authfinder 1.0.0__tar.gz → 1.1.0__tar.gz

{authfinder-1.0.0 → authfinder-1.1.0}/PKG-INFO

@@ -1,7 +1,7 @@
 Metadata-Version: 2.4
 Name: authfinder
-Version: 1.0.0
-Summary: Execute commands across Windows systems using multiple RCE methods (WinRM, SMB, WMI, RDP, SSH, MSSQL)
+Version: 1.1.0
+Summary: Execute commands across Windows and Linux systems using multiple RCE methods (WinRM, SMB, WMI, RDP, SSH, MSSQL)
 Author: Khael
 Project-URL: Homepage, https://github.com/KhaelK138/authfinder
 Project-URL: Repository, https://github.com/KhaelK138/authfinder
@@ -28,7 +28,7 @@ Dynamic: license-file
 
 # AuthFinder
 
-A tool for executing commands across multiple Windows systems using various remote execution methods. Automatically tries multiple techniques until one succeeds, based on return codes and output. Makes executing commands given credentials a hell of a lot easier.
+A tool for executing commands across Windows (and Linux) systems using various remote execution methods. Automatically tries multiple techniques until one succeeds, based on return codes and output. Makes executing commands given credentials a hell of a lot easier.
 
 Big thanks to NetExec, Impacket, and Evil-Winrm, as this tool just essentially acts as a wrapper around those (making it more of a script, I suppose).
 
@@ -45,6 +45,7 @@ Big thanks to NetExec, Impacket, and Evil-Winrm, as this tool just essentially a
   - MSSQL (Impacket)
 - **Multi-threaded**: Execute commands across multiple hosts simultaneously
 - **Automatic Pass-the-Hash**: Just paste the NTLM hash as the credential
+- **Linux Support**: Use `--linux` to attempt to run commands across linux machines instead, via SSH
 
 ## Installation
 
@@ -78,7 +79,7 @@ authfinder 192.168.1.10 administrator Password123 whoami
 # Execute across IP range of 192.168.1.1 to 192.168.1.50
 authfinder 192.168.1.1-50 admin Pass123 "net user"
 
-# Use hash instead of password
+# Use nthash instead of password
 authfinder 10.0.0.1-10 admin :{32-bit-hash} whoami
 ```
 
@@ -86,6 +87,7 @@ authfinder 10.0.0.1-10 admin :{32-bit-hash} whoami
 
 Supports various formats:
 - Single IP: `192.168.1.10`
+- Multi-IP: `192.168.1.15,17,29,153` 
 - Range: `192.168.1.1-254`
 - Multiple ranges: `10.0.1-5.10-20` (expands to all combinations)
 - File with IP ranges: `targets.txt`
@@ -100,7 +102,7 @@ Password123!
 admin
 Pass123
 backup_admin
-:aad3b435b51404eeaad3b435b51404ee
+:12345678123456781234567812345678
 ```
 
 Lines starting with `#` are treated as comments. For NT hashes, use them directly as the password.
@@ -117,6 +119,7 @@ Options:
   --timeout <seconds>     Command timeout in seconds (default: 15)
   --run-all               Run all tools instead of stopping at first success
   --skip-portscan         Skip port scanning and attempt all tools
+  --linux                 Enables Linux-only mode, which uses SSH and ignores other tools
 ```
 
 

{authfinder-1.0.0 → authfinder-1.1.0}/README.md

@@ -1,6 +1,6 @@
 # AuthFinder
 
-A tool for executing commands across multiple Windows systems using various remote execution methods. Automatically tries multiple techniques until one succeeds, based on return codes and output. Makes executing commands given credentials a hell of a lot easier.
+A tool for executing commands across Windows (and Linux) systems using various remote execution methods. Automatically tries multiple techniques until one succeeds, based on return codes and output. Makes executing commands given credentials a hell of a lot easier.
 
 Big thanks to NetExec, Impacket, and Evil-Winrm, as this tool just essentially acts as a wrapper around those (making it more of a script, I suppose).
 
@@ -17,6 +17,7 @@ Big thanks to NetExec, Impacket, and Evil-Winrm, as this tool just essentially a
   - MSSQL (Impacket)
 - **Multi-threaded**: Execute commands across multiple hosts simultaneously
 - **Automatic Pass-the-Hash**: Just paste the NTLM hash as the credential
+- **Linux Support**: Use `--linux` to attempt to run commands across linux machines instead, via SSH
 
 ## Installation
 
@@ -50,7 +51,7 @@ authfinder 192.168.1.10 administrator Password123 whoami
 # Execute across IP range of 192.168.1.1 to 192.168.1.50
 authfinder 192.168.1.1-50 admin Pass123 "net user"
 
-# Use hash instead of password
+# Use nthash instead of password
 authfinder 10.0.0.1-10 admin :{32-bit-hash} whoami
 ```
 
