Welcome to the SSHCracker v3.0 Beta comprehensive documentation. This guide will take you from zero to expert.
- Introduction
- Requirements
- Installation
- Preparing Your Files
- Running Your First Scan
- Understanding the Output
- Pause and Resume
- CLI Flags
- Honeypot Detection
- Performance Tuning
- Troubleshooting
- FAQ
- Legal Notice
SSHCracker is a high-performance SSH brute force tool designed for:
- Penetration testers - Testing SSH security on authorized systems
- Security researchers - Studying SSH attack patterns
- System administrators - Auditing their own infrastructure
| Feature | Description |
|---|---|
| Multi-threaded | 100+ workers with 25 connections each |
| Honeypot Detection | 11 algorithms to detect fake servers |
| Pause/Resume | Save progress and continue later |
| Auto-save | Automatic backup every 5 minutes |
| Professional UI | Interactive input with validation |
| Component | Minimum | Recommended |
|---|---|---|
| OS | Linux, Windows, macOS | Linux |
| RAM | 512 MB | 2 GB |
| CPU | 1 core | 4+ cores |
| Network | Stable connection | High bandwidth |
For building from source:
- Go version 1.21 or higher
For running pre-built binaries:
- No additional software required
Linux (Ubuntu/Debian):
# Update package list
sudo apt update
# Install Go
sudo apt install golang-go
# Verify installation
go versionLinux (Using snap):
sudo snap install go --classic
go versionmacOS:
# Using Homebrew
brew install go
# Verify
go versionWindows:
- Download installer from golang.org
- Run the installer
- Open Command Prompt and verify:
go version
- Go to Releases Page
- Download the file for your platform:
- Linux:
sshcracker-linux-amd64 - macOS:
sshcracker-darwin-amd64 - Windows:
sshcracker-windows-amd64.exe
- Linux:
- Make it executable (Linux/macOS):
chmod +x sshcracker-* - Run:
./sshcracker-*
# Step 1: Clone the repository
git clone https://github.com/Matrix-Community-ORG/SSHCracker.git
# Step 2: Enter directory
cd SSHCracker
# Step 3: Download dependencies
go mod tidy
# Step 4: Build
go build -o sshcracker ssh.go
# Step 5: Run
./sshcrackerYou need three files to run SSHCracker:
Create a file called users.txt with one username per line:
root
admin
administrator
user
ubuntu
debian
centos
oracle
postgres
mysql
Tips:
- Start with common usernames like
root,admin - Add service-specific usernames:
postgres,mysql,oracle - Add cloud provider defaults:
ubuntu,ec2-user,centos
Create a file called passwords.txt with one password per line:
123456
password
admin
root
12345678
qwerty
letmein
welcome
monkey
dragon
Tips:
- Start with the most common passwords
- Include variations:
Password1,Admin123 - You can use wordlists like SecLists
Create a file called targets.txt with one target per line in IP:PORT format:
192.168.1.1:22
192.168.1.2:22
10.0.0.1:22
10.0.0.2:2222
Format: IP_ADDRESS:PORT
Tips:
- Most SSH servers run on port 22
- Some use alternative ports like 2222, 22222
- You can use domain names:
example.com:22
Using nmap to find SSH servers:
# Scan a network for SSH servers
nmap -p 22 192.168.1.0/24 --open -oG - | grep "22/open" | awk '{print $2":22"}' > targets.txtUsing masscan for faster scanning:
# Fast scan for SSH
masscan 192.168.1.0/24 -p22 --rate=1000 -oG masscan.txt
grep "22/open" masscan.txt | awk '{print $4":22"}' > targets.txt-
