The “OpenBullet” Tool Is Getting Popular Among Account Takeover Actors

Written by Bill Toulas
Last updated July 21, 2020

Account takeover is a huge-scale problem today, and gathering billions of credentials from thousands of platforms would be impossible if it wasn’t for the existence of automated tools. Actors need to use things like “account checkers” to figure out which credential pairs are valid and brute-forcing tools to perform a large number of input trials without doing it manually. Also, credential stuffing automators to help them knock at the door of hundreds of platforms and check if a target has an account there.

These tools launch automated scripts to run covertly on the websites’ API level, or just launch DoS-type attacks to tap into the target information without considering detection risks.

Related: More Than 15 Billion Stolen Credentials Are Circulating Out There

A team of dark web investigators from Digital Shadows has carried out a research to grab a snapshot of the current situation in the account takeover field, and they have found out that the tool named “OpenBullet” is currently the most popular. Other tools that are widely used in the field include “Sentrymba,” “Private Keeper,” “Vertex,” “Account Hitman,” “Snipr,” and “Blackbullet.”

According to the report, OpenBullet started rising in popularity quickly since April 2019, when malicious actors realized the otherwise legitimate tool’s value.


Source: Digital Shadows

OpenBullet was released as a website testing suite tool, but it can be utilized for data scraping, parsing, penetration testing, and Selenium unit testing. In addition to this, OpenBullet is quite versatile, allowing the user to set up different configurations, it’s frugal in terms of how many system resources it needs, and it’s open-source. Hence, it’s freely available on GitHub.

There’s even an amazing level of support and accompanying information through e-books and how-to guides for the tool. All that said, OpenBullet has become something like a “standard” for any actor, as it can help actors determine weak points on the target website and adjust their attacking plan accordingly.


Source: Digital Shadows

Given the opportunity, the Digital Shadows team also took a snapshot of the cost of these tools. OpenBullet is free, while brute-force crackers are sold for as low as $1. Depending on the industry that’s targeted, the tool’s complexity rises, and the cost for a good cracking tool follows an upward trend.

For social media accounts, the average price is set to $3.27, for cryptocurrency, it is $5.64, and for bank accounts, it goes up to $74.30. In general, 65.7% of brute-force tools bought out there are multipacks, while a respectable 12.9% is targeting banking accounts specifically.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: