SSB=simple subdomain bruteforcer

SSB Tries to find subdomains for a domain and scan them for ports/services. When SSB has identified all of the services the subdomain is running, it will then scan the services for common misconfigurations and credentials.

SSB scans the subdomains for the most common ports and services i've seen in the wild.

Update: Mark_v0: Scans for ports in the found subdomains.

Update: Mark_v3: SSH Bruteforce added and ftp threads increased, problems with report generating solved.

Update: Mark_v5: Mysql, Smb, Telnet bruteforce added, rpcbind program lister added, errors now shown in cyan instead of red and SSB can now automatically use sublist3r to scan for subdomains.

Update: Mark_v6: Added HTTP Method detection and PARAMIKO transport.py will get overwritten to prevent error pop ups that would flood the screen if not mitigated (And yes, from my research, updating the actual library is the only way to control the exceptions that are made INSIDE the module)

I started this project on 2.2.2022

pip3 install requests

pip3 install termcolor

pip3 install ftplib

pip3 install paramiko

sudo apt-get install libmariadb3 libmariadb-dev

pip3 install mariadb

pip3 install smbprotocol

pip3 install telnetlib

And you're done, now just launch the app using PYTHON3

python3 ssb.py

Mysql Bruteforce

SSH Bruteforce

FTP Anonymous Account Check

FTP Bruteforce

Smb Anonymous Account Check

Smb Bruteforce

Http/Https File Discovery

Http/Https Method Scan

Telnet Bruteforce

Rpcbind Process Lister

+Uses DNS resolving instead of a port specific or ping scan.

-DNS is slower than using the port scanning method.

+Validates HTTP and HTTPS ports by actually making a request instead of relying off the fact that it is open (many http/https ports that i've seen in the wild are timeouts)

-+Easy to use so that it is fast for pen-testers but also script kiddies can operate this which is bad (Unlike nmap which needs flags to be set right)...

+Automatically scans subdomains without having the need for the hassle of scanning subdomains, making a list, nmap scanning them.

+Does ftp/smb anonyous account checks.

+Reasonable timeouts so you won't have to worry about "Is it even doing anything?/Did it feeze?" because it proceeds to another scan automatically if another one times out.