Stealth Mode - mrhenrike/MikrotikAPI-BF GitHub Wiki
Stealth Mode
Language: English · Português (pt-BR)
Stealth mode minimizes detection by IDS, WAF, firewall logs, and Mikrotik's own event log.
Enable Stealth Mode
python mikrotikapi-bf.py -t 192.168.88.1 -d combos.txt --stealth
What Stealth Mode Does
1. Fibonacci Delays
Instead of uniform delays (which are detectable as automated traffic), stealth mode uses a Fibonacci sequence for inter-request timing:
1s, 1s, 2s, 3s, 5s, 8s, 13s, 21s... (then resets)
This produces non-uniform, pseudo-organic timing that avoids fixed-interval detection rules in IDS/SIEM.
2. User-Agent Rotation
Each connection uses a different User-Agent string from a pool of 50+ realistic UA strings, rotated pseudo-randomly:
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 ...
Python-requests/2.31.0
Winbox/3.38 (Windows)
curl/8.4.0
Go-http-client/1.1
...
UA strings are selected without repeating until all have been used once (Fisher-Yates shuffle).
3. Connection Throttling
- Default thread limit: 1 in stealth mode (sequential, not concurrent)
- Custom:
--threads 2if you want slightly faster but still covert operation - Concurrent connections are a strong IDS signal; stealth mode eliminates them
Custom Delay Configuration
# Set custom Fibonacci range (min 2s, max 12s)
python mikrotikapi-bf.py -t 192.168.88.1 -d combos.txt --stealth \
--delay-min 2 \
--delay-max 12
# Fixed delay (overrides Fibonacci)
python mikrotikapi-bf.py -t 192.168.88.1 -d combos.txt --delay 3.0
UA Rotation Only (without Fibonacci)
python mikrotikapi-bf.py -t 192.168.88.1 -d combos.txt --ua-rotation
Stealth Mode vs Normal Mode
| Characteristic | Normal | Stealth |
|---|---|---|
| Delay | Fixed (configurable) | Fibonacci sequence |
| User-Agent | Single (Python) | Rotated (50+ pool) |