@@ -58,6 +59,7 @@ authfinder 10.0.0.1-10 admin :{32-bit-hash} whoami
 
 Supports various formats:
 - Single IP: `192.168.1.10`
+- Multi-IP: `192.168.1.15,17,29,153` 
 - Range: `192.168.1.1-254`
 - Multiple ranges: `10.0.1-5.10-20` (expands to all combinations)
 - File with IP ranges: `targets.txt`
@@ -72,7 +74,7 @@ Password123!
 admin
 Pass123
 backup_admin
-:aad3b435b51404eeaad3b435b51404ee
+:12345678123456781234567812345678
 ```
 
 Lines starting with `#` are treated as comments. For NT hashes, use them directly as the password.
@@ -89,6 +91,7 @@ Options:
   --timeout <seconds>     Command timeout in seconds (default: 15)
   --run-all               Run all tools instead of stopping at first success
   --skip-portscan         Skip port scanning and attempt all tools
+  --linux                 Enables Linux-only mode, which uses SSH and ignores other tools
 ```
 
 

authfinder-1.1.0/authfinder/__init__.py

@@ -0,0 +1,3 @@
+"""authfinder: Execute commands across Windows and Linux systems using multiple RCE methods"""
+
+__version__ = "1.1.0"

{authfinder-1.0.0 → authfinder-1.1.0}/authfinder/authfinder.py

@@ -19,6 +19,7 @@ OUTPUT = False
 RUN_ALL = False
 SKIP_PORTSCAN = False
 TOOLS_SPECIFIED = False
+LINUX_MODE = False
 
 VALID_TOOLS = ["winrm", "smbexec", "wmi", "ssh", "mssql", "psexec", "atexec", "rdp"]
 NXC_TOOLS = {"smbexec", "wmi", "ssh", "rdp"}
@@ -235,6 +236,9 @@ def build_cmd(tool, user, target, credential, command):
                 f"{NXC_CMD} wmi {target} -p {credential} -u \"{user}\" -x 'powershell -enc {b64}'")
 
     if tool == "ssh":
+        if LINUX_MODE:
+            b64 = base64.b64encode(command.encode("utf-8")).decode()
+            return f"{NXC_CMD} ssh {target} -p {credential} -u \"{user}\" -x 'echo {b64} | base64 -d | $0'{nxc_output_flag}"
         return f"{NXC_CMD} ssh {target} -p {credential} -u \"{user}\" -x 'powershell -enc {b64}'{nxc_output_flag}"
 
     if tool == "rdp":
@@ -327,6 +331,10 @@ def run_chain(user, ip, credential, command, tool_list=None):
                 else:
                     safe_print(f"  [-] For {ip}: {tool} failed.")
                 continue
+            if tool == "ssh" and 'Linux - Shell' in out and not LINUX_MODE:
+                safe_print(f"  \033[33m[!]\033[0m For {ip}: {tool} AUTHENTICATION succeeded as {user} with {credential}, but this seems like a Linux machine, so the command didn't run.")
+                safe_print("  \033[33m[!]\033[0m Use \033[33m--linux\033[0m to run command across Linux machines.")
+                continue
             if '[+]' in out and 'Executed command' not in out:
                 safe_print(f"  \033[33m[!]\033[0m For {ip}: {tool} AUTHENTICATION succeeded as {user} with {credential}, but seemingly failed to run command. Does the user have the necessary permissions?")
                 continue
@@ -335,9 +343,13 @@ def run_chain(user, ip, credential, command, tool_list=None):
                 safe_print(f"  [-] For {ip}: {tool} failed.")
                 continue
 
-        if tool == "mssql" and "ERROR" in out:
-            safe_print(f"  [-] For {ip}: {tool} failed.")
-            continue
+        if tool == "mssql":
+            if "The EXECUTE permission was denied" in out:
+                safe_print(f"  \033[33m[!]\033[0m For {ip}: {tool} AUTHENTICATION succeeded as {user} with {credential}, but seemingly failed to run command. Does the user have the necessary permissions?")
+                continue
+            if "ERROR" in out:
+                safe_print(f"  [-] For {ip}: {tool} failed.")
+                continue
 
