A simple multi-threaded distributed SSH brute-forcing tool written in Python.

Last update: Jan 03, 2023

Related tags

Overview

OrbitalDump

A simple multi-threaded distributed SSH brute-forcing tool written in Python.

How it Works

When the script is executed without the --proxies switch, it acts just like any other multi-threaded SSH brute-forcing scripts. When the --proxies switch is added, the script pulls a list (usually thousands) of SOCKS4 proxies from ProxyScrape and launch all brute-force attacks over the SOCKS4 proxies so brute-force attempts will be less likely to be rate-limited by the target host.

Installation

You can install OrbitalDump through pip.

pip install -U --user orbitaldump
orbitaldump

Alternatively, you can clone this repository and run the source code directly.

git clone https://github.com/k4yt3x/orbitaldump.git
cd orbitaldump
python -m orbitaldump

Usages

A simple usage is shown below. This command below:

-t 10: launch 10 brute-forcing threads
-u usernames.txt: read usernames from usernames.txt (one username per line)
-p passwords.txt: read passwords from passwords.txt (one password per line)
-h example.com: set brute-forcing target to example.com
--proxies: launch attacks over proxies from ProxyScrape

python -m orbitaldump -t 10 -u usernames.txt -p passwords.txt -h example.com --proxies

Full Usages

You can obtain the full usages by executing OrbitalDump with the --help switch. The section below might be out-of-date.

usage: orbitaldump [--help] [-t THREADS] [-u USERNAME] [-p PASSWORD] -h HOSTNAME [--port PORT] [--timeout TIMEOUT] [--proxies]

optional arguments:
  --help                show this help message and exit
  -t THREADS, --threads THREADS
                        number of threads to use (default: 5)
  -u USERNAME, --username USERNAME
                        username file path (default: None)
  -p PASSWORD, --password PASSWORD
                        password file path (default: None)
  -h HOSTNAME, --hostname HOSTNAME
                        target hostname (default: None)
  --port PORT           target port (default: 22)
  --timeout TIMEOUT     SSH timeout (default: 6)
  --proxies             use SOCKS proxies from ProxyScrape (default: False)

You might also like...

This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack

5 Oct 8, 2022

Instagram brute force tool that uses tor as its proxy connections

Insta-crack This is a instagram brute force tool that uses tor as its proxy connections, keep in mind that you should not do anything illegal with thi

3 Jan 28, 2022

A brute Force tool for Facebook

EliBruter A brute Force tool for Facebook Installing this tool -- $ pkg upgrade && update $ pkg install python $ pkg install python3 $ pkg install gi

3 Mar 29, 2022

A fast sub domain brute tool for pentesters

subDomainsBrute 1.4 A fast sub domain brute tool for pentesters. It works with P

2 Oct 18, 2022

🍯 16 honeypots in a single pypi package (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres & MySQL)

Easy to setup customizable honeypots for monitoring network traffic, bots activities and username\password credentials. The current available honeypot

259 Dec 31, 2022

Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io

Cowrie Welcome to the Cowrie GitHub repository This is the official repository for the Cowrie SSH and Telnet Honeypot effort. What is Cowrie Cowrie is

4.1k Jan 9, 2023

Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.

sshuttle: where transparent proxy meets VPN meets ssh As far as I know, sshuttle is the only program that solves the following common case: Your clien

9.4k Jan 4, 2023

Brute Force Guess the password for Instgram accounts with python

Brute-Force-instagram Guess the password for Instgram accounts Tool features : It has two modes: 1- Combo system from you 2- Automatic (random) system

45 Dec 11, 2022

python script for hack gmail account using brute force attack

#Creator: johnry #coded by john ry GBrute python script for hack gmail account using brute force attack Commands apt update && apt upgrade git clone h

6 Dec 9, 2022

Comments

Connection error

python orbitaldump.py -t 28 -u "D:\Stuff\ssh brute\usernames.txt" -p "D:\Stuff\ssh brute\pass2.txt" -h ###.##.###.90 --port 22 --proxies

Gives a huge number of connection errors with any number of threads.

opened by fntst1c 3
Loop in jobs queue.

