Beleth

Beleth is a fast multi-threaded SSH password auditing tool. Per some internet websites, it out performs Ncrack and THC-Hydra in speed.

Source:
$ git clone https://github.com/chokepoint/Beleth.git
$ cd beleth
$ make

Usage: ./beleth [OPTIONS]
-c [payload] Execute payload on remote server once logged in
-h Display this help
-l [threads] Limit threads to given number. Default: 4
-p [port] Specify remote port
-t [target] Attempt connections to this server
-u [user] Attempt connection using this username
-v -v (Show attempts) -vv (Show debugging)
-w [wordlist] Use this wordlist. Defaults to wordlist.txt

Example:
$ ./beleth -l 15 -t 127.0.0.1 -u stderr -w wordlist.txt
+-----------------------------------------+
| Beleth |
| www.chokepoint.net |
+-----------------------------------------+
[*] Read 25 passwords from file.
[*] Starting task manager
[*] Spawning 15 threads
[*] Starting attack on root@127.0.0.1:22
[*] Authentication succeeded (root:jesus@127.0.0.1:22)
[*] Executing: uname -a
[*] Linux eclipse 3.2.0-4-686-pae #1 SMP Debian 3.2.46-1+deb7u1 i686 GNU/Linux
[*] Cleaning up child processes.

Multi-threaded design
There are a couple of different options available for developers when coming up with multi-threaded design on Linux based systems using C. Two of the most popular are fork() and pthread_create(). Fork() differs from pthread_create() in that address space is not shared between the parent and child threads. Instead, a complete copy of the parent's address, code, and stack spaces are created for the child process. In order to keep dependencies to a minimum, I decided to go with a standard fork design.

Inter-process Communication (IPC)
Again, there are many options for developers when it comes to IPC as well. Below is a list of only some of the available options.
Shared Memory
FIFOs
Half-Duplex Pipes
Full-Duplex Pipes
Sockets

We are using fork() so memory sharing is not an immediate option, unless we feel like mmap()ing a shared memory space for communication, but that can get messy. FIFOs and pipes would work for distributing the wordlist among threads, but in order to keep options open Beleth uses Unix Domain Sockets for all IPC. By designing IPC with sockets, it would be trivial to turn Beleth into a distributed cracking platform.

The protocol is simple and based on the following definitions located in beleth.h.
/* IPC Protocol Header Information */
#define REQ_PW 0x01 /* Request new password to try */
#define FND_PW 0x02 /* Found password */
#define NO_PW 0x03 /* No PWs left... cleanup */

To-do list
Add option for user name list
Add option for host list
Add simple port scanner and feed new IPs to the task handler
Add distributed cracking support