A simple multi-threaded distributed SSH brute-forcing tool written in Python.

Last update: Jan 03, 2023

Related tags

Overview

OrbitalDump

A simple multi-threaded distributed SSH brute-forcing tool written in Python.

How it Works

When the script is executed without the --proxies switch, it acts just like any other multi-threaded SSH brute-forcing scripts. When the --proxies switch is added, the script pulls a list (usually thousands) of SOCKS4 proxies from ProxyScrape and launch all brute-force attacks over the SOCKS4 proxies so brute-force attempts will be less likely to be rate-limited by the target host.

Installation

You can install OrbitalDump through pip.

pip install -U --user orbitaldump
orbitaldump

Alternatively, you can clone this repository and run the source code directly.

git clone https://github.com/k4yt3x/orbitaldump.git
cd orbitaldump
python -m orbitaldump

Usages

A simple usage is shown below. This command below:

-t 10: launch 10 brute-forcing threads
-u usernames.txt: read usernames from usernames.txt (one username per line)
-p passwords.txt: read passwords from passwords.txt (one password per line)
-h example.com: set brute-forcing target to example.com
--proxies: launch attacks over proxies from ProxyScrape

python -m orbitaldump -t 10 -u usernames.txt -p passwords.txt -h example.com --proxies

Full Usages

You can obtain the full usages by executing OrbitalDump with the --help switch. The section below might be out-of-date.

usage: orbitaldump [--help] [-t THREADS] [-u USERNAME] [-p PASSWORD] -h HOSTNAME [--port PORT] [--timeout TIMEOUT] [--proxies]

optional arguments:
  --help                show this help message and exit
  -t THREADS, --threads THREADS
                        number of threads to use (default: 5)
  -u USERNAME, --username USERNAME
                        username file path (default: None)
  -p PASSWORD, --password PASSWORD
                        password file path (default: None)
  -h HOSTNAME, --hostname HOSTNAME
                        target hostname (default: None)
  --port PORT           target port (default: 22)
  --timeout TIMEOUT     SSH timeout (default: 6)
  --proxies             use SOCKS proxies from ProxyScrape (default: False)

You might also like...

This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack

5 Oct 8, 2022

Instagram brute force tool that uses tor as its proxy connections

Insta-crack This is a instagram brute force tool that uses tor as its proxy connections, keep in mind that you should not do anything illegal with thi

3 Jan 28, 2022

A brute Force tool for Facebook

EliBruter A brute Force tool for Facebook Installing this tool -- $ pkg upgrade && update $ pkg install python $ pkg install python3 $ pkg install gi

3 Mar 29, 2022

A fast sub domain brute tool for pentesters

subDomainsBrute 1.4 A fast sub domain brute tool for pentesters. It works with P

2 Oct 18, 2022

🍯 16 honeypots in a single pypi package (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres & MySQL)

Easy to setup customizable honeypots for monitoring network traffic, bots activities and username\password credentials. The current available honeypot

259 Dec 31, 2022

Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io

Cowrie Welcome to the Cowrie GitHub repository This is the official repository for the Cowrie SSH and Telnet Honeypot effort. What is Cowrie Cowrie is

4.1k Jan 9, 2023

Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.

sshuttle: where transparent proxy meets VPN meets ssh As far as I know, sshuttle is the only program that solves the following common case: Your clien

9.4k Jan 4, 2023

Brute Force Guess the password for Instgram accounts with python

Brute-Force-instagram Guess the password for Instgram accounts Tool features : It has two modes: 1- Combo system from you 2- Automatic (random) system

45 Dec 11, 2022

python script for hack gmail account using brute force attack

#Creator: johnry #coded by john ry GBrute python script for hack gmail account using brute force attack Commands apt update && apt upgrade git clone h

6 Dec 9, 2022

Comments

Connection error

python orbitaldump.py -t 28 -u "D:\Stuff\ssh brute\usernames.txt" -p "D:\Stuff\ssh brute\pass2.txt" -h ###.##.###.90 --port 22 --proxies

Gives a huge number of connection errors with any number of threads.

opened by fntst1c 3
Loop in jobs queue.

