PHPackages ycoya/laravel-telnet-brute-force - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. ycoya/laravel-telnet-brute-force ActiveLibrary[Security](/categories/security) ycoya/laravel-telnet-brute-force ================================ A package to brute force a telnet connection 224PHP Since Aug 2Pushed 1y ago1 watchersCompare [ Source](https://github.com/ycoya/laravel-telnet-brute-force)[ Packagist](https://packagist.org/packages/ycoya/laravel-telnet-brute-force)[ RSS](/packages/ycoya-laravel-telnet-brute-force/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependenciesVersions (1)Used By (0) Laravel Telnet Brute Force ========================== [](#laravel-telnet-brute-force) Recovering password from telnet service by using brute force. This was made to meet my own needs, it is not expected to be used in a real web application. This was more to learn and practice to build packages. If someone needs it, well here it is. This package contains two artisan console command which will run the brute force attack. One command will use an users and passwords lists from files and the other one generate the passwords internally. It is important to say, that the steps used to determine that we succeed in guessing the password is by checking we do not receive the ´login´ back from the telnet reply. This way we could have a $, #, or C:> as prompt. So this is for those cases where we do not know what we will see when we log in. We could have false positive too. I'm not responsible if someone use this in a wrong way. Installation ------------ [](#installation) ``` composer require ycoya/laravel-telnet-brute-force ``` Requirements ------------ [](#requirements) php 8.0+ Documentation ------------- [](#documentation) `Brute Force With Dictionary` ----------------------------- [](#brute-force-with-dictionary) ``` php artisan telnet:attack-dict --host=127.0.0.1 --userDb=utils/users.txt --passDb=utils/passwords.txt ``` To receive help from command, just type ``` php artisan help telnet:attack-dict ``` The host option will define the machine target. The options --userDB and --passDb are the path from where the users and passwords will be taken. The procedure is: first user is selected and then this user is tested through all the passwords from password.txt, if nothing is found, then it will take the second user, and it repeats the same procedure. We can also type a full path for example: \--userDb=C:\\brute-force\\dictionary\\utils\\users.txt same for \--passDb=C:\\brute-force\\dictionary\\utils\\passwords.txt Or it could be relative to the laravel application root folder. like this: \--userDb=utils/users.txt If this file is not found in this path, then it will try to search in storage/app folder. There are three options then: 1-full path 2-relative path to laravel root folder 3-relative path to (laravel\_root\_folder)/storage/app. The files should have the structure of one string by line. Example: In `users.txt`, we could have. root john juan ... In `passwords.txt`, we could have. admin password 1234 ... This command saves the index of current user and password from users and password list used. If the command is interrupted or we stop it for any reason we could resume from where we left of automatically. `Brute Force With Password Generation` -------------------------------------- [](#brute-force-with-password-generation) ``` php artisan telnet:attack-gp --host=172.0.0.1 --user=root -m CharMap.txt --min=1 --max=5 ``` The host option will define the machine target. \--user option is the user that will be use with all the password generated. -m|char\_map\_path is the path to the file where we will obtain the chars to generate the passwords This is the same as before, char\_map\_path could contain: 1-full path 2-relative path to laravel root folder 3-relative path to (laravel\_root\_folder)/storage/app. The structure for the charMap is an array: charMap.txt ``` ["a","b","c","d","e","f","g","h","i","j","k","l","m", "n","o","p","q","r","s","t","u","v","w","x","y","z"] ``` The commmand will use these chars to compose the password. \--min option is to set the start length of the password to compose. \--max option is to set the final lenght of the password to compose. From the above example we will get passwords from one length, when all chars are passed, then it will move to generate password of two lengths, using the charMap combining. Example: aa, ab, ac...etc, when this finishes then it will use a password of lenght 3, and so on until the max value For this example it is five. length 5. If we only want to use specific length, let's say a password of 4 chars to test all combinations. Then we can pass as options ``` php artisan telnet-attack-gp --min=4 --max=4 ``` The same value for both options. If we pass --max value only then we will have password length from 1 to this max value, So in the example above we could omit --min=value any combinations of these we could use. There is a --debug option that will output to laravel.log more info if needed, but it won't display it in console. This command is saving the progress of the generated password and the times used to generate it. So if the command is interrupted or we stop it for any reason we could resume from where we left of automatically. If we need to restart again then the --reset option is the one for this. This progress is saved in storage/app/telnet-brute-force-gp folder. These are the basics. For additional help run: ``` php artisan help telnet:attack-dict ``` or ``` php artisan help telnet:attack-gp ``` for futher options. ### Health Score 16 — LowBetter than 5% of packages Maintenance28 Infrequent updates — may be unmaintained Popularity9 Limited adoption so far Community7 Small or concentrated contributor base Maturity17 Early-stage or recently created project Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/821fe20eaaf8256429d57ae0a6afbf236a5e48578edfc74a2ff1e4cd779e23fd?d=identicon)[ycoya](/maintainers/ycoya) --- Top Contributors [![ycoya](https://avatars.githubusercontent.com/u/5576242?v=4)](https://github.com/ycoya "ycoya (10 commits)") --- Tags brute-forcelaravel-packagephptelnet ### Embed Badge ![Health badge](/badges/ycoya-laravel-telnet-brute-force/health.svg) ``` [![Health](https://phpackages.com/badges/ycoya-laravel-telnet-brute-force/health.svg)](https://phpackages.com/packages/ycoya-laravel-telnet-brute-force) ``` ### Alternatives [defuse/php-encryption Secure PHP Encryption Library 3.9k162.4M214](/packages/defuse-php-encryption)[roave/security-advisories Prevents installation of composer packages with known security vulnerabilities: no API, simply require it 2.9k97.3M6.4k](/packages/roave-security-advisories)[mews/purifier Laravel 5/6/7/8/9/10 HtmlPurifier Package 2.0k16.7M113](/packages/mews-purifier)[robrichards/xmlseclibs A PHP library for XML Security 41278.1M118](/packages/robrichards-xmlseclibs)[bjeavons/zxcvbn-php Realistic password strength estimation PHP library based on Zxcvbn JS 86917.5M63](/packages/bjeavons-zxcvbn-php)[enlightn/security-checker A PHP dependency vulnerabilities scanner based on the Security Advisories Database. 33732.2M110](/packages/enlightn-security-checker) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)