A simple multi-threaded distributed SSH brute-forcing tool written in Python.

Last update: Jan 03, 2023

Related tags

Overview

OrbitalDump

A simple multi-threaded distributed SSH brute-forcing tool written in Python.

How it Works

When the script is executed without the --proxies switch, it acts just like any other multi-threaded SSH brute-forcing scripts. When the --proxies switch is added, the script pulls a list (usually thousands) of SOCKS4 proxies from ProxyScrape and launch all brute-force attacks over the SOCKS4 proxies so brute-force attempts will be less likely to be rate-limited by the target host.

Installation

You can install OrbitalDump through pip.

pip install -U --user orbitaldump
orbitaldump

Alternatively, you can clone this repository and run the source code directly.

git clone https://github.com/k4yt3x/orbitaldump.git
cd orbitaldump
python -m orbitaldump

Usages

A simple usage is shown below. This command below:

-t 10: launch 10 brute-forcing threads
-u usernames.txt: read usernames from usernames.txt (one username per line)
-p passwords.txt: read passwords from passwords.txt (one password per line)
-h example.com: set brute-forcing target to example.com
--proxies: launch attacks over proxies from ProxyScrape

python -m orbitaldump -t 10 -u usernames.txt -p passwords.txt -h example.com --proxies

Full Usages

You can obtain the full usages by executing OrbitalDump with the --help switch. The section below might be out-of-date.

usage: orbitaldump [--help] [-t THREADS] [-u USERNAME] [-p PASSWORD] -h HOSTNAME [--port PORT] [--timeout TIMEOUT] [--proxies]

optional arguments:
  --help                show this help message and exit
  -t THREADS, --threads THREADS
                        number of threads to use (default: 5)
  -u USERNAME, --username USERNAME
                        username file path (default: None)
  -p PASSWORD, --password PASSWORD
                        password file path (default: None)
  -h HOSTNAME, --hostname HOSTNAME
                        target hostname (default: None)
  --port PORT           target port (default: 22)
  --timeout TIMEOUT     SSH timeout (default: 6)
  --proxies             use SOCKS proxies from ProxyScrape (default: False)

You might also like...

This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack

5 Oct 8, 2022

Instagram brute force tool that uses tor as its proxy connections

Insta-crack This is a instagram brute force tool that uses tor as its proxy connections, keep in mind that you should not do anything illegal with thi

3 Jan 28, 2022

A brute Force tool for Facebook

EliBruter A brute Force tool for Facebook Installing this tool -- $ pkg upgrade && update $ pkg install python $ pkg install python3 $ pkg install gi

3 Mar 29, 2022

A fast sub domain brute tool for pentesters

subDomainsBrute 1.4 A fast sub domain brute tool for pentesters. It works with P

2 Oct 18, 2022

🍯 16 honeypots in a single pypi package (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres & MySQL)

Easy to setup customizable honeypots for monitoring network traffic, bots activities and username\password credentials. The current available honeypot

259 Dec 31, 2022

Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io

Cowrie Welcome to the Cowrie GitHub repository This is the official repository for the Cowrie SSH and Telnet Honeypot effort. What is Cowrie Cowrie is

4.1k Jan 9, 2023

Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.

sshuttle: where transparent proxy meets VPN meets ssh As far as I know, sshuttle is the only program that solves the following common case: Your clien

9.4k Jan 4, 2023

Brute Force Guess the password for Instgram accounts with python

Brute-Force-instagram Guess the password for Instgram accounts Tool features : It has two modes: 1- Combo system from you 2- Automatic (random) system

45 Dec 11, 2022

python script for hack gmail account using brute force attack

#Creator: johnry #coded by john ry GBrute python script for hack gmail account using brute force attack Commands apt update && apt upgrade git clone h

6 Dec 9, 2022

Comments

Connection error

python orbitaldump.py -t 28 -u "D:\Stuff\ssh brute\usernames.txt" -p "D:\Stuff\ssh brute\pass2.txt" -h ###.##.###.90 --port 22 --proxies

Gives a huge number of connection errors with any number of threads.

opened by fntst1c 3
Loop in jobs queue.

The actual situation: After all jobs queue tested (no valid credential found), program would repeat all jobs queue again automatically. What's the reason for that?

opened by JT0cZ7 0
False positive failover

Without a failover to prevent false positives, you will get completely unreliable results due to SonicWall etc. Easiest approach: stdin, stdout, stderr = ssh.exec_command("/sbin/ifconfig") output = stdout.read() if 'inet' in output etc...