The actual situation: After all jobs queue tested (no valid credential found), program would repeat all jobs queue again automatically. What's the reason for that?

opened by JT0cZ7 0
False positive failover

Without a failover to prevent false positives, you will get completely unreliable results due to SonicWall etc. Easiest approach: stdin, stdout, stderr = ssh.exec_command("/sbin/ifconfig") output = stdout.read() if 'inet' in output etc...

BTW: This is not "distributed" credential stuffing, as this would be based on multiple hosts communicating targets/credentials with each other and "distribute" the workload (usually following a p2p majority voting approach).

If you use ThreadPool etc., why no CIDR-range for hosts or at least a hosts file? Makes the proxy approach quite timid. The same can btw. be achieved by using proxychains and any random related tool.

opened by TormentedSoul666 6

Releases(1.0.1)

1.0.1(Apr 18, 2022)

Source code(tar.gz)
Source code(zip)

Owner

K4YT3X

所謂的正確之物會隨人們各自的意志而遷移無常。| The so-called correctness will change with people's will.

GitHub Repository

Password List Maker

Red-Key Red-Key Password List Maker Version 1.1.2 Created By FireKing255 -=Features=- Create Random Password List Create Password List Create Password

7 Dec 26, 2021

This is a multi-password‌ cracking tool that can help you hack facebook accounts very quickly

Pro_Crack Facebook Fast Cracking Tool This is a multi-password‌ cracking tool that can help you hack facebook accounts very quickly Installation On Te

1 Jan 16, 2022

Mips script decompiles MIPS assembly instructions & bot functionality

mips mips is a python-based script that decodes MIPS instructions. Usage cd into mips and run python decode.py command or open decode.py to run the sc

0 Mar 30, 2022

CVE-2022-22963 PoC

CVE-2022-22963 CVE-2022-22963 PoC Slight modified for English translation and detection of https://github.com/chaosec2021/Spring-cloud-function-SpEL-R

104 Dec 08, 2022

一款针对向日葵的识别码和验证码提取工具

Sunflower_get_Password 一款针对向日葵的识别码和验证码提取工具 👮🏻‍♀️ 免责声明由于传播、利用Sunflower_get_Password工具提供的功能而造成的任何直接或者间接的后果及损失，均由使用者本人负责，本人不为此承担任何责任。安装环境本工具使用Python

635 Dec 20, 2022

automatically crawl every URL and find cross site scripting (XSS)

scancss Fastest tool to find XSS. scancss is a fastest tool to detect Cross Site scripting (XSS) automatically and it's also an intelligent payload ge

30 Sep 24, 2022

Quickstart resources for the WiFi Nugget, a cat themed WiFi Security platform for beginners.

62 Jan 08, 2023

Fuck - Multi Brute Force 🚶‍♂

f-mbf Fuck - Multi Brute Force 🚶‍♂ Install Script $ pkg update && pkg upgrade $ pkg install python2 $ pkg install git $ pip2 install requests $ pip2

1 Dec 03, 2021

Vulnerability Exploitation Code Collection Repository

Introduction expbox is an exploit code collection repository List CVE-2021-41349 Exchange XSS PoC = Exchange 2013 update 23 = Exchange 2016 update 2

263 Feb 14, 2022

Tool for finding PHP source code vulnerabilities.

vulnz Tool for finding php source code vulnerabilities. Scans PHP source code and prints out potentially dangerous lines. This tool is useful for secu

1 Jan 14, 2022

Searches for potentially vulnerable websites to local file inclusion, throughout the web and then exploits them for LFI

LFI-Hunter Searches for potentially vulnerable websites to local file inclusion, throughout the web and then exploits them for LFI A script written in

6 Jan 30, 2022

A simple password generator using Python Tkinter.

