galkan / crowbar Goto Github PK

I'm trying rdp my other PC with valid data and I'm getting a no results message.

First I setup the rdp scanner on msfconsole and then run the following.

./crowbar.py --server "Target-IP" -b rdp -u admin -c 0

./crowbar.py --server "Target-IP" -b rdp -u admin -c false

• I tried using -u admin , and my actual PC ID to see if the results changes. It didn't.
  Also, what if the target, in this case my PC does not have a password? For the passwd a set -c 0 , and also tried -c false

here's the results...

2022-08-30 15:49:56 START
2022-08-30 15:49:56 Crowbar v0.4.3-dev
2022-08-30 15:49:56 Trying "Target-IP"
2022-08-30 15:49:57 STOP
2022-08-30 15:49:57 No results found...

I'm definitely missing something or doing something wrong.
Any suggestion?

python ./crowbar.py -b openvpn -s 192.168.XXX.YYY/32 -p 8443 -m ./conf.ovpn -k cert.crt -u USER -c PASSt -v
2015-09-13 18:59:32 START
2015-09-13 18:59:32 LOG-OPENVPN: 192.168.XXX.YYY:USER- PASS:/tmp/tmpSckaKi
2015-09-13 18:59:32 STOP
No result is found ...

I am certain that the user and password are correct.
So I assume the error is in the crt or ovpn file
Please give hints for further debuging or the option for more verbose output

cat ./conf.ovpn
client
dev tap
proto tcp
remote 192.168.XXX.YYY 8443

auth-user-pass
resolv-retry infinite
persist-key
persist-tun
comp-lzo yes
verb 3

cat cert.crt

-----BEGIN CERTIFICATE-----
SNIP
-----END CERTIFICATE-----

Hi. Scanning with rdp module for Windows Server 2003 every single user:pass combination leads to a "successfull login" allthough login is invalid. You can't filter the WS2003 from other windows version.

Thank you for this tool.
I had an issue with -S command. There is a file with list of IP's for example:
40.96.10.97/32
40.96.10.98/32
40.96.10.99/32
40.96.10.100/32
40.96.10.101/32
40.96.10.104/32
40.96.10.113/32
But it doesn't work, error is - WARNING: No targets were specified, so 0 hosts scanned.

Full command looks like "./crowbar.py -b rdp -S /home/wiff/Desktop/RDP/forbrute/ip -U /home/wiff/Desktop/RDP/forbrute/login -C /home/wiff/Desktop/RDP/forbrute/pass -d"

with -U File and -C file it works good.

Maybe there should be some special kind of IP list ?

I am working on a box that is vulnerable to CVE-2008-0166. Crowbar fails when iterating over a list of keys, but works when given the key directly. This issue relates to a box in a lab so I must omit some info.