Start SSHCracker:
./sshcracker
-
You'll see the welcome screen:
╔══════════════════════════════════════════════════════════════╗ ║ 🚀 SSHCracker v3.0-beta - Setup 🚀 ║ ╚══════════════════════════════════════════════════════════════╝ -
Enter username file path:
📁 Username list file path: users.txt -
Enter password file path:
🔐 Password list file path: passwords.txt -
Enter target file path:
🌐 IP list file path (ip:port format): targets.txt -
Set timeout (press Enter for default):
⏱️ Timeout in seconds: 10 -
Set workers (press Enter for default):
👷 Maximum workers: 100 -
Review scan summary:
╔══════════════════════════════════════════════════════════════╗ ║ 📋 SCAN CONFIGURATION ║ ╠══════════════════════════════════════════════════════════════╣ ║ 🌐 Targets: 100 IPs ║ ║ 🔑 Combinations: 1,000 ║ ║ ⏱️ Timeout: 10s ║ ║ 👷 Workers: 100 ║ ╚══════════════════════════════════════════════════════════════╝ -
Confirm to start:
🚀 Start scan? > ✅ Yes, start scan ❌ No, cancel -
Watch the progress:
╔══════════════════════════════════════════════════════════════╗ ║ 🚀 SSHCracker v3.0-beta - Advanced SSH Brute Force 🚀 ║ ╠══════════════════════════════════════════════════════════════╣ ║ 🔍 Progress: 500/1,000 ( 50.0%) ║ ║ ⚡ Speed: 125.3 checks/sec ║ ║ ✅ Successful: 3 | ❌ Failed: 495 | 🍯 Honeypots: 2 ║ ╚══════════════════════════════════════════════════════════════╝
After a scan, you'll find these files:
| File | Purpose |
|---|---|
su-goods.txt |
Successfully cracked credentials |
detailed-results.txt |
Full details with system info |
honeypots.txt |
Detected honeypot servers |
combo.txt |
Generated credential combinations |
192.168.1.10:22@root:password123
192.168.1.15:22@admin:admin
10.0.0.5:22@ubuntu:ubuntu
Format: IP:PORT@USERNAME:PASSWORD
=== 🎯 SSH Success 🎯 ===
🌐 Target: 192.168.1.10:22
🔑 Credentials: root:password123
🖥️ Hostname: webserver01
🐧 OS: Linux webserver01 5.4.0-42-generic
📡 SSH Version: OpenSSH_8.2p1 Ubuntu-4ubuntu0.3
⚡ Response Time: 234ms
🔌 Open Ports: [22 80 443 3306]
🍯 Honeypot Score: 2
🕒 Timestamp: 2026-01-03 15:30:45
========================
HONEYPOT: 192.168.1.50:22@root:root (Score: 8)
HONEYPOT: 10.0.0.100:22@admin:admin (Score: 12)
| Stat | Meaning |
|---|---|
| Progress | Tasks completed / Total tasks |
| Speed | Checks per second |
| Successful | Valid credentials found |
| Failed | Connection failures or wrong passwords |
| Honeypots | Detected honeypot servers |
| Success Rate | Percentage of real servers cracked |
| Honeypot Rate | Percentage of honeypots detected |
Press Ctrl+C during a scan:
⏸️ Pausing scan... Please wait...
✅ State saved to paused.json
📂 Resume with: ./sshcracker --resume
./sshcracker --resumeOr with a custom state file:
./sshcracker --resume-file myscan.jsonThe pause state includes:
- ✅ Current task position
- ✅ All statistics (goods, errors, honeypots)
- ✅ Successfully cracked IPs (to avoid duplicates)
- ✅ Original configuration
- ✅ Start time (for accurate timing)
SSHCracker automatically saves state every 5 minutes to autosave.json.
This protects against:
- Power failures
- System crashes
- Accidental terminal closure
| File | Purpose |
|---|---|
paused.json |
Created when you press Ctrl+C |
autosave.json |
Created every 5 minutes automatically |
Both files are deleted when scan completes successfully.
