attempt timeout keep the run steady when a server drops or throttles connections.
On Trickest, ssb is a Passwords node that takes a host, user, and wordlist and writes the recovered credentials to a file and a folder. Chain it after a port scan that finds open SSH so brute forcing runs only against hosts that expose port 22, and only against systems you are authorized to test.
source github.com/kitabisa/ssb
use cases
Run a curated password list against a host and user to surface reused or default logins before an attacker finds them.
Feed ssb hosts from a port scan that found open port 22 so attempts only hit services that exist.
Raise or lower -c and the retry count to push throughput on a tolerant server or stay gentle on a fragile one.
Point ssb at your own hosts with a breached-password list to confirm none of them accept a known-bad credential.
reference
| Name | Type | Flag | Description |
|---|---|---|---|
| host | STRING | · | Target SSH host to brute-force. |
| user | STRING | · | Username to brute-force on the target. |
| wordlist | FILE | -w | Path to the password wordlist file. |
| port | STRING | -p | Port to connect to on the remote host (default 22). |
| concurrent | STRING | -c | Concurrency / thread level (default 100). |
| retries | STRING | -r | Number of connection retries (default 1). |
| timeout | STRING | -t | Connection timeout (default 30s). |
Showing key inputs. ssb exposes 8 inputs in total.
| Name | Type | Flag | Description |
|---|---|---|---|
| host | STRING | · | Target SSH host to brute-force. |
| port | STRING | -p | Port to connect to on the remote host (default 22). |
| user | STRING | · | Username to brute-force on the target. |
| retries | STRING | -r | Number of connection retries (default 1). |
| timeout | STRING | -t | Connection timeout (default 30s). |
| verbose | BOOLEAN | -v | Verbose mode; log each attempt as it runs. |
| wordlist | FILE | -w | Path to the password wordlist file. |
| concurrent | STRING | -c | Concurrency / thread level (default 100). |
example
# brute-force SSH on a discovered host with a password listssb -w /usr/share/wordlists/rockyou.txt -c 200 -r 2 -t 15 -p 2222 root@198.51.100.23[*] target 198.51.100.23:2222 user: root wordlist: rockyou.txt (14344392 words)[-] root:123456[-] root:password[-] root:12345678[-] root:letmein[+] valid credential found -> root:S3cr3t-Autumn![*] 1 credential recovered, 4812 tries in 00:02:41guidance
Use ssb when you have an SSH service and want to test a host and user against a password wordlist quickly. It does only SSH, so for other protocols use a general cracker. Run it after a port scan confirms port 22 is open, and only on hosts you are authorized to test.
Multi-protocol cracker covering many services. ssb is leaner and faster for SSH alone.
Parallel multi-protocol brute-forcer. ssb focuses on SSH with simpler flags.
faq
A host and a wordlist feed ssb, which brute-forces the SSH login and writes any valid credential as output.
Facts on this page come from the live Trickest tool library.