crowbar -b sshkey -s 10.1.1.1/32 -u user -k delme -vv -n 1
2018-09-24 10:13:38 START
2018-09-24 10:13:38 Crowbar v0.3.5-dev
2018-09-24 10:13:38 Brute Force Type: sshkey
2018-09-24 10:13:38 Output File: crowbar.out
2018-09-24 10:13:38 Log File: crowbar.log
2018-09-24 10:13:38 Discover Mode: False
2018-09-24 10:13:38 Verbose Mode: 2
2018-09-24 10:13:38 Debug Mode: False
2018-09-24 10:13:38 Trying 10.1.1.1:22
2018-09-24 10:13:38 LOG-SSH: 10.1.1.1:22 - user:delme/fff7c17579cdd3eead443fdcf5afd99f-7155:10
2018-09-24 10:13:39 LOG-SSH: 10.1.1.1:22 - user:delme/fff89cb8c06a76685805116ecf18540f-4011:10
2018-09-24 10:13:39 LOG-SSH: 10.1.1.1:22 - user:delme/fff0a62ab322540e196ddc1c7d01b70a-10480:10
2018-09-24 10:13:39 LOG-SSH: Skipping Public Key - delme/id_del.pub
2018-09-24 10:13:40 LOG-SSH: 10.1.1.1:22 - user:delme/fffd9dbef2ed8d1edca5886810e79692-3708:10
2018-09-24 10:13:40 LOG-SSH: 10.1.1.1:22 - user:delme/fffdcbd2e868eb3b470fc7d2f027281b-17828:10
2018-09-24 10:13:41 LOG-SSH: 10.1.1.1:22 - user:delme/id_del:10
2018-09-24 10:13:41 LOG-SSH: 10.1.1.1:22 - user:delme/ffff3deee93bffa75796343739ab035b-23195:10
2018-09-24 10:13:42 LOG-SSH: 10.1.1.1:22 - user:delme/fff981bda97d6e867ae1b82d2f2c3c37-2194:10
2018-09-24 10:13:42 LOG-SSH: 10.1.1.1:22 - user:delme/fffc345a2645384066c0a295de0c5e52-15968:10
2018-09-24 10:13:43 LOG-SSH: 10.1.1.1:22 - user:delme/fffe87765dc2bdc2ba3df57166fb5d1c-9581:10
2018-09-24 10:13:43 LOG-SSH: 10.1.1.1:22 - user:delme/fff4a9d9faabb6fd6f474111ed2c4621-23504:10
2018-09-24 10:13:44 LOG-SSH: 10.1.1.1:22 - user:delme/f1fb2162a02f0f7c40c210e6167f05ca-16858:10
2018-09-24 10:13:44 STOP
2018-09-24 10:13:44 No results found...

Yet this will succeed

crowbar -b sshkey -s 10.1.1.1/32 -u user -k delme/fffc345a2645384066c0a295de0c5e52-15968 -vv -n 1
2018-09-24 10:13:59 START
2018-09-24 10:13:59 Crowbar v0.3.5-dev
2018-09-24 10:13:59 Brute Force Type: sshkey
2018-09-24 10:13:59 Output File: crowbar.out
2018-09-24 10:13:59 Log File: crowbar.log
2018-09-24 10:13:59 Discover Mode: False
2018-09-24 10:13:59 Verbose Mode: 2
2018-09-24 10:13:59 Debug Mode: False
2018-09-24 10:13:59 Trying 10.1.1.1:22
2018-09-24 10:13:59 LOG-SSH: 10.1.1.1:22 - user:delme/fffc345a2645384066c0a295de0c5e52-15968:10
2018-09-24 10:13:59 SSH-SUCCESS: 10.1.1.1:22 - user:delme/fffc345a2645384066c0a295de0c5e52-15968
2018-09-24 10:13:59 STOP

As you can see, the first pass attempted this key and failed. Yet when going directly to the key, it works. Is this a problem with my method or crowbar?

Thanks

root@NLDW2-GB3:~/ok# crowbar
/usr/local/lib/python3.11/dist-packages/paramiko/transport.py:219: CryptographyDeprecationWarning: Blowfish has been deprecated
"class": algorithms.Blowfish,
usage: Usage: use --help for further information
crowbar.py: error: the following arguments are required: -b/--brute

have any suggestion? , have paramiko==2.7.1

iam having this error
not enough arguments for format string
python3 crowbar.py -b rdp -s 192.168.2.250/32 -u localuser -C /user/share/nmap/nselib/data/passwords.list

Can this tool work on Windows if Python is installed? or it requires OpenSSH too?

2022-12-28 11:01:05 START
2022-12-28 11:01:05 Crowbar v0.4.3-dev
2022-12-28 11:01:05 Trying 192.168.235.129:3389
2022-12-28 11:01:05 STOP
2022-12-28 11:01:05 No results found...

