{"id":22157862,"url":"https://github.com/mkbeh/pyshella-toolkit","last_synced_at":"2025-10-09T13:37:17.235Z","repository":{"id":98488076,"uuid":"185178471","full_name":"mkbeh/pyshella-toolkit","owner":"mkbeh","description":"Hacking toolkit for BTC/forks peers: peers-scanner | jsonrpc-searcher | jsonrpc-bruter | coins-withdrawal","archived":false,"fork":false,"pushed_at":"2023-08-03T16:38:19.000Z","size":96,"stargazers_count":53,"open_issues_count":1,"forks_count":18,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-06-28T08:39:32.882Z","etag":null,"topics":["bitcoin","bitcoin-forks","blockchain","bruteforce","hacking","pentest-tool","scan-tool","toolkit"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mkbeh.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-05-06T10:54:12.000Z","updated_at":"2025-04-20T23:52:38.000Z","dependencies_parsed_at":"2025-06-28T08:43:34.705Z","dependency_job_id":null,"html_url":"https://github.com/mkbeh/pyshella-toolkit","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/mkbeh/pyshella-toolkit","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mkbeh%2Fpyshella-toolkit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mkbeh%2Fpyshella-toolkit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mkbeh%2Fpyshella-toolkit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mkbeh%2Fpyshella-toolkit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mkbeh","download_url":"https://codeload.github.com/mkbeh/pyshella-toolkit/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mkbeh%2Fpyshella-toolkit/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279001489,"owners_count":26083102,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-09T02:00:07.460Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bitcoin","bitcoin-forks","blockchain","bruteforce","hacking","pentest-tool","scan-tool","toolkit"],"created_at":"2024-12-02T03:16:06.349Z","updated_at":"2025-10-09T13:37:17.208Z","avatar_url":"https://github.com/mkbeh.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# pyshella-toolkit\n\n[![Python 3.7](https://img.shields.io/badge/python-3.7-blue.svg)](https://www.python.org/downloads/release/python-370/)\n![Platform](https://img.shields.io/badge/platform-linux-green.svg)\n[![GitHub license](https://img.shields.io/github/license/Naereen/StrapDown.js.svg)](https://github.com/Naereen/StrapDown.js/blob/master/LICENSE)\n\nThis is simple toolkit for Bitcoin or Bitcoin forks , which contains\ncli scripts such as `peers-scanner`, `jsonrpc-searcher`, \n`jsonrpc-bruter`, `coins-withdrawal`. \n\nThis set of scripts allows you to find peers with the JSON-RPC\nport open to the outside, followed by a bruteforce attack\nand withdrawal the coins.\n\n```\nDisclaimer: This toolkit was created for research purposes, \nuse it at your own peril and risk. The author of this toolkit \nis not responsible for your actions.\n```\n\n**Donate me if you like it:**\n```\nbitcoin -\u003e bc1qqkr72aemz59aawxf74gytrwuw4m9mj20t7e7df\nethereum -\u003e 0xB3e5b643cFB9e2565a3456eC7c7A73491A32e31F\n```\n\n## **Getting started**\n* [Installation](#installation)\n* [Configuring MongoDB](#configuring-mongodb)\n    * [Installing](#installing-mongodb)\n    * [Enable auth](#enable-auth)\n    * [Run](#run-mongod)\n* [Docker supporting](#docker-supporting)\n* Toolkit\n    * [Peers-scanner](#peers-scanner)\n    * [JSON-RPC Searcher](#json-rpc-searcher)\n    * [JSON-RPC Bruter](#json-rpc-bruter)\n    * [Coins-withdrawal](#coins-withdrawal)\n\n\n\n## Installation\n```bash\nmkdir -p ~/pyshella-toolkit/wordlists \u0026\u0026 mkdir ~/pyshella-toolkit/logs\ngit clone https://github.com/mkbeh/pyshella-toolkit\ncd pyshella-toolkit/\npip3.7 install wheel\npython3.7 setup.py bdist_egg --exclude-source-files\npython3.7 -m easy_install --install-dir ~/.local/lib/python3.7/site-packages --prefix=$HOME/.local dist/\u003cpackage\u003e\n\n# NOTE: if error - try previously (setup yours path)\nexport PYTHONPATH=~/.local/lib/python3.7/site-packages\n```\n\n## Configuring MongoDB\n\n### Installing MongoDB\n```bash\nsudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 