├── LICENSE ├── README.md └── port_force.py /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2017 Jack Halon - KKB 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # PortForce 2 | 3 | A Custom Port Brute Force Tool created for use in CTF's and Pentests. 4 | 5 | 6 | 7 | Yes, there are a lot of tools out there that do Brute Force for Telnet, SSH, FTP, etc. 8 | 9 | This tool was created to aid in brute forcing custom ports/daemons that don't typically run on SSH, FTP, etc. 10 | 11 | ## Install: 12 | 13 | You can install PortForce by cloning this Git Repository 14 | 15 | ```console 16 | $ git clone https://github.com/jhalon/PortForce.git 17 | ``` 18 | 19 | ## Usage: 20 | 21 | ```console 22 | Usage: ./port_force -t 192.168.0.1 -p 1234 -u users.txt -P pass.txt 23 | 24 | -h --help - display usage information 25 | -t --target - set IP address of Target 26 | -p --port - set Port for Target 27 | -u --user - set a list of usernames to brute force 28 | -P --pass - set a list of passwords to brute force 29 | ``` 30 | 31 | ## Requirements: 32 | 33 | Since this was created using Python v2.7.13 it will not be compatible with Python v3.x. 34 | 35 | * Python v2.7.13 - [Download](https://www.python.org/downloads/release/python-2713/) 36 | 37 | ## Bugs? 38 | 39 | * Please Submit a new Issue 40 | * Submit a Pull Request 41 | * Contact me 42 | 43 | ## License: 44 | 45 | PortForce is under the terms of the [MIT License](https://www.tldrlegal.com/l/mit), follow clarification in the [License File](https://github.com/jhalon/PortForce/blob/master/LICENSE). 46 | 47 | 48 | -------------------------------------------------------------------------------- /port_force.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | import socket 4 | import sys 5 | import getopt 6 | import os 7 | import datetime 8 | import time 9 | 10 | class bcolors: 11 | HEADER = '\033[95m' 12 | OKBLUE = '\033[94m' 13 | OKGREEN = '\033[92m' 14 | WARNING = '\033[93m' 15 | FAIL = '\033[91m' 16 | ENDC = '\033[0m' 17 | BOLD = '\033[1m' 18 | UNDERLINE = '\033[4m' 19 | 20 | def banner(): 21 | print bcolors.HEADER + " ____ __ ______ " + bcolors.ENDC 22 | print bcolors.HEADER + " / __ \____ _____/ /_ / ____/___ _____________ " + bcolors.ENDC 23 | print bcolors.HEADER + " / /_/ / __ \/ ___/ __/ / /_ / __ \/ ___/ ___/ _ \ " + bcolors.ENDC 24 | print bcolors.HEADER + " / ____/ /_/ / / / /_ / __/ / /_/ / / / /__/ __/" + bcolors.ENDC 25 | print bcolors.HEADER + "/_/ \____/_/ \__/ /_/ \____/_/ \___/\___/ " + bcolors.ENDC 26 | print 27 | print bcolors.HEADER + " Created By: Jack Halon (KKB) " + bcolors.ENDC 28 | print bcolors.HEADER + " Twitter: @jack_halon " + bcolors.ENDC 29 | print 30 | print 31 | 32 | 33 | def usage(): 34 | print "Port Force - A custom port Brute Forcing Tool" 35 | print "---------------------------------------------" 36 | print 37 | print "Usage: ./port_force -t 192.168.0.1 -p 1234 -u users.txt -P pass.txt" 38 | print 39 | print "-h --help - display usage information" 40 | print "-t --target - set IP address of Target" 41 | print "-p --port - set Port for Target" 42 | print "-u --user - set a list of usernames to brute force" 43 | print "-F --pass - set a list of passwords to brute force" 44 | print 45 | print 46 | print "Examples:" 47 | print "---------------------------------------------" 48 | print "./port_force -t 192.168.0.1 -p 1234 -u names.txt -P pass.txt" 49 | print "./port_force -t 192.168.0.1 -p 1234 -u users.txt -P pass.txt" 50 | print "./port_force --target 192.168.0.1 --port 1234 --user names.txt --pass pass.txt" 51 | print "./port_force -t 192.168.0.1 -p 1234 -u name.txt -P /usr/share/wordlists/rockyou.txt" 52 | 53 | def main(): 54 | target = "" 55 | port = 0 56 | var_user = "" 57 | var_pass = "" 58 | user_len = 0 59 | cur_user = 0 60 | pass_len = 0 61 | cur_pass = 0 62 | 63 | banner() 64 | 65 | if not len(sys.argv[1:]): 66 | usage() 67 | sys.exit(1) 68 | 69 | try: 70 | opts, args = getopt.getopt(sys.argv[1:], "h:t:p:u:P:", ["help", "target", "port", "user=", "pass="]) 