Even if the password is correct

I started RDP bruteforce , after a few time this error shows up :

2017-10-17 07:52:12 LOG-RDP: 2.104.6.251:3389
2017-10-17 07:52:12 LOG-RDP: 2.104.6.251:3389
2017-10-17 07:52:12 LOG-RDP: 2.104.6.251:3389
2017-10-17 07:52:12 LOG-RDP: 2.104.6.251:3389
2017-10-17 07:52:12 LOG-RDP: 2.104.6.251:3389
2017-10-17 07:52:12 LOG-RDP: 2.104.6.251:3389
2017-10-17 07:52:12 LOG-RDP: 2.104.6.251:3389
2017-10-17 07:52:12 LOG-RDP: 2.104.6.251:3389
2017-10-17 07:52:12 LOG-RDP: 2.104.6.251:3389
2017-10-17 07:52:12 LOG-RDP: 2.104.6.251:3389
2017-10-17 07:52:12 LOG-RDP: 2.104.6.251:3389
2017-10-17 07:52:12 LOG-RDP: 2.104.6.251:3389
2017-10-17 07:52:12 LOG-RDP: 2.104.6.251:3389
2017-10-17 07:52:12 LOG-RDP: 2.104.6.251:3389
2017-10-17 07:52:12 LOG-RDP: 2.104.6.251:3389
File: /root/Pictures/pass.txt doesn't exists

pass.txt is in Pictures directory :|||

Hello,
Python 2.x will no longer be supported by their upstream developers in 2020. Thus Debian developers are actively removing Python 2 support in Debian Testing with the goal of getting rid of Python 2 in Debian 11 (bullseye).
Kali is tracking Debian Testing and is thus affected by this. You should consider to switch crowbar to Python 3.

FWIW this is tracked in https://gitlab.com/kalilinux/packages/crowbar/issues/1 on the Kali side.

First of all, congratulations to the script and to spread it in the community. It's fantastic!

I created a post, in Portuguese from Brazil, in my blog about your script (Crowbar). My intention is to spread knowledge and present to the Brazilian public its excellent tool. If at any time you can reference my post, I will be very happy!

When you have news on new tools and scripts, let me know!

Best regards,

./crowbar.py -b sshkey -s 192.168.2.105/32 -u root -k /root/.ssh/id_rsa Failure to blast，useing ssh -i id_rsa 192.168.2.105 Successful landing. id_rsa Empty password

/home/kali/.local/lib/python3.11/site-packages/paramiko/transport.py:219: CryptographyDeprecationWarning: Blowfish has been deprecated
"class": algorithms.Blowfish,
2023-05-18 02:24:51 START

how to set ?
i try all .
to run in in python2.7 ?

In rdp. Whenever i try it every try is showing as success.😶

 $ ./crowbar.py -b rdp -u admin -s 10.11.0.22/32 -n 4 -C /usr/share/wordlists/rockyou.txt
2020-05-15 00:46:28 START
2020-05-15 00:46:28 Crowbar v0.4.2-dev
2020-05-15 00:46:28 Trying 10.11.0.22:3389
File: /usr/share/wordlists/rockyou.txt doesn't exists

$ head /usr/share/wordlists/rockyou.txt 
123456
12345
123456789
password
iloveyou
princess
1234567
rockyou
12345678
abc123

 $ ls -la /usr/share/wordlists/rockyou.txt 
-rw-rw-rw- 1 kali kali 139921507 Jul 17  2019 /usr/share/wordlists/rockyou.txt

Is this a bug or am I doing something wrong?

launching :
crowbar -b rdp -s 192.168.0.15/32 -u IEUser -C /usr/share/wordlists/rockyou.txt
result:
2020-08-22 17:55:31 START
2020-08-22 17:55:31 Crowbar v0.4.1
2020-08-22 17:55:31 Trying 192.168.0.15:3389
File: /usr/share/wordlists/rockyou.txt doesn't exists

does anyone has experimenting the same issue?