9DA31620334BD75D9DCB49F368818C72E52529D4\necho \"deb [ arch=amd64 ] https://repo.mongodb.org/apt/ubuntu bionic/mongodb-org/4.0 multiverse\" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.0.list\nsudo apt-get update\nsudo apt-get install -y mongodb-org\nmkdir -p /data/db\n\necho \"mongodb-org hold\" | sudo dpkg --set-selections\necho \"mongodb-org-server hold\" | sudo dpkg --set-selections\necho \"mongodb-org-shell hold\" | sudo dpkg --set-selections\necho \"mongodb-org-mongos hold\" | sudo dpkg --set-selections\necho \"mongodb-org-tools hold\" | sudo dpkg --set-selections\n```\n\n### Enable auth\n```\n# Start MongoDB\nmongod\n\n# Connect to the instance\nmongo\n\n# Use database\nuse admin\n\n# Create the user administrator\ndb.createUser({user: \"admin\", pwd: \"admin\", roles: [\"root\"]})\n\n# Re-start the MongoDB instance with access control\ndb.adminCommand({ shutdown: 1})\n\n# Exit from mongo cli\nexit\n```\n\n### Run mongod\n```bash\n# -- Run mongo daemon --\nmongod --auth -f /etc/mongod.conf\n\n# -- Check connection --\nmongo --host \u003cip:20777\u003e -u \"admin\" --authenticationDatabase \"admin\" -p\n\n```\n\n## Docker supporting\n```bash\ngit clone https://github.com/mkbeh/pyshella-toolkit\ncd pyshella-toolkit/\nchmod +x toolkit.sh\nmkdir -p ~/pyshella-toolkit\n\n# Set your data to the sections `program` in `toolkit.conf`. \nvi toolkit.conf\n\n        --- IMPORTANT NOTE ---\n# if you do not want to run a spider - \n# add your dictionaries to the directory \n# ~/pyshella-toolkit/wordlists on host. \n# This directory is shared between the host \n# and the container.\n\n# Next build docker image.\ndocker build -t pyshella-toolkit:0.56.30 .\n```\n\n**Available modes to launch the container:**\n* **DEBUG** - the running container will output data \nfrom the log file in real time for all utilities from \nthe toolkit with errors and success data.\n* **BATTLE** - without output data from the log file\nin real time.\n\n**Crawler modes:**\n* **ACTIVATE** - will activate crawler , which will\ncrawl bitcointalk.org ANN section for searching default\ncredentials , then created 2 files with RPC users and \nRPC passwords.\n* **INACTIVATE** - will use dictionaries from \n`toolkit.conf`.\n\n```bash\n# -- Docker run examples for each supporting mode --\n\n# -- DEBUG:\ndocker run --name \u003ccoin_name\u003e -v ~/pyshella-toolkit:/pyshella-toolkit -e \"ENV=DEBUG\" --network host pyshella-toolkit:\u003cversion\u003e\n\n# -- BATTLE:\ndocker run -itd --name \u003ccoin_name\u003e -v ~/pyshella-toolkit:/pyshella-toolkit -e \"ENV=BATTLE\" --network host pyshella-toolkit:\u003cversion\u003e\n\n# EDIT THIS\ndocker run -v ~/pyshella-toolkit:/pyshella-toolkit/shared -e \"ENV=DEBUG\" -e \"CRAWLER=ACTIVATE\" --network host pyshella-toolkit:\u003cversion\u003e\n\n\n# -- NOTE --\nIf your database is on a remote host, then \noption `--network` with value `host` can be omitted.\n```\n\n\u003e File with log are located by host path ~/pyshella-toolkit/logs/\n\n## Bitcointalk default credentials crawler\nCrawler which searching default rpc credentials in\neach topic of section ANN.\n\n```\nImportant note: This process may take more than a few \nhours, please be patient. \n```\n\n### How to use\n```bash\ncd btt_spider\nscrapy crawl creds_crawler\n```\n\n\n## Peers Scanner\nThe `peers scanner` scans the network for available peers and \nwrites them to a file. For new peers, old ones are blacklisted.\n\n### How to use\n```\nusage: pyshella-peers-scanner [-h] -nU  [-b] [-i] -mU   -n\n\noptional arguments:\n  -h, --help            show this help message and exit\n  -nU , --node-uri      Node URI.\n  -b , --ban-time       The time(days) which will be banned each peer (by\n                        default 14 days).\n  -i , --interval       Interval(secs) between call cycles for new peers (by\n                        default 60 secs).\n  -mU  , --mongo-uri    MongoDB uri.\n  -n  , --coin-name     Name of cryptocurrency.\n\n-----------------------------------------------------------------------------\nUsage example: pyshella-peers-scanner -nU \u003cnode_uri\u003e -mU \u003cmongo_uri\u003e -n \u003ccoin_name\u003e\n```\n\n## JSON-RPC Searcher\nScanner which discovers Bitcoin/forks JSON-RPC on peers.