SSH Botnet??

[Kaos_Method]

Hey everyone!

I'm new here, first post! I've put quite a fair amount of time into Python now, and I'm really enjoying it. I'm a CS major, and I've learned more from the community then I think I'll learn about Python through out my entire time in college. Anyway, on to my question!

Botnet really interests me a lot (nothing nefarious, just interested). I've done a fair amount of research and looking around, and I think I understand the majority of the code that is used (I will list it below). I have a few questions in regards to using something like this though. Having read about SSH a fair amount, doesn't it prevent Brute Force like attacks?

Also, this isn't my code. I found it and changed it just a little. Not very much, more to try to make it work with Python 3, because it was originally written in Python 2. The import command didn't work ether, so I changed that to make it work. Also, I have a question about variables, specifically about "s = pxssh.pxssh()". I understand the concept of a variable, but nothing I've seen explains why you would do it like that. I'm trying to understand why it goes pxssh.pxssh(), rather then just s = pxssh. Also, why not globally define the variable in the beginning, under the import functions? I've seen and read a fair amount where people talk about "thinking in a Pythonic way". A lot of what I've seen on this talks about defining variables in the beginning. Why would this not be done?

Still quite new to all of this, and I know my questions are quite simplistic. Thanks everyone!

from pexpect import pxssh 

class Client:

def __init__(self, host, user, password):
self.host = host 
self.user = user 
self.password = password
self.session = self.connect()

def connect(self):
try:

s = pxssh.pxssh()
s.login(self.host, self.user, self.password)
return s
excempt Exception as e:
print (e)
print ('[-] Error Connecting')

def send_command(self, cmd): 
self.session.sendline(cmd)
self.session.prompt()
return self.session.before

def botnetcommand(command):
for Client in botnet:
output = Client.send_command(command)
print ('
[*] Output from ') + client.host
 print ('
[*]') + output

def addClient(host, user, password):
 client = Client(host, user, password)
 botnet.aapend(client)

botnet = []
addClient()

botnetcommand('ls -la')

---

I had it formatted before, and for some reason I can't seem to get the code to stay formatted.

[DeaD_EyE]

I'm trying to understand why it goes pxssh.pxssh(), rather then just s = pxssh.

First you've to know, that an instantiation of a class use parentheses, also as the call of a function.
Everything in Python is an object. A function is a function object, a class is also an object with the type of the class.

For example:

class Foo:
   pass

def foo:
   return 42

To create a new instance of a class Foo, you just use Foo() and you'll get an instance of Foo.
To call the function foo, you use foo() and will get 42 back, which is an integer and also an object.

With the assignment, you assign an object to a name, which is just a reference to the object, which is in memory.
Compared to C it's like a pointer, but with some additions.

If you assign a class or function to a name without calling it, it's just a reference to the object, which is the class or the function.

You can do for example:

Bar = Foo
bar = foo

Then you can create a new instance of the class Foo with Bar().
The same with the function foo, which is assigned to the name bar: bar()

We use this technique very often in Python. You don't have a switch statement in Python.
Instead we can use a dict:

some_dict = {'red', Foo, 'blue': foo}
# and call it later:
some_dict['red']() # -> instance of Foo
# or
some_dict['blue']() # -> function call of foo
# or
switch_value = 'red'
callable = some_dict[switch_value]
callable() # -> instance of Foo

I hope it helps a little bit.
Just test it in the Python Repl and you'll see how powerful it is.

In your example you do an instantiation of pxssh and assign it to the name s.
Then you call the method login of the instance of the class pxssh.
For completeness, an instance can have methods and attributes.

class Foo:
   def __init__(self):
       self.value = 42
   def method(self):
       return self.value

The method __init__ is a special method and is used to set up the instance.
In the example 42 is assigned to the attribute value, which lives in the new object.
The name self is explicit to access to the object itself. In other languages like C++ it's implicit (I'm not familiar with C++).
method is a method of the instance. It will return 42.
You can't call Foo.method() directly, because it's not a class method.
First you make an instance s = Foo(), then you can call the method with s.method().
You can also access the value direct with s.value.

[sparkz_alot]

Next time, when posting your code, trying using the combination "Ctrl + Shift + V" and see if that works.

As to your questions, the second 'pxssh' is an attribute of the class pxssh and is explained here : pxssh doc

The s = pxssh.pxssh() is just a shortcut to save some keystrokes.  You will, however, rile up the villagers by using single letter variables such as 's'.  Python encourages the use of 'descriptive' names, whether it be variables, functions or classes.

As to why not make it global? A better question is "Why make it global".  Again, Python prefers you use local variables rather than global, if possible.  In this case, 's' is only being used locally in the 'connect' function.