Hi there,

In order to be more broad at RDP brute forcing, i've made the following mods in my main.py file:

    def rdplogin(self, ip, user, password, port):
        rdp_cmd = "%s /v:%s /port:%s /u:%s /p:%s /cert-ignore /sec:rpd +auth-only" % 

either /sec:rdp or /sec:tls

Maybe this could be implemented as a parameter ?
Would be neat !!

Thanks for this tool, really like it!

Cheers,
0buno

Hello community.
I'm not being able to reproduce a crowbar test with a actual and functional password.
is there a format list to be using?
here is my command
sudo ./crowbar.py -b rdp -s 192.168.0.xx/32 -u xxxxxx -C /home/ramaz/share/words.txt

and my file contains the following:

duiohdfdf
fds
fsd
fsdf
senha13462
sdf
sdfgjsdigjdfg
dfg
fdss

Hi,

Great tool, love it.

Would be nice if you supported usernames in the domain\username format as well as usernames that contain a space. It appears that domain\username becomes domainusername unless you encapsulate it in single quote marks.

However in the brief testing I have performed here passing known good credentials in the domain\username format encapsulated with single quotes seems to always result in a 'No result is found error'.

As always - could be me being an idiot. Never discount that possibility!

Hello, please add function to import user:pass list in 1 file , in openvpn

Hi!
Tool not working at least with RDP - tested with valid credentials.
Any help would be appreciated. Thanks!

On version 0.3.6 & version 0.4.0 the RDP brute force doesn't function as expected, even when providing correct credentials it shows "no results found": In following paste the correct credentials should be admin/lab:

kali@kali:~/Downloads/crowbar-4.0$ sudo ./crowbar.py -b rdp -s 192.168.X.X/32 -u admin -C ~/passwords.txt -n 1 -D -vv
2020-04-12 16:02:37 START
2020-04-12 16:02:37 Crowbar v0.4.0
2020-04-12 16:02:37 Brute Force Type: rdp
2020-04-12 16:02:37 Output File: /home/kali/Downloads/crowbar-4.0/crowbar.out
2020-04-12 16:02:37 Log File: /home/kali/Downloads/crowbar-4.0/crowbar.log
2020-04-12 16:02:37 Discover Mode: False
2020-04-12 16:02:37 Verbose Mode: 2
2020-04-12 16:02:37 Debug Mode: True
2020-04-12 16:02:37 Trying 192.X.X.10:3389
2020-04-12 16:02:37 CMD: /usr/bin/xfreerdp /v:192.X.X.10 /port:3389 /u:admin /p:test /cert-ignore +auth-only
2020-04-12 16:02:37 LOG-RDP: 192.X.X.10:3389 - admin:test
2020-04-12 16:02:37 b'[16:02:37:924] [24601:24602] [ERROR][com.freerdp.core] - freerdp_set_last_error ERRCONNECT_LOGON_FAILURE [0x00020014]'
2020-04-12 16:02:37 CMD: /usr/bin/xfreerdp /v:192.X.X.10 /port:3389 /u:admin /p:troll /cert-ignore +auth-only
2020-04-12 16:02:37 LOG-RDP: 192.X.X.10:3389 - admin:troll
2020-04-12 16:02:38 b'[16:02:38:744] [24607:24608] [ERROR][com.freerdp.core] - freerdp_set_last_error ERRCONNECT_LOGON_FAILURE [0x00020014]'
2020-04-12 16:02:38 CMD: /usr/bin/xfreerdp /v:192.X.X.10 /port:3389 /u:admin /p:password /cert-ignore +auth-only
2020-04-12 16:02:38 LOG-RDP: 192.X.X.10:3389 - admin:password
2020-04-12 16:02:39 b'[16:02:39:562] [24613:24614] [ERROR][com.freerdp.core] - freerdp_set_last_error ERRCONNECT_LOGON_FAILURE [0x00020014]'
2020-04-12 16:02:39 CMD: /usr/bin/xfreerdp /v:192.X.X.10 /port:3389 /u:admin /p:lab /cert-ignore +auth-only
2020-04-12 16:02:39 LOG-RDP: 192.X.X.10:3389 - admin:lab
2020-04-12 16:02:41 b'[16:02:41:308] [24619:24620] [ERROR][com.freerdp.core] - Authentication only, exit status 0'
2020-04-12 16:02:41 CMD: /usr/bin/xfreerdp /v:192.X.X.10 /port:3389 /u:admin /p:keekeo /cert-ignore +auth-only
2020-04-12 16:02:41 LOG-RDP: 192.X.X.10:3389 - admin:keekeo
2020-04-12 16:02:42 b'[16:02:42:132] [24625:24626] [ERROR][com.freerdp.core] - freerdp_set_last_error ERRCONNECT_LOGON_FAILURE [0x00020014]'
2020-04-12 16:02:42 STOP
2020-04-12 16:02:42 No results found...