\n\n### How to use\n```\nusage: pyshella-jsonrpc-searcher [-h] -n NAME [-mU URI] [-cT SECS] [-rT SECS]\n                                 [-bT SECS] [-hS NUM] [-pS NUM] [-v BOOL]\n\noptional arguments:\n  -h, --help            show this help message and exit\n  -n NAME, --coin-name NAME\n                        Name of cryptocurrency.\n  -mU URI, --mongo-uri URI\n                        MongoDB URI. Default:\n                        mongodb://root:toor@localhost:27017\n  -cT SECS              Timeout between hosts block cycles.\n  -rT SECS              Time to wait for a response from the server after\n                        sending the request.\n  -bT SECS              Delay between block cycles.\n  -hS NUM               The number of hosts that will be processed\n                        simultaneously.\n  -pS NUM               The number of ports that will be processed\n                        simultaneously for each host.\n  -v BOOL               Activate verbose mode. Will show all found headers.\n\n-----------------------------------------------------\nUsage example: pyshella-jsonrpc-searcher -n Bitcoin -bT 1 -hS 1 -pS 200 -v True\n```\n\n\n## JSON-RPC Bruter\nBitcoin/fork JSON-RPC bruter. Based on asyncio.\n\n### How to use\n```\nusage: pyshella-jsonrpc-bruter [-h] -n NAME [-mU URI] -l SINGLE/FILE -p\n                               SINGLE/FILE [-b ORDER] [-t NUM] [-rT SECS]\n                               [-cT SECS]\noptional arguments:\n  -h, --help            show this help message and exit\n  -n NAME, --coin-name NAME\n                        Name of cryptocurrency.\n  -mU URI, --mongo-uri URI\n                        MongoDB URI. Default:\n                        mongodb://root:toor@localhost:27017\n  -l SINGLE/FILE, --logins SINGLE/FILE\n                        Single login or file with logins.\n  -p SINGLE/FILE, --passwords SINGLE/FILE\n                        Single password or file with passwords.\n  -b ORDER, --brute-order ORDER\n                        The order in which the brute force process will occur.\n                        Where H - hosts, L - logins, P - passwords. Default:\n                        HLP. Examples: HLP, LPH, PHL, etc.\n  -t NUM, --threads NUM\n                        The number of coroutines that will be asynchronous in\n                        bruteforce process.\n  -rT SECS, --read-timeout SECS\n                        Time to wait for a response from the server after\n                        sending the request.\n  -cT SECS, --cycle-timeout SECS\n                        Timeout between getting new data for brute.\n\n----------------------------------------------------------------------------------------------\nUsage example:\n-\u003e pyshella-jsonrpc-bruter --help\n-\u003e pyshella-jsonrpc-bruter -n Bitcoin -t 20 -l \u003clogins_file\u003e -p \u003cpwds_file\u003e -b HLP\n```\n\n\n## Coins Withdrawal\nUtility which withdrawal crypto currency from bruted JSON-RPC.\n\n### How to use\n```\nusage: pyshella-coins-withdrawal [-h] -n NAME -mU URI -a ADDR [-i SECS]\n\noptional arguments:\n  -h, --help            show this help message and exit\n  -n NAME, --coin-name NAME\n                        Name of cryptocurrency.\n  -mU URI, --mongo-uri URI\n                        MongoDB uri.\n  -a ADDR, --withdrawal-address ADDR\n                        The address to which the coins will be sent.\n  -i SECS, --interval SECS\n                        Timeout after coins withdrawal from all the peers that\n                        were collected in the database at the moment.\n\n-----------------------------------------------------------------------------------------------------------------------\nUsage example: pyshella-coins-withdrawal -n Bitcoin -mU mongodb://root:toor@localhost:27017 -a \u003cwithdrawal_addr\u003e -i 300\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmkbeh%2Fpyshella-toolkit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmkbeh%2Fpyshella-toolkit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmkbeh%2Fpyshella-toolkit/lists"}