Clean up

README.md

@@ -1,182 +1,241 @@
-## Crowbar (Levye) - Brute forcing tool for pentests
+## Crowbar (Levye) - Brute forcing tool
+
+### Demonstration Videos
 
-### Videos
 https://www.youtube.com/watch?v=4QZAWGsveSM&list=PL1BVM6VWlmWZOv9Hv8TV2v-kAlUmvA5g7&index=1
 https://www.youtube.com/watch?v=i_byBBlpZoE&list=PL1BVM6VWlmWZOv9Hv8TV2v-kAlUmvA5g7&index=2
 https://www.youtube.com/watch?v=IOSUpAFaL6E&list=PL1BVM6VWlmWZOv9Hv8TV2v-kAlUmvA5g7&index=3
 
-### What is it?
+### What is Crowbar?
+
+**Crowbar** (formally known as Levye) is a brute forcing tool that can be used during penetration tests. It was developed to brute force some protocols in a different manner according to other popular brute forcing tools. As an example, while most brute forcing tools use username and password for SSH brute force, Crowbar uses SSH key(s). This allows for any private keys that have been obtained during penetration tests, to be used to attack other SSH servers.
+
+Currently **Crowbar** supports:
 
-**Crowbar** (crowbar) is brute forcing tool that can be used during penetration tests. It is developed to brute force some protocols in a different manner according to other popular brute forcing tools. As an example, while most brute forcing tools use username and password for SSH brute force, Crowbar uses SSH key. So SSH keys, that are obtained during penetration tests, can be used to attack other SSH servers. 
+- OpenVPN (`-b openvpn`)
+- Remote Desktop Protocol (RDP) with NLA support (`-b rdp`)
+- SSH private key authentication (`-b sshkey`)
+- VNC key authentication (`-b vpn`)
 
-Currently **Crowbar** supports 
-- OpenVPN
-- SSH private key authentication
-+ VNC key authentication
-* Remote Desktop Protocol (RDP) with NLA support
 
 ### Installation
 
-First you shoud install dependencies
+Install all the dependencies:
+
 ```
- # apt-get install openvpn freerdp-x11 vncviewer
+# apt-get -y install openvpn freerdp-x11 vncviewer
 ```
 
-Then get latest version from github 
+Then get latest version from GitHub:
+
 ```
- # git clone https:/galkan/crowbar 
+# git clone https:/galkan/crowbar
 ```
 
-Attention: Rdp depends on your Kali version. It may be xfreerdp for the latest version.
+Note: The RDP client depends on your OS. Debian 7/8 & Kali 1/2 uses `freerdp-x11`. Else you can try `xfreerdp` (Will need to edit the screen to point to the new binary).
 
 ### Usage
 
-**-h**: Shows help menu.
+**-h**: Shows a help menu
 
-**-b**: Target service. Crowbar now supports vnckey, openvpn, sshkey, rdp.
+**-b**: Target service. Crowbar supports: `openvpn`, `rdp`, `sshkey`, `vnckey`.
 
-**-s**: Target ip address.
+**-s**: Target IP address/range (in CIDR notation)
 
-**-S**: File name which is stores target ip address.
+**-S**: `</path/to/file>` which is stores target IP addresses
 
-**-u**: Username.
+**-u**: Single username
 
-**-U**: File name which stores username list.
+**-U**: `</path/to/file>` which stores the username list
 
-**-n**: Thread count.
+**-n**: Thread count
 
-**-l**: File name which stores log. Default file name is crwobar.log which is located in your current directory
+**-l**: `</path/to/file>` to store the log file (default is `./crowbar.log`)
 
-**-o**: Output file name which stores the successfully attempt.
+**-o**: `</path/to/file>` to store the successfully attempt(s) (default is `./crowbar.out`)
 
-**-c**: Password.
+**-c**: Static password
 
-**-C**: File name which stores passwords list.
+**-C**: `</path/to/file>` for passwords list
 
-**-t**: Timeout value.
+**-t**: Timeout value
 
-**-p**: Port number 
+**-p**: Port number (if the service is not on the default port)
 
-**-k**: Key file full path. 
+**-k**: `</path/to/file-or-folder>` for key files (for SSH or VNC)
 