hi i am getting error:
FILE: /usr/share/rockyou.txt doesn't exist

./crowbar.py --server 172.16.2.100/32 -b rdp -u administrator -C /home/kali/Src/crowbar/passwords.txt
2022-05-26 07:43:25 START
2022-05-26 07:43:25 Crowbar v0.4.3-dev
2022-05-26 07:43:25 Trying 172.16.2.100:3389
2022-05-26 07:43:26 RDP-SUCCESS : 172.16.2.100:3389 - administrator:letmein
2022-05-26 07:43:26 RDP-SUCCESS : 172.16.2.100:3389 - administrator:PassW0rd123
2022-05-26 07:43:26 STOP

So the correct password is PassW0rd123 - any ideas when I am getting letmein?

sudo python crowbar.py -b rdp -S /home/jay/Documents/scripts/QuickScan/mass-scan/BruteForcing/RDP_list.txt -u Administrator -C pass.txt -v

and get that error and i tried putting /24 on the ip address in list and it still fails also tried putting it after the list file in script why dont it automate the /24 and how do i solve this issue?

┌──(root㉿r00t)-[/home/jamy/Downloads/lazy-rdp/crowbar]
└─# python3 crowbar.py -b rdp -s 144.76.0.0/16 -d -o /home/jamy/Downloads/lazy-rdp/3389_0ut.txt -u administrator -C /usr/share/wordlists/metasploit/password.lst -p 3389 -v -D
2022-02-27 21:53:31 START
2022-02-27 21:53:31 Crowbar v0.4.3-dev
2022-02-27 21:53:31 Brute Force Type: rdp
2022-02-27 21:53:31 Output File: /home/jamy/Downloads/lazy-rdp/3389_0ut.txt
2022-02-27 21:53:31 Log File: /home/jamy/Downloads/lazy-rdp/crowbar/crowbar.log
2022-02-27 21:53:31 Discover Mode: True
2022-02-27 21:53:31 Verbose Mode: 1
2022-02-27 21:53:31 Debug Mode: True
2022-02-27 21:53:31 Discovery mode - port scanning: 144.76.0.0/16
2022-02-27 22:00:11 Trying 144.76.0.4:3389
Error: 'utf-8' codec can't decode byte 0xe9 in position 1667: invalid continuation byte

when I use "python3 crowbar.py -b openvpn -s 172.16.1.2/32 -p 1194 -m /root/WWW/vpn/client.ovpn -U /root/WWW/vpn/userlist -c 123456"

response:
2020-06-21 03:35:44 START
2020-06-21 03:35:44 Crowbar v0.4.1
OpenVPN requires super user privileges

Testing it locally on Ubuntu 20.04
freerdp2-x11 is installed

./crowbar.py -b rdp -s 192.168.1.15/32 -U ./users.txt -C ./pass.txt
2022-09-11 00:39:17 START
2022-09-11 00:39:17 Crowbar v0.4.3-dev
2022-09-11 00:39:17 Trying 192.168.1.15:3389

Nothing happens next.
Correct user and password combination is 100% present in this files.
not even a single error.
It it even works?