         # one-shotting using evil-winrm results in a return code of 1
         if rc == 0 or (tool in ("winrm", "winrm-ssl") and rc == 1 and "NoMethodError" in out): 
@@ -406,6 +418,8 @@ def parse_args():
     parser.add_argument("--skip-portscan", action="store_true", help="Skip port scanning and attempt all tools")
     parser.add_argument("-f", "--file", metavar="CRED_FILE", help="Credential file (newline-separated user/password pairs)")
 
+    parser.add_argument("--linux", action="store_true", help="Linux-only mode - automates SSH, ignores other tools")
+
     parser.add_argument("ip_range", help="IP range (e.g., 192.168.1.1-254)")
     parser.add_argument("username", nargs="?", help="Username")
     parser.add_argument("credential", nargs="?", help="Password or NT hash")
@@ -417,7 +431,7 @@ def parse_args():
         parser.error("Cannot specify username/password when using -f")
 
     if not args.file and (not args.username or not args.credential):
-        parser.error("Must supply either -f FILE or username + credential")
+        parser.error("Must supply either -f FILE or username and credential")
 
     return args
 
@@ -434,7 +448,7 @@ def check_dependencies():
         IMPACKET_PREFIX = "impacket-"
     elif r2:
         IMPACKET_PREFIX = ""
-    else:
+    elif not LINUX_MODE:
         print("[-] impacket not found. Install with: pipx install impacket")
         sys.exit(1)
     
@@ -461,7 +475,7 @@ def check_dependencies():
         for d in os.listdir(base):
             if d.endswith("@evil-winrm"):
                 WINRM_CMD = f"{base}/{d}/wrappers/evil-winrm"
-    if not WINRM_CMD:
+    if not WINRM_CMD and not LINUX_MODE:
         print("[-] evil-winrm not found. Please install with gem install evil-winrm")
         sys.exit(1)
     
@@ -472,7 +486,7 @@ def impacket_cmd(tool):
     return f"{tool}.py"
 
 def main():
-    global VERBOSE, OUTPUT, MAX_THREADS, EXEC_TIMEOUT, RUN_ALL, SKIP_PORTSCAN, TOOLS_SPECIFIED
+    global VERBOSE, OUTPUT, MAX_THREADS, EXEC_TIMEOUT, RUN_ALL, SKIP_PORTSCAN, TOOLS_SPECIFIED, LINUX_MODE
 
     check_dependencies()
 
@@ -480,28 +494,17 @@ def main():
 
     VERBOSE = args.v
     OUTPUT = args.o
-    MAX_THREADS = args.threads
+    MAX_THREADS = args.threads if args.threads > 0 else 1
     EXEC_TIMEOUT = args.timeout
     RUN_ALL = args.run_all
     SKIP_PORTSCAN = args.skip_portscan
-
-    if args.tools:
-        tool_list = parse_tools_list(args.tools)
-        TOOLS_SPECIFIED = True
-        print(f"[*] Using tools: {', '.join(tool_list)}")
-    else:
-        tool_list = None
-
-    if args.skip_portscan:
-        print("\033[33m[!] Port scanning disabled (--skip-portscan). All tools will be attempted.\033[0m")
-
-    command = " ".join(args.command) if args.command else "whoami"
+    LINUX_MODE = args.linux
 
     if args.file:
         credential_list = load_credential_file(args.file)
     else:
         credential_list = [(args.username, args.credential)]
-    
+
     if args.ip_range.endswith('.txt'):
         ips = []
         with open(args.ip_range) as f:
@@ -512,12 +515,32 @@ def main():
     else:
         ips = parse_ip_range(args.ip_range)
 
+    if len(ips) < MAX_THREADS:
+        MAX_THREADS = len(ips)
+
     print(f"[*] Loaded {len(credential_list)} credential set(s)")
     print(f"[*] Processing {len(ips)} IPs with {MAX_THREADS} threads...")
+
+    if args.linux:
+        if args.tools:
+            print("\033[31m[!] Tools (--tools) cannot be specified alongside Linux-mode (--linux), as only SSH is supported. Continuing with SSH...\033[0m")
+        args.tools = "ssh"
+
+    if args.tools:
+        tool_list = parse_tools_list(args.tools)
+        TOOLS_SPECIFIED = True
+        print(f"[*] Using tools: {', '.join(tool_list)}")
+    else:
+        tool_list = None
+    
+    if args.skip_portscan:
+        print("\033[33m[!] Port scanning disabled (--skip-portscan). All tools will be attempted.\033[0m")
+
+    command = " ".join(args.command) if args.command else "whoami"
     
     if not OUTPUT:
         print("\033[33m[!] Output Disabled. Run with -o to see successful command output\033[0m")
-    else:
+    elif not LINUX_MODE:
         print("-" * 20)
         print("\033[33m[!] WARNING: Output Enabled. This WILL trip AV for certain tools\033[0m")
         print("-" * 20)