-**-m**: Openvpn configuration file path
+**-m**: `</path/to/file>` for a OpenVPN configuration file
 
-**-d**: Run nmap in order to discover whether the target port is open or not. So that you can easily brute to target using crowbar. 
+**-d**: Run nmap on the IP range (in `-s`/`-S`) in order to discover whether the targets has an open port or not. This allows for multiple targets to be easily brute forced using Crowbar
 
-**-v**: Verbose mode which is shows all the attempts including fail.
+**-v**: Enable verbose mode (shows all the attempts)
 
+**-q**: Enable quiet mode (only show successful logins)
 
-If you want see all usage options, please use **crowbar --help** 
+If you want see all usage options, please use: `./crowbar.py --help`.
 
-![alt tag](https://raw.githubusercontent.com/galkan/crowbar/master/images/crowbar-parola-dosyasi.jpg) 
+- - -
 
-**ATTENTION:** If you want to use username including DOMAIN, please specify username like below. Backslash is the escape character for python. So you can use two formats for achieving this.
+**ATTENTION:** If you want to use username including DOMAIN, please specify username like below. Backslash (`\`) is the escape character for python. So you have to use either of the following two formats:
 
 ```
-# ./crowbar.py -b rdp -u DOMAIN\\gokhan alkan -c Aa123456 -s 10.68.35.150/32 
+# ./crowbar.py -b rdp -u DOMAIN\\gokhan alkan -c Aa123456 -s 10.68.35.150/32
 2015-03-28 11:03:39 RDP-SUCCESS : 10.68.35.150:3389 - "DOMAIN\gokhan alkan":Aa123456,
 ```
 
 ```
-# ./crowbar.py -b rdp -u gokhan alkan@ornek -c Aa123456 -s 10.68.35.150/32 
+# ./crowbar.py -b rdp -u gokhan alkan@ornek -c Aa123456 -s 10.68.35.150/32
 2015-03-28 11:04:00 RDP-SUCCESS : 10.68.35.150:3389 - "gokhan alkan@DOMAIN":Aa123456,
 ```
 
 
-**Brute forcing RDP** 
 
-Below are the examples which you have options for using crowbar. 
+#### Brute Forcing Remote Desktop Protocol (RDP)
+
+Below are a few examples of attacking RDP using Crowbar.
 
-RDP brute force attempt to a single IP address using a single username and a single password:
+
+
+RDP brute forcing a single IP address using a single username and a single password:
 
 ```
-crowbar.py -b rdp -s 192.168.2.182/32 -u admin -c Aa123456
+# ./crowbar.py -b rdp -s 192.168.2.182/32 -u admin -c Aa123456
 ```
-![alt tag](https://raw.githubusercontent.com/galkan/crowbar/master/images/crowbar-rdp.jpg)
+
+![](https://raw.githubusercontent.com/galkan/crowbar/master/images/crowbar-rdp.jpg)
 
 
-RDP brute force attempt to a single IP address using username list file and a single password
+- - -
+
+
+RDP brute forcing a single IP address using username list file and a single password:
 
 ```
-crowbar.py -b rdp -s 192.168.2.211/32 -U /root/Desktop/userlist -c passw0rd
+# ./crowbar.py -b rdp -s 192.168.2.211/32 -U /root/Desktop/userlist -c passw0rd
 ```
-![alt tag](https://raw.githubusercontent.com/galkan/crowbar/master/images/crowvar-rdp-dosya.jpg)
+
+![](https://raw.githubusercontent.com/galkan/crowbar/master/images/crowvar-rdp-dosya.jpg)
 
 
-RDP brute force attempt to a single IP address using a single username and a password list:
+- - -
+
+
+RDP brute forcing a single IP address using a single username and a password list:
+
 ```
-crowbar.py -b rdp -s 192.168.2.250/32 -u localuser -C /root/Desktop/passlist
+# ./crowbar.py -b rdp -s 192.168.2.250/32 -u localuser -C /root/Desktop/passlist
 ```
-![alt tag](https://raw.githubusercontent.com/galkan/crowbar/master/images/crowvar-rdp-dosya2.jpg)
+
+![](https://raw.githubusercontent.com/galkan/crowbar/master/images/crowvar-rdp-dosya2.jpg)
+
+
+- - -
 