Password-Generator-using-Python A simple password generator that generates password for you. User can Copy the password to Clipboard. Project made usi

1 Nov 02, 2022

Time Discretization-Invariant Safe Action Repetition for Policy Gradient Methods

Time Discretization-Invariant Safe Action Repetition for Policy Gradient Methods This repository is the official implementation of Seohong Park, Jaeky

6 Aug 02, 2022

Fast Fb Cracking Tool

fb-brute Fast Fb Cracking Tool 🏆

8 Jun 29, 2022

Python Library For Ethical Hacker

11 Nov 03, 2022

Tools ini digunakan untuk krekk pacebuk:v

E-Crack By Aang-XD Fitur Login • Login via token facebook • Login via cookie facebook Install On Termux $ pkg update && pkg upgrade $ pkg install pyth

2 Dec 24, 2021

Discord-email-spammer-exploit - A discord email spammer exploit with python

Discord-email-spammer-exploit was made by Love ❌ code ✅ 🎈 ・Description First it

25 Aug 13, 2022

CVE-2021-21985 VMware vCenter Server远程代码执行漏洞 EXP (更新可回显EXP)

CVE-2021-21985 CVE-2021-21985 EXP 本文以及工具仅限技术分享，严禁用于非法用途，否则产生的一切后果自行承担。 0x01 利用Tomcat RMI RCE 1. VPS启动JNDI监听 1099 端口 rmi需要bypass高版本jdk java -jar JNDIIn

355 Aug 03, 2022

Crypto Meta Extractor

Crypto Meta Extractor This repository contains the code which extracts some metadata of all the cryptocurrencies listed (9K) on CoinMarketCap. Coding

3 Jul 03, 2022

Consolidating and extending hosts files from several well-curated sources. You can optionally pick extensions to block pornography, social media, and other categories.

Take Note! With the exception of issues and PRs regarding changes to hosts/data/StevenBlack/hosts, all other issues regarding the content of the produ

22.1k Jan 02, 2023

A simple multi-threaded distributed SSH brute-forcing tool written in Python.

Related tags

Overview

OrbitalDump

How it Works

Installation

Usages

Full Usages

You might also like...

This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack

Instagram brute force tool that uses tor as its proxy connections

A brute Force tool for Facebook

A fast sub domain brute tool for pentesters

🍯 16 honeypots in a single pypi package (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres & MySQL)

Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io

Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.

Brute Force Guess the password for Instgram accounts with python

python script for hack gmail account using brute force attack

Comments

Connection error

Loop in jobs queue.

False positive failover

Releases(1.0.1)

1.0.1(Apr 18, 2022)

Owner

K4YT3X

Password List Maker

This is a multi-password‌ cracking tool that can help you hack facebook accounts very quickly

Mips script decompiles MIPS assembly instructions & bot functionality

CVE-2022-22963 PoC

一款针对向日葵的识别码和验证码提取工具

automatically crawl every URL and find cross site scripting (XSS)

Quickstart resources for the WiFi Nugget, a cat themed WiFi Security platform for beginners.

Fuck - Multi Brute Force 🚶‍♂

Vulnerability Exploitation Code Collection Repository

Tool for finding PHP source code vulnerabilities.

Searches for potentially vulnerable websites to local file inclusion, throughout the web and then exploits them for LFI

A simple password generator using Python Tkinter.

Time Discretization-Invariant Safe Action Repetition for Policy Gradient Methods

Fast Fb Cracking Tool

Python Library For Ethical Hacker

Tools ini digunakan untuk krekk pacebuk:v

Discord-email-spammer-exploit - A discord email spammer exploit with python

CVE-2021-21985 VMware vCenter Server远程代码执行漏洞 EXP (更新可回显EXP)

Crypto Meta Extractor

Consolidating and extending hosts files from several well-curated sources. You can optionally pick extensions to block pornography, social media, and other categories.