71 | except getopt.GetoptError as err: 72 | print bcolors.FAIL + "[ERROR] - " + str(err) +"\n" + bcolors.ENDC 73 | usage() 74 | sys.exit(2) 75 | 76 | for opt, arg in opts: 77 | if opt == ("-h", "--help"): 78 | usage() 79 | sys.exit() 80 | elif opt in ("-t", "--target"): 81 | target = arg 82 | elif opt in ("-p", "--port"): 83 | port = int(arg) 84 | elif opt in ("-u", "--user"): 85 | var_user = arg 86 | elif opt in ("-P", "--pass"): 87 | var_pass = arg 88 | else: 89 | assert False, "Unhandled Option" 90 | 91 | # Check if userlist exists 92 | if not os.path.exists(var_user): 93 | sys.stderr.write(bcolors.FAIL + "[ERROR] - Userlist was not found!\n" + bcolors.ENDC) 94 | sys.exit(1) 95 | 96 | # Check if passwordlist exists 97 | if not os.path.exists(var_pass): 98 | sys.stderr.write(bcolors.FAIL + "[ERROR] - Passwordlist was not found !\n" + bcolors.ENDC) 99 | sys.exit(1) 100 | else: 101 | print bcolors.OKGREEN + "[+] Loading Username and Password List...\n" + bcolors.ENDC 102 | time.sleep(3) 103 | 104 | uFile = open(var_user) 105 | uLines = len(uFile.readlines()) 106 | user_len = uLines 107 | 108 | pFile = open(var_pass) 109 | pLines = len(pFile.readlines()) 110 | pass_len = pLines 111 | 112 | print bcolors.OKGREEN + "[+] Attacking Target:%s on Port:%s\n" % (target, port) + bcolors.ENDC 113 | time.sleep(3) 114 | 115 | print bcolors.OKGREEN + "[+] Pinging %s to verify host connectvity...\n" % (target) + bcolors.ENDC 116 | time.sleep(3) 117 | 118 | # Ping host to make sure it is up 119 | response = os.system("ping -c 1 " + target + " > /dev/null") 120 | if response == 0: 121 | print bcolors.OKGREEN + "[OK] The host %s is up!\n" % (target) + bcolors.ENDC 122 | else: 123 | print bcolors.WARNING + "[FAIL] The host %s is down! Shutting down...\n" % (target) + bcolors.ENDC 124 | sys.exit(1) 125 | 126 | # Iterate through userlist and passwordlist 127 | with open(var_user, "r") as user_file: 128 | for user in user_file: 129 | cur_user += 1 130 | cur_pass = 0 131 | 132 | # Print current user being tested, and total number of users left 133 | print bcolors.OKGREEN + "[INFO] Testing User: %s (%s/%s)" % (user.strip(), cur_user, user_len) + bcolors.ENDC 134 | time.sleep(3) 135 | 136 | with open(var_pass, "r") as pass_file: 137 | # Get list length of passwordlist 138 | for passwd in pass_file: 139 | cur_pass += 1 140 | time_tag = time.strftime("%H:%M:%S") 141 | 142 | # Print current Username and Password used for brute force 143 | print bcolors.OKBLUE + "[%s] [-] Trying %s of %s - %s:%s" % (time_tag, cur_pass, pass_len, user.strip(), passwd.strip()) +bcolors.ENDC 144 | time.sleep(0.5) 145 | 146 | # Connection 147 | try: 148 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 149 | s.connect((target, port)) 150 | except: 151 | print bcolors.FAIL + "\n[ERROR] - Can't connect to the host!\n" + bcolors.ENDC 152 | sys.exit(1) 153 | 154 | # Request username 155 | data = "" 156 | while True: 157 | tmp = s.recv(1) 158 | if tmp == "": 159 | break 160 | data += tmp 161 | if data.endswith("Enter login: "): 162 | break 163 | 164 | # Send username 165 | s.send(user) 166 | 167 | #Request password 168 | data = "" 169 | while True: 170 | tmp = s.recv(1) 171 | if tmp == "": 172 | break 173 | data += tmp 174 | if data.endswith("Enter password: "): 175 | break 176 | 177 | # Send password 178 | s.send(passwd) 179 | 180 | # Answer 181 | answer = s.recv(6) 182 | 183 | # Display Username and Password if login is successful 184 | if "Error!" not in answer: 185 | print bcolors.OKGREEN + "[" + time_tag + "] [!] Success! " + user.strip() + ":" + passwd.strip() + bcolors.ENDC 186 | sys.exit(1) 187 | 188 | if cur_user == user_len and cur_pass == pass_len: 189 | print bcolors.FAIL + "\n[FAILED] - All possibilities exhausted! Shutting down..." + bcolors.ENDC 190 | 191 | s.close() 192 | 193 | 194 | if __name__ == "__main__": 195 | main() 196 | --------------------------------------------------------------------------------