Shreder : A Powerful Multi-Threaded SSH Protocol Password Bruteforce Tool

Shreder is a powerful multi-threaded SSH protocol password brute-force tool.

Features

  • Very fast password guessing, just one password in 0.1 second.
  • Optimized for big password lists, Shreder tries 1000 passwords in 1 minute and 40 seconds.
  • Simple CLI and API usage.

Installation

pip3 install git+https://github.com/EntySec/Shreder

Basic Usage

To use Shreder just type shreder in your terminal.

usage: shreder [-h] [-p PORT] [-u USERNAME] [-l LIST] target
Shreder is a powerful multi-threaded SSH protocol password bruteforce tool.
positional arguments:
target
optional arguments:
-h, –help show this help message and exit
-p PORT, –port PORT SSH port.
-u USERNAME, –username USERNAME
SSH username.
-l LIST, –list LIST Passwords list.

Examples

Brute-forcing single target

Let’s brute-force my device just for fun.

shreder 192.168.2.109 -u mobile -l passwords.txt

API Usage

Shreder also has their own Python API that can be invoked by importing Shreder to your code.

from shreder import Shreder

Basic functions

There are all Shreder basic functions that can be used to brute-force single target.

  • connect(host, port, username, password) – Connect single target by given address.
  • brute(host, port, username, dictionary) – Brute-force single target by given address.

Examples

Brute-forcing single target

from shreder import Shreder
shreder = Shreder()
password = shreder.brute(192.168.2.109, 22, ‘mobile’, ‘passwords.txt’)
print(password)