briansunter/ssh-check.sh

## ssh-check.sh
#!/bin/sh
# SSH Login Checker - Works on any Linux
# Usage: ./ssh-check.sh <ip> [user] [password]

IP="$1"; USER="${2:-root}"; PASS="$3"
[ -z "$IP" ] && echo "Usage: $0 <ip> [user] [password]" && exit 1

if [ -n "$PASS" ]; then
    RUN="sshpass -p '$PASS' ssh -o StrictHostKeyChecking=no $USER@$IP"
else
    RUN="ssh -o StrictHostKeyChecking=no -o BatchMode=yes $USER@$IP"
fi

# Detect log file
LOG=$(eval "$RUN 'test -f /var/log/secure && echo /var/log/secure || echo /var/log/auth.log'" 2>/dev/null)

echo "=== SSH Check: $IP ==="
echo "--- SUMMARY ---"

# Get stats
eval "$RUN \"grep -c 'Failed password' $LOG 2>/dev/null || echo 0\"" | xargs printf "Failed: %s | "
eval "$RUN \"grep -c 'Accepted' $LOG 2>/dev/null || echo 0\"" | xargs printf "Success: %s | "
eval "$RUN \"grep 'Failed password' $LOG 2>/dev/null | awk '{for(i=1;i<=NF;i++) if(\\\$i ~ /^[0-9]+\\\\.[0-9]+\\\\.[0-9]+\\\\.[0-9]+/) print \\\$i}' | sort -u | wc -l\"" | xargs printf "IPs: %s | "
eval "$RUN \"grep 'Failed password' $LOG 2>/dev/null | grep '\$(date +%H):' | wc -l\"" | xargs printf "Last hour: %s\n"

echo ""
echo "--- TOP ATTACKERS ---"
eval "$RUN \"grep 'Failed password' $LOG 2>/dev/null | awk '{for(i=1;i<=NF;i++) if(\\\$i ~ /^[0-9]+\\\\.[0-9]+\\\\.[0-9]+\\\\.[0-9]+/) print \\\$i}' | sort | uniq -c | sort -rn | head -5\""

echo ""
echo "--- TOP USERNAMES ---"
eval "$RUN \"grep 'Failed password' $LOG 2>/dev/null | grep -o 'for .* from' | awk '{if(\\\$2==\\\"invalid\\\") print \\\$4; else print \\\$2}' | sort | uniq -c | sort -rn | head -5\""

echo ""
echo "--- SUCCESSFUL LOGINS ---"
eval "$RUN \"grep 'Accepted' $LOG 2>/dev/null | tail -5 || echo None\""

echo ""
echo "--- LIVE CONNECTIONS ---"
eval "$RUN \"(ss -tn 2>/dev/null || netstat -tn 2>/dev/null) | grep ':22 ' | grep -i estab || echo None\""
	#!/bin/sh
	# SSH Login Checker - Works on any Linux
	# Usage: ./ssh-check.sh <ip> [user] [password]

	IP="$1"; USER="${2:-root}"; PASS="$3"
	[ -z "$IP" ] && echo "Usage: $0 <ip> [user] [password]" && exit 1

	if [ -n "$PASS" ]; then
	RUN="sshpass -p '$PASS' ssh -o StrictHostKeyChecking=no $USER@$IP"
	else
	RUN="ssh -o StrictHostKeyChecking=no -o BatchMode=yes $USER@$IP"
	fi

	# Detect log file
	LOG=$(eval "$RUN 'test -f /var/log/secure && echo /var/log/secure \|\| echo /var/log/auth.log'" 2>/dev/null)

	echo "=== SSH Check: $IP ==="
	echo "--- SUMMARY ---"

	# Get stats
	eval "$RUN \"grep -c 'Failed password' $LOG 2>/dev/null \|\| echo 0\"" \| xargs printf "Failed: %s \| "
	eval "$RUN \"grep -c 'Accepted' $LOG 2>/dev/null \|\| echo 0\"" \| xargs printf "Success: %s \| "
	eval "$RUN \"grep 'Failed password' $LOG 2>/dev/null \| awk '{for(i=1;i<=NF;i++) if(\\\$i ~ /^[0-9]+\\\\.[0-9]+\\\\.[0-9]+\\\\.[0-9]+/) print \\\$i}' \| sort -u \| wc -l\"" \| xargs printf "IPs: %s \| "
	eval "$RUN \"grep 'Failed password' $LOG 2>/dev/null \| grep '\$(date +%H):' \| wc -l\"" \| xargs printf "Last hour: %s\n"

	echo ""
	echo "--- TOP ATTACKERS ---"
	eval "$RUN \"grep 'Failed password' $LOG 2>/dev/null \| awk '{for(i=1;i<=NF;i++) if(\\\$i ~ /^[0-9]+\\\\.[0-9]+\\\\.[0-9]+\\\\.[0-9]+/) print \\\$i}' \| sort \| uniq -c \| sort -rn \| head -5\""

	echo ""
	echo "--- TOP USERNAMES ---"
	eval "$RUN \"grep 'Failed password' $LOG 2>/dev/null \| grep -o 'for .* from' \| awk '{if(\\\$2==\\\"invalid\\\") print \\\$4; else print \\\$2}' \| sort \| uniq -c \| sort -rn \| head -5\""

	echo ""
	echo "--- SUCCESSFUL LOGINS ---"
	eval "$RUN \"grep 'Accepted' $LOG 2>/dev/null \| tail -5 \|\| echo None\""

	echo ""
	echo "--- LIVE CONNECTIONS ---"
	eval "$RUN \"(ss -tn 2>/dev/null \|\| netstat -tn 2>/dev/null) \| grep ':22 ' \| grep -i estab \|\| echo None\""
No results found