| Flag | Short | Description |
|---|---|---|
--help |
-h |
Show help message |
--resume |
-r |
Resume from paused.json |
--resume-file |
Resume from custom file |
# Show help
./sshcracker --help
./sshcracker -h
# Resume from default paused.json
./sshcracker --resume
./sshcracker -r
# Resume from custom file
./sshcracker --resume-file backup.json
# Interactive mode (default)
./sshcrackerA honeypot is a fake server designed to:
- Capture attacker credentials
- Log attack patterns
- Waste attacker time
- Collect malware samples
SSHCracker uses 11 algorithms to detect honeypots:
| # | Algorithm | How It Works |
|---|---|---|
| 1 | Pattern Recognition | Searches for honeypot keywords in output |
| 2 | Response Time | Flags suspiciously fast responses |
| 3 | Command Timing | Measures variance in command execution time |
| 4 | SSH Banner | Checks for known honeypot SSH versions |
| 5 | File System | Looks for fake/empty directories |
| 6 | Process List | Searches for honeypot processes |
| 7 | Network Config | Checks for missing network files |
| 8 | Behavioral | Tests file creation, command execution |
| 9 | Anomalies | Checks hostname, uptime, history |
| 10 | Advanced | Checks CPU, kernel, package managers |
| 11 | Performance | Tests I/O speed, network connections |
Each algorithm adds points to a "honeypot score":
| Score | Meaning |
|---|---|
| 0-4 | Likely real server |
| 5-6 | Possibly honeypot |
| 7+ | Likely honeypot |
SSHCracker detects these honeypot software:
- Cowrie
- Kippo
- HonSSH
- Artillery
- Honeyd
- Dionaea
- Elastichoney
- Bifrozt
- Kojoney
- And more...
| Workers | Best For | Memory Usage |
|---|---|---|
| 10 | Stealth scanning | ~100 MB |
| 50 | Normal scanning | ~250 MB |
| 100 | Fast scanning | ~500 MB |
| 200 | Maximum speed | ~1 GB |
| Timeout | Best For | Speed |
|---|---|---|
| 3s | Fast networks | Fastest |
| 5s | Normal networks | Fast |
| 10s | Slow networks | Medium |
| 15s | Very slow networks | Slow |
Increase file descriptor limit for more connections:
# Temporary (current session)
ulimit -n 65536
# Permanent (add to /etc/security/limits.conf)
* soft nofile 65536
* hard nofile 65536- Start small: Begin with 50 workers and increase if stable
- Monitor resources: Watch CPU and memory usage
- Adjust timeout: Lower for fast networks, higher for slow
- Use SSD: Faster disk helps with logging
- Stable network: Avoid WiFi for large scans
"Permission denied"
chmod +x sshcracker"Too many open files"
ulimit -n 65536"Module errors"
go mod tidy"File not found"
- Check file path is correct
- Use absolute paths if needed:
/home/user/targets.txt
# Check if paused.json exists
ls -la paused.json
# View the content
cat paused.json
# If corrupted, try autosave
./sshcracker --resume-file autosave.json- Reduce timeout value
- Reduce worker count
- Check network speed
- Close other applications
- Use wired connection
- Reduce worker count
- Split target list into smaller files
- Use system with more RAM
A: SSHCracker is a security tool. Using it on systems you own or have permission to test is legal. Using it on unauthorized systems is illegal.
A: With 100 workers and 10s timeout, expect ~100-500 checks per second depending on network conditions.
A: Yes! Specify port in target file: 192.168.1.1:2222
A: Check honeypots.txt or look for high honeypot scores in detailed-results.txt.
A: Your progress is auto-saved every 5 minutes. Use --resume to continue.
A: Yes, but use different output files and target lists to avoid conflicts.
A: Currently only password authentication is supported.
A: The v3.0 dynamic threshold system automatically adjusts. Very few false positives occur with default settings.
This tool is intended for:
- ✅ Security professionals testing authorized systems
- ✅ Penetration testers with written permission
- ✅ System administrators auditing their own infrastructure
- ✅ Security researchers in controlled environments
- ❌ Unauthorized access to computer systems
- ❌ Testing systems without explicit permission
- ❌ Any illegal activities
The developers are not responsible for any misuse of this tool. Users are solely responsible for ensuring they have proper authorization before using SSHCracker on any system.
- GitHub Issues: Report bugs
- Telegram: @MatrixORG
- Developer: @sudolite
Made with ❤️ by SudoLite & Matrix Community