BTW: This is not "distributed" credential stuffing, as this would be based on multiple hosts communicating targets/credentials with each other and "distribute" the workload (usually following a p2p majority voting approach).

If you use ThreadPool etc., why no CIDR-range for hosts or at least a hosts file? Makes the proxy approach quite timid. The same can btw. be achieved by using proxychains and any random related tool.

opened by TormentedSoul666 6

Releases(1.0.1)

1.0.1(Apr 18, 2022)

Source code(tar.gz)
Source code(zip)

Owner

K4YT3X

所謂的正確之物會隨人們各自的意志而遷移無常。| The so-called correctness will change with people's will.

GitHub Repository

Extensive Python3 network scanner, simplified.

Snake Map Extensive Python3 network scanner, simplified. _,.--. --..,_ .'`__ o `;__, `'.'. .'.'` '---'` '

4 Apr 16, 2022

Generate your own NFTs and their metadata based on your desired probabilities.

Generate your own NFTs and their metadata based on your desired probabilities. Use your own art assets too! Perfect for use with Candy Machine.

7 Sep 16, 2022

Consolidating and extending hosts files from several well-curated sources. You can optionally pick extensions to block pornography, social media, and other categories.

Take Note! With the exception of issues and PRs regarding changes to hosts/data/StevenBlack/hosts, all other issues regarding the content of the produ

22.1k Jan 02, 2023

Nmap automated port scanner written in Python

port-scanner Nmap automated port scanner written in Python. USE: Clone the module Import the module: from portscanModule import portscanner Use: ports

1 Dec 03, 2021

This repository consists of the python scripts for execution and automation of vivid tasks.

Scripting.py is a repository being maintained to keep log of the python scripts that I create for automating and executing some of my boring manual task.

1 Feb 07, 2022

This is a Crypto asset tracker that I built to aid my personal journey in cryptocurrencies.

Wallet Tracker This is a Crypto asset tracker that I built to aid my personal journey in cryptocurrencies. build docker build -t wallet-tracker . run

2 Mar 21, 2022

Http-proxy-list - A lightweight project that hourly scrapes lots of free-proxy sites, validates if it works, and serves a clean proxy list

Free HTTP Proxy List 🌍 It is a lightweight project that hourly scrapes lots of

142 Jan 05, 2023

A simple multi-threaded distributed SSH brute-forcing tool written in Python.

Related tags

Overview

OrbitalDump

How it Works

Installation

Usages

Full Usages

You might also like...

This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack

Instagram brute force tool that uses tor as its proxy connections

A brute Force tool for Facebook

A fast sub domain brute tool for pentesters

🍯 16 honeypots in a single pypi package (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres & MySQL)

Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io

Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.

Brute Force Guess the password for Instgram accounts with python

python script for hack gmail account using brute force attack

Comments

Connection error

Loop in jobs queue.

False positive failover

Releases(1.0.1)

1.0.1(Apr 18, 2022)

Owner

K4YT3X

Extensive Python3 network scanner, simplified.

Generate your own NFTs and their metadata based on your desired probabilities.

Consolidating and extending hosts files from several well-curated sources. You can optionally pick extensions to block pornography, social media, and other categories.

Nmap automated port scanner written in Python

This repository consists of the python scripts for execution and automation of vivid tasks.

This is a Crypto asset tracker that I built to aid my personal journey in cryptocurrencies.

Http-proxy-list - A lightweight project that hourly scrapes lots of free-proxy sites, validates if it works, and serves a clean proxy list

聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网。Auto Collect Poc Or CVE from Github by CVE ID.

WinRemoteEnum is a module-based collection of operations achievable by a low-privileged domain user.

Argument Injection in Dragonfly Ruby Gem

Generate malicious files using recently published bidi-attack (CVE-2021-42574)

Malware-analysis-writeups - Some of my Malware Analysis writeups

BOF-Roaster is an automated buffer overflow exploit machine which is begin written with Python 3.

A simple python-function, to gain all wlan passwords from stored wlan-profiles on a computer.

Generates password lists/dictionaries based on keywords written in python3.

A tool to extract the IdP cert from vCenter backups and log in as Administrator

Generate MIPS reverse shell shellcodes easily !

SeaSurf is a Flask extension for preventing cross-site request forgery (CSRF).

Receive notifications/alerts on the most recent disclosed CVE's.

Chromepass - Hacking Chrome Saved Passwords