 
-RDP brute force attempt to a network using a username list and a password list in discovery mode:
+RDP brute forcing a subnet using a username list and a password list in discovery mode:
+
 ```
-crowbar.py -b rdp -s 192.168.2.0/24 -U /root/Desktop/userlist -C /root/Desktop/passlist -d
+# ./crowbar.py -b rdp -s 192.168.2.0/24 -U /root/Desktop/userlist -C /root/Desktop/passlist -d
 ```
-![alt tag](https://raw.githubusercontent.com/galkan/crowbar/master/images/crowvar-rdp-kadi-parola-dosya.jpg)
 
+![](https://raw.githubusercontent.com/galkan/crowbar/master/images/crowvar-rdp-kadi-parola-dosya.jpg)
+
+
+- - -
 
-**Brute forcing SSH** 
 
-Below are the examples which you have options for using crowbar.
+#### Brute Forcing SSH Private Keys
 
+Below are a few examples which you have using Crowbar.
 
-SSH key brute force attempt to a single IP address using a single username and a ssh key:
+
+
+SSH key brute force attempt to a single IP address using a single username and a single private SSH key:
 
 ```
-crowbar.py -b sshkey -s 192.168.2.105/32 -u root -k /root/.ssh/id_rsa
+# ./crowbar.py -b sshkey -s 192.168.2.105/32 -u root -k /root/.ssh/id_rsa
 ```
-![alt tag](https://raw.githubusercontent.com/galkan/crowbar/master/images/crowbar-ssh1.jpg)
+
+![](https://raw.githubusercontent.com/galkan/crowbar/master/images/crowbar-ssh1.jpg)
 
 
-SSH key brute force attempt to a single IP address using a single username and a ssh key folder:
+- - -
+
+
+SSH key brute force attempt to a single IP address using a single username and all the SSH keys in a folder:
+
 ```
-crowbar.py -b sshkey -s 192.168.2.105/32 -u root -k /root/.ssh/
+# ./crowbar.py -b sshkey -s 192.168.2.105/32 -u root -k /root/.ssh/
 ```
-![alt tag](https://raw.githubusercontent.com/galkan/crowbar/master/images/crowbar-ssh2.jpg)
+
+![](https://raw.githubusercontent.com/galkan/crowbar/master/images/crowbar-ssh2.jpg)
+
+
+- - -
 
 
-SSH key brute force attempt to a network using a single username and a ssh key folder in discovery mode:
+SSH key brute force attempt to a subnet using a single username and all the SSH keys in a folder in discovery mode:
+
 ```
-crowbar.py -b sshkey -s 192.168.2.0/24 -u root -k /root/.ssh/ -d
+# ./crowbar.py -b sshkey -s 192.168.2.0/24 -u root -k /root/.ssh/ -d
 ```
-![alt tag](https://raw.githubusercontent.com/galkan/crowbar/master/images/crowbar-ssh3.jpg)
 
-Attention: If you want, you can specify the key directory with -k option. Crowbar will use all the files under this directory for brute force. For instance;
+![](https://raw.githubusercontent.com/galkan/crowbar/master/images/crowbar-ssh3.jpg)
+
+
 
-``# crowbar.py -k /root/.ssh``
+#### Brute Forcing VNC
 
+Below is an example of attacking a VNC service using Crowbar.
 
-**Brute forcing VNC server** 
 
-Below is the example which you have options for using crowbar.
 
-VNC brute force attempt to a single IP address using a passwd file with specified port number:
+VNC brute force attempt to a single IP address using a password file with specified port number:
 
 ```
-crowbar.py -b vnckey -s 192.168.2.105/32 -p 5902 -k /root/.vnc/passwd 
+# ./crowbar.py -b vnckey -s 192.168.2.105/32 -p 5902 -k /root/.vnc/passwd
 ```
-![alt tag](https://raw.githubusercontent.com/galkan/crowbar/master/images/crowbar-vnc.jpg)
 
+![](https://raw.githubusercontent.com/galkan/crowbar/master/images/crowbar-vnc.jpg)
+
+
+
+### Brute Forcing OpenVPN
 
-**Brute forcing OpenVPN** 
+Below is an example of attacking OpenVPN using Crowbar.
 
-Below are the example which you have options for using crowbar.
 