{authfinder-1.0.0 → authfinder-1.1.0}/authfinder.egg-info/PKG-INFO

@@ -1,7 +1,7 @@
 Metadata-Version: 2.4
 Name: authfinder
-Version: 1.0.0
-Summary: Execute commands across Windows systems using multiple RCE methods (WinRM, SMB, WMI, RDP, SSH, MSSQL)
+Version: 1.1.0
+Summary: Execute commands across Windows and Linux systems using multiple RCE methods (WinRM, SMB, WMI, RDP, SSH, MSSQL)
 Author: Khael
 Project-URL: Homepage, https://github.com/KhaelK138/authfinder
 Project-URL: Repository, https://github.com/KhaelK138/authfinder
@@ -28,7 +28,7 @@ Dynamic: license-file
 
 # AuthFinder
 
-A tool for executing commands across multiple Windows systems using various remote execution methods. Automatically tries multiple techniques until one succeeds, based on return codes and output. Makes executing commands given credentials a hell of a lot easier.
+A tool for executing commands across Windows (and Linux) systems using various remote execution methods. Automatically tries multiple techniques until one succeeds, based on return codes and output. Makes executing commands given credentials a hell of a lot easier.
 
 Big thanks to NetExec, Impacket, and Evil-Winrm, as this tool just essentially acts as a wrapper around those (making it more of a script, I suppose).
 
@@ -45,6 +45,7 @@ Big thanks to NetExec, Impacket, and Evil-Winrm, as this tool just essentially a
   - MSSQL (Impacket)
 - **Multi-threaded**: Execute commands across multiple hosts simultaneously
 - **Automatic Pass-the-Hash**: Just paste the NTLM hash as the credential
+- **Linux Support**: Use `--linux` to attempt to run commands across linux machines instead, via SSH
 
 ## Installation
 
@@ -78,7 +79,7 @@ authfinder 192.168.1.10 administrator Password123 whoami
 # Execute across IP range of 192.168.1.1 to 192.168.1.50
 authfinder 192.168.1.1-50 admin Pass123 "net user"
 
-# Use hash instead of password
+# Use nthash instead of password
 authfinder 10.0.0.1-10 admin :{32-bit-hash} whoami
 ```
 
@@ -86,6 +87,7 @@ authfinder 10.0.0.1-10 admin :{32-bit-hash} whoami
 
 Supports various formats:
 - Single IP: `192.168.1.10`
+- Multi-IP: `192.168.1.15,17,29,153` 
 - Range: `192.168.1.1-254`
 - Multiple ranges: `10.0.1-5.10-20` (expands to all combinations)
 - File with IP ranges: `targets.txt`
@@ -100,7 +102,7 @@ Password123!
 admin
 Pass123
 backup_admin
-:aad3b435b51404eeaad3b435b51404ee
+:12345678123456781234567812345678
 ```
 
 Lines starting with `#` are treated as comments. For NT hashes, use them directly as the password.
@@ -117,6 +119,7 @@ Options:
   --timeout <seconds>     Command timeout in seconds (default: 15)
   --run-all               Run all tools instead of stopping at first success
   --skip-portscan         Skip port scanning and attempt all tools
+  --linux                 Enables Linux-only mode, which uses SSH and ignores other tools
 ```
 
 

{authfinder-1.0.0 → authfinder-1.1.0}/pyproject.toml

@@ -4,8 +4,8 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "authfinder"
-version = "1.0.0"
-description = "Execute commands across Windows systems using multiple RCE methods (WinRM, SMB, WMI, RDP, SSH, MSSQL)"
+version = "1.1.0"
+description = "Execute commands across Windows and Linux systems using multiple RCE methods (WinRM, SMB, WMI, RDP, SSH, MSSQL)"
 readme = "README.md"
 authors = [
     {name = "Khael"}

authfinder-1.0.0/authfinder/__init__.py

@@ -1,3 +0,0 @@
-"""authfinder: Execute commands across Windows systems using multiple RCE methods"""
-
-__version__ = "1.0.0"