A simple multi-threaded distributed SSH brute-forcing tool written in Python.

K4YT3X

Last update: Jan 3, 2023

Related tags

Security related resources orbitaldump

Overview

OrbitalDump

A simple multi-threaded distributed SSH brute-forcing tool written in Python.

How it Works

When the script is executed without the --proxies switch, it acts just like any other multi-threaded SSH brute-forcing scripts. When the --proxies switch is added, the script pulls a list (usually thousands) of SOCKS4 proxies from ProxyScrape and launch all brute-force attacks over the SOCKS4 proxies so brute-force attempts will be less likely to be rate-limited by the target host.

Installation

You can install OrbitalDump through pip.

pip install -U --user orbitaldump
orbitaldump

Alternatively, you can clone this repository and run the source code directly.

git clone https://github.com/k4yt3x/orbitaldump.git
cd orbitaldump
python -m orbitaldump

Usages

A simple usage is shown below. This command below:

-t 10: launch 10 brute-forcing threads
-u usernames.txt: read usernames from usernames.txt (one username per line)
-p passwords.txt: read passwords from passwords.txt (one password per line)
-h example.com: set brute-forcing target to example.com
--proxies: launch attacks over proxies from ProxyScrape

python -m orbitaldump -t 10 -u usernames.txt -p passwords.txt -h example.com --proxies

Full Usages

You can obtain the full usages by executing OrbitalDump with the --help switch. The section below might be out-of-date.

usage: orbitaldump [--help] [-t THREADS] [-u USERNAME] [-p PASSWORD] -h HOSTNAME [--port PORT] [--timeout TIMEOUT] [--proxies]

optional arguments:
  --help                show this help message and exit
  -t THREADS, --threads THREADS
                        number of threads to use (default: 5)
  -u USERNAME, --username USERNAME
                        username file path (default: None)
  -p PASSWORD, --password PASSWORD
                        password file path (default: None)
  -h HOSTNAME, --hostname HOSTNAME
                        target hostname (default: None)
  --port PORT           target port (default: 22)
  --timeout TIMEOUT     SSH timeout (default: 6)
  --proxies             use SOCKS proxies from ProxyScrape (default: False)

You might also like...

This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack

5 Oct 8, 2022

Instagram brute force tool that uses tor as its proxy connections

Insta-crack This is a instagram brute force tool that uses tor as its proxy connections, keep in mind that you should not do anything illegal with thi

3 Jan 28, 2022

A brute Force tool for Facebook

EliBruter A brute Force tool for Facebook Installing this tool -- $ pkg upgrade && update $ pkg install python $ pkg install python3 $ pkg install gi

3 Mar 29, 2022

A fast sub domain brute tool for pentesters

subDomainsBrute 1.4 A fast sub domain brute tool for pentesters. It works with P

2 Oct 18, 2022

🍯 16 honeypots in a single pypi package (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres & MySQL)

Easy to setup customizable honeypots for monitoring network traffic, bots activities and username\password credentials. The current available honeypot

259 Dec 31, 2022

Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io

Cowrie Welcome to the Cowrie GitHub repository This is the official repository for the Cowrie SSH and Telnet Honeypot effort. What is Cowrie Cowrie is

4.1k Jan 9, 2023

Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.

sshuttle: where transparent proxy meets VPN meets ssh As far as I know, sshuttle is the only program that solves the following common case: Your clien

9.4k Jan 4, 2023

Brute Force Guess the password for Instgram accounts with python

Brute-Force-instagram Guess the password for Instgram accounts Tool features : It has two modes: 1- Combo system from you 2- Automatic (random) system

45 Dec 11, 2022

python script for hack gmail account using brute force attack

#Creator: johnry #coded by john ry GBrute python script for hack gmail account using brute force attack Commands apt update && apt upgrade git clone h

6 Dec 9, 2022

Comments

Connection error

python orbitaldump.py -t 28 -u "D:\Stuff\ssh brute\usernames.txt" -p "D:\Stuff\ssh brute\pass2.txt" -h ###.##.###.90 --port 22 --proxies

Gives a huge number of connection errors with any number of threads.

opened by fntst1c 3
Loop in jobs queue.

The actual situation: After all jobs queue tested (no valid credential found), program would repeat all jobs queue again automatically. What's the reason for that?

opened by JT0cZ7 0
False positive failover

Without a failover to prevent false positives, you will get completely unreliable results due to SonicWall etc. Easiest approach: stdin, stdout, stderr = ssh.exec_command("/sbin/ifconfig") output = stdout.read() if 'inet' in output etc...

BTW: This is not "distributed" credential stuffing, as this would be based on multiple hosts communicating targets/credentials with each other and "distribute" the workload (usually following a p2p majority voting approach).

If you use ThreadPool etc., why no CIDR-range for hosts or at least a hosts file? Makes the proxy approach quite timid. The same can btw. be achieved by using proxychains and any random related tool.

opened by TormentedSoul666 6

Releases(1.0.1)

1.0.1(Apr 18, 2022)

Source code(tar.gz)
Source code(zip)

Owner

K4YT3X

所謂的正確之物會隨人們各自的意志而遷移無常。| The so-called correctness will change with people's will.

GitHub

DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by launching a dictionary based attack against a webserver and analyse its response.

DirBruter DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by laun

12 Dec 17, 2022

BF-Hash - A Python Tool to decrypt hashes by brute force

BF-Hash Herramienta para descifrar hashes por fuerza bruta Instalación git clone

5 Apr 9, 2022

A simple multi-threaded distributed SSH brute-forcing tool written in Python.

Related tags

Overview

OrbitalDump

How it Works

Installation

Usages

Full Usages

You might also like...

This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack

Instagram brute force tool that uses tor as its proxy connections

A brute Force tool for Facebook

A fast sub domain brute tool for pentesters

🍯 16 honeypots in a single pypi package (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres & MySQL)

Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io

Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.

Brute Force Guess the password for Instgram accounts with python

python script for hack gmail account using brute force attack

Comments

Connection error

Loop in jobs queue.

False positive failover

Releases(1.0.1)

1.0.1(Apr 18, 2022)

Owner

K4YT3X

Brute-forcing (or not!) deck builder for Pokemon Trading Card Game.

Brute smb share - Brute force a SMB share

An advanced multi-threaded, multi-client python reverse shell for hacking linux systems

A tool to brute force a gmail account. Use this tool to crack multiple accounts

SSH Tool For OSINT and then Cracking.

Dapunta Multi Brute Force Facebook - Crack Facebook With Login - Free

Fuck - Multi Brute Force 🚶‍♂

Multi Brute Force Facebook - Crack Facebook With Login - Free For Now

DirBruter is a Python based CLI tool. It looks for hidden or existing directories/files using brute force method. It basically works by launching a dictionary based attack against a webserver and analyse its response.

BF-Hash - A Python Tool to decrypt hashes by brute force