Projects / SSHatter


SSHatter uses a brute force technique to determine the how to log into an SSH server. It simply tries each combination in a list of usernames and passwords to determine which ones successfully log in.

Operating Systems

Recent releases

  •  14 Dec 2009 23:09

    Release Notes: This release adds dumb mode, where SSHatter will check password equals password, username, and blank. It adds sudo mode, where SSHatter will echo the password to STDIN. It adds rudimentry file transfer modes, which also work interactively via "put" and "get". It improves the usage message. There is a new command line interface based on Getops. There is a modular design to allow more code reuse, a new threading model, support for SSH private keys, mass mode for post brute force command execution, and interactive mode for post brute force command execution. Timing attack based username enumeration has been removed for now.

    •  06 Oct 2007 21:05

      Release Notes: SSHatter now allows timing attacks to be attempted for rudimentary username enumeration. It now allows port numbers to be specified in the target servers file in the format <hostname>:[<portnumber>]. There have also been other miscellaneous improvements and fixes.

      •  26 Sep 2007 03:41

        Release Notes: This version handles systems configured with AllowUsers correctly, as these systems do not return "Permission denied" on Net::SSH::Perl->login().

        •  25 Sep 2007 15:27

          Release Notes: Optional reconnection on connection failure was added.

          •  11 Sep 2007 05:32

            Release Notes: The order of the loops was changed to improve performance.


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.