-VPN brute force attempt to a single IP address using a configuration file, a certificate file, a single username and a sindle password with specified port number:
+
+OpenVPN brute force attempt to a single IP address using a configuration file, a certificate file, a single username and a single password with specified port number:
 
 ```
-crowbar.py -b openvpn -s 198.7.62.204/32 -p 443 -m /root/Desktop/vpnbook.ovpn -k /root/Desktop/vpnbook_ca.crt -u vpnbook -c cr2hudaF
+# ./crowbar.py -b openvpn -s 198.7.62.204/32 -p 443 -m /root/Desktop/vpnbook.ovpn -k /root/Desktop/vpnbook_ca.crt -u vpnbook -c cr2hudaF
 ```
-![alt tag](https://raw.githubusercontent.com/galkan/crowbar/master/images/crowbar-vpn.jpg)
+
+![](https://raw.githubusercontent.com/galkan/crowbar/master/images/crowbar-vpn.jpg)
+
+
+
+- - -
+
+### Logs & Output
+
+Once you have executed Crowbar, it generates 2 files for logging and result that are located in your current directory. Default log file name is `crowbar.log` which stores all brute force attempts while execution. If you don't want use default log file, you should use `-l log_path`. The second file is `crowbar.out` which stores successful attempts while execution. If you don't want use default output file, you should use `-o output_path`. After that you can observe Crowbar operations.
+
+
+- - -
+
+### Thanks To
+
+- Bahtiyar Bircan
+- Ertuğrul Başaranoğlu
+
 
 
-### Example Output
+- - -
 
-Once you have executed crowbar, it generates 2 files for logging and result that are located in your current directory. Default log file name is crowbar.log which stores all brute force attempts while execution. If you don't want use default log file, you should use -l log_path. The second file is crowbar.out which stores successful attempts while execution. If you don't want use default output file, you should use -o output_path. After that you can observe crowbar operations. Please look at the crowbar.log and crowbar.out files. 
+### Bookmarks
 
-#### Thanks To
-
- - Bahtiyar Bircan
- - Ertuğrul Başaranoğlu
+- [Patator](https:/lanjelot/patator) - A multi-purpose brute-forcer for protocols that are not supported by Crowbar
+- [Debian OpenSSL Predictable PRNG](https:/g0tmi1k/debian-ssh) - Weak predictable SSH keys for Debian based systems (2011)
+- [ssh-badkeys](https:/rapid7/ssh-badkeys) - A collection of static private SSH keys

crowbar.py

@@ -1,24 +1,23 @@
-#!/usr/bin/env python
-
+#!/usr/bin/env python2
 
 try:
- from lib.main import Main
- from lib.core.exceptions import CrowbarExceptions
+ from lib.main import Main
+ from lib.core.exceptions import CrowbarExceptions
 except Exception, err:
  import sys
  print >> sys.stderr, err
  sys.exit(1)
- 
+
 ##
-### Main 
+### Main
 ##
 
 if __name__ == "__main__":
 
- try:
-  crowbar = Main()
-  crowbar.run(crowbar.args.brute)
- except Exception, err:
-  import sys
-  print >> sys.stderr, err
-  sys.exit(1)
+ try:
+  crowbar = Main()
+  crowbar.run(crowbar.args.brute)
+ except Exception, err:
+  import sys
+  print >> sys.stderr, err
+  sys.exit(1)

lib/core/common.py

@@ -1,9 +1,9 @@
 class bcolors:
- OKBLUE = '\033[94m'
- OKGREEN = '\033[92m'
- ENDC = '\033[0m'
+ OKBLUE = '\033[94m'
+ OKGREEN = '\033[92m'
+ ENDC = '\033[0m'
 
- def disable(self):
- self.OKBLUE = ''
- self.OKGREEN = ''
- self.ENDC = ''
+ def disable(self):
+ self.OKBLUE = ''
+ self.OKGREEN = ''
+ self.ENDC = ''

lib/core/exceptions.py

@@ -1,8 +1,6 @@
-
 class CrowbarExceptions(Exception):
- def __init__(self, err_mess):
- self.err = err_mess
-
- def __str__(self):
- return self.err
+ def __init__(self, err_mess):
+ self.err = err_mess
 
+ def __str__(self):
+ return self.err