Amazing tool, thank you! :)

Why does the tool only detect Administrative credentials? It didn't detect the "admin" one initially, it only detected it when I later added it into Administrators?
.
https://imgur.com/a/edPgx81
.
During the bruteforce I could easily see that while bruteforcing, there was a 4624 Successful Login from "admin"

I've Googled but couldn't find an answer. I tried NLBrute and same result.. so maybe you could help me understand here?

Hello, I´ve Python Version 2.6 & 2.7 && ruby 1.9.3p551 (2014-11-13) [i386-mingw32] && perl 5, version 14, subversion 2 in Windows x64 installed.
SSH-Putty-Version: plink: Release 0.63.

By running crowbar i´ll get a short error Message:
No module named Crypto.PublicKey

Then i´ve installed openvpn, but the same error.

What does this errorMessage mean? How do i install the needed Dependencies in Windows x64?

Thx for your attention.

Here is a problem, crowbar does not show that login was ok
when i do test with the freerdp

xfreerdp /v:109.105.50.59 /port:3389 /u:Stana /p:stana /cert-ignore +auth-only
[16:37:45:116] [25027:25028] [INFO][com.freerdp.client.x11] - Authentication only. Don't connect to X.
[16:37:46:891] [25027:25028] [ERROR][com.freerdp.core] - Authentication only, exit status 0
[16:37:46:891] [25027:25028] [ERROR][com.freerdp.client.x11] - Authentication only, exit status 0

And the crowbar shows

./crowbar.py -b rdp -s 109.105.50.59/32 -u Stana -c stana -vv
2016-05-06 16:31:47 START
2016-05-06 16:31:47 Crowbar v0.3.5-dev
2016-05-06 16:31:47 Brute Force Type: rdp
2016-05-06 16:31:47      Output File: /home/wiff/crowbar/crowbar.out
2016-05-06 16:31:47         Log File: /home/wiff/crowbar/crowbar.log
2016-05-06 16:31:47    Discover Mode: False
2016-05-06 16:31:47     Verbose Mode: 2
2016-05-06 16:31:47       Debug Mode: False
2016-05-06 16:31:47 Trying 109.105.51.59:3389
2016-05-06 16:31:47 CMD: /usr/bin/xfreerdp /v:109.105.50.59 /port:3389 /u:Stana /p:stana /cert-ignore +auth-only
2016-05-06 16:31:47 LOG-RDP: 109.105.50.59:3389 - Stana:stana
2016-05-06 16:31:47 STOP
2016-05-06 16:31:47 No results found...

I liked your tool, it's cool. Sorry for my english

root@kalix64:~/htb/target/crowbar# ./crowbar.py -b sshkey -s targetip/32 -u user -k /root/htb/target/id_rsa -C /root/htb/target/rockyou-55.txt -D -v
2019-08-09 12:50:08 START
2019-08-09 12:50:08 Crowbar v0.3.5-dev
2019-08-09 12:50:08 Brute Force Type: sshkey
2019-08-09 12:50:08 Output File: /root/htb/target/crowbar/crowbar.out
2019-08-09 12:50:08 Log File: /root/htb/target/crowbar/crowbar.log
2019-08-09 12:50:08 Discover Mode: False
2019-08-09 12:50:08 Verbose Mode: 1
2019-08-09 12:50:08 Debug Mode: True
2019-08-09 12:50:08 Trying 10.10.10.17:22
2019-08-09 12:50:08 LOG-SSH: 10.10.10.17:22 - user:/root/htb/target/id_rsa:10
2019-08-09 12:50:11 STOP
2019-08-09 12:50:11 No results found...