The actual situation: After all jobs queue tested (no valid credential found), program would repeat all jobs queue again automatically. What's the reason for that?

opened by JT0cZ7 0
False positive failover

Without a failover to prevent false positives, you will get completely unreliable results due to SonicWall etc. Easiest approach: stdin, stdout, stderr = ssh.exec_command("/sbin/ifconfig") output = stdout.read() if 'inet' in output etc...

BTW: This is not "distributed" credential stuffing, as this would be based on multiple hosts communicating targets/credentials with each other and "distribute" the workload (usually following a p2p majority voting approach).

If you use ThreadPool etc., why no CIDR-range for hosts or at least a hosts file? Makes the proxy approach quite timid. The same can btw. be achieved by using proxychains and any random related tool.

opened by TormentedSoul666 6

Releases(1.0.1)

1.0.1(Apr 18, 2022)

Source code(tar.gz)
Source code(zip)

Owner

K4YT3X

所謂的正確之物會隨人們各自的意志而遷移無常。| The so-called correctness will change with people's will.

GitHub Repository

Obfuscate ip address using different encodings

ipobfuscator How it works? Single ip address can be written in multiple ways. The most popular way is to represent ip as 4 octets separated with dots.

1 Nov 02, 2021

CVE-2021-45232-RCE-多线程批量漏洞检测

CVE-2021-45232-RCE CVE-2021-45232-RCE-多线程批量漏洞检测 FOFA 查询 title="Apache APISIX Das

36 Sep 21, 2022

A tool to find good RCE From my series: A powerful Burp extension to make bounties rain

52 Dec 16, 2022

Cracker - Tools CRACK FACEBOOK DAN INSTAGRAM DENGAN FITUR BANYAK

CLOME TO TOOLS ME 😁 FITUR TOOLS RESULTS INSTALASI ____/-- INSTALLASI /+/+/+/ t

3 Jan 08, 2022

Hubble is a modular, open-source security compliance framework. The project provides on-demand profile-based auditing, real-time security event notifications, alerting, and reporting. HubbleStack is a free and open source project made possible by Adobe. https://github.com/adobe

Welcome to HubbleStack!! You can find the docs here You can file an issue here Follow us on Twitter! Development Below are sample instructions to setu

368 Jan 04, 2023

A simple multi-threaded distributed SSH brute-forcing tool written in Python.

Related tags

Overview

OrbitalDump

How it Works

Installation

Usages

Full Usages

You might also like...

This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack

Instagram brute force tool that uses tor as its proxy connections

A brute Force tool for Facebook

A fast sub domain brute tool for pentesters

🍯 16 honeypots in a single pypi package (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres & MySQL)

Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io

Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.

Brute Force Guess the password for Instgram accounts with python

python script for hack gmail account using brute force attack

Comments

Connection error

Loop in jobs queue.

False positive failover

Releases(1.0.1)

1.0.1(Apr 18, 2022)

Owner

K4YT3X

Obfuscate ip address using different encodings

CVE-2021-45232-RCE-多线程批量漏洞检测

A tool to find good RCE From my series: A powerful Burp extension to make bounties rain

Cracker - Tools CRACK FACEBOOK DAN INSTAGRAM DENGAN FITUR BANYAK

Hubble is a modular, open-source security compliance framework. The project provides on-demand profile-based auditing, real-time security event notifications, alerting, and reporting. HubbleStack is a free and open source project made possible by Adobe. https://github.com/adobe

Phoenix Framework is an environment for writing, testing and using exploit code.

IDA Python Script for anti ollvm

A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts

Small Python library that adds password hashing methods to ORM objects

Apache Flink 目录遍历漏洞批量检测 (CVE-2020-17519)

Tool to scan for RouterOS (Mikrotik) forensic artifacts and vulnerabilities.

Files related to PoC||GTFO 21:21 - NSA’s Backdoor of the PX1000-Cr

USSR-Scanner - USSR Scanner with python

nuclei scanner for proxyshell ( CVE-2021-34473 )

Code to do NF in HDR,HEVC,HPL,MPL

Dumping revelant information on compromised targets without AV detection

⛤Keylogger Generator for Windows written in Python⛤

(D)arth (S)ide of the (L)og4j (F)orce, the ultimate log4j vulnerabilities assessor

GRR Rapid Response: remote live forensics for incident response

Brute-Force-Connected