Confirmed that nothing happens by using tcpdump

root@kalix64:~/htb/target# tcpdump port 22 and dst targetip
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes

Did a fresh live install of kali and confirmed the issue still exists there too

Unlike what mentioned in the readme, OpenVPN brute force does not work when configured in TCP. No issue in UDP.
There should be a flag to specify which protocole is used UDP or TCP.

You have a great tool, could you add support to Kali Linux distro it appears the issue is with your bin path for freerdp.

1. Please add function to stop attacking target once valid password found. By default it continues scan target against all wordlist.
2. If possible add function to scan ip list without CIDR notation e.g. /32
3. Does -t (timeout) option work ? I tried -t 1....10 and it just hangs on dead host, no matter if -t specified or not.
   Expecting behavior:
   a) if one host - exit after timeout
   b) if multiple hosts - skip dead and continue.

I have a file with the password related to server to be scan or brute force but it looks like that the command don't recognize it and I got nothing like that
─$ sudo ./crowbar.py --server 192.168.1.79/32 -b rdp -u roger -C /usr/share/nmap/nselib/data/passwords.lst 2021-03-29 13:52:46 START 2021-03-29 13:52:46 Crowbar v0.4.3-dev 2021-03-29 13:52:46 Trying 192.168.1.79:3389 2021-03-29 13:54:21 STOP 2021-03-29 13:54:21 No results found...
But the password is there in that file
let me know how to fix it
Thanks

i try to use my custom ip list . get this error :
Invalid IP Address! Please use IP/CIDR notation <192.168.37.37/32, 192.168.1.0/24>

dot have this option for ip list ?

Hello,
freerdp-x11 has been removed from Debian Testing (debian 10) and from Kali-rolling (as it's based on Debian testing).
It's replaced by freerdp2-x11 (see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890928).
You should update the README.md accordingly and maybe update crowbar if needed.
Thanks.

A new method rdplogin. When users and hosts are already known, only need to brute force the password.

I'am not yet tried the tool, but played a little bit with Windows XP with RDP on, and status is always returned as 0 no matter if I provided working user:password pair. I used latest source code atm to build binaries on windows 7. Is there a solution that help to certain determine status of authentication?

This is a great tool. I've used it extensively on a poor 4G LTE connection for brute-forcing SSH keys and had two problems:

1. The tool does not show me when running how many keys have been tested and how many are left. So, I suggest adding counters so that it shows such information (e.g. key 5002 being tested... key 5003 being tested).
2. The tool does not continue from last tested key. I highly suggest that the tool maintain a list of tested keys and then in case of connection loss, it can continue from last tested key.

Thanks.

Needs an argument added where if connection has been confirmed successful to stop brute forcing the same IP address (could be only for -S and not -s)
Many RDPs have Passwordless RDP and then Login screen - output file 500.000lines for same ip and whole password list doesn't look too good

Hello,

If there are UTF-8 characters in the wordlist(rockyou.txt), the application gives the following error;

Error: 'utf-8' codec can't decode byte 0xf1 in position 5079963: invalid continuation byte

When using -U (a directory with usersnames) it only uses the last private key in the directory in alfabetical order. Manually setting the username with -u makes it work again.

Used parameters:
python ~/crowbar/crowbar.py -n 5 -t 7 -b sshkey -U users -k ~/ssh-privatekeys/keys/ -S hosts
crowbar.log compare (first -u then the log with -U)

Doesn't install

The referenced nmap python package in requirements.txt has nothing to do with the port scanner; See: https://pypi.org/project/nmap/ .

The test to see if either the binary is present in https://github.com/galkan/crowbar/blob/c2d8da1db2d5ce57c8984f92e4a177075cd5d47c/lib/nmap.py#L19-L28 could be simplified (as imported the nmap from pip is certainly of no help).

./crowbar.py
/usr/lib/python3/dist-packages/nacl/_sodium.abi3.so: undefined symbol: crypto_pwhash_scryptsalsa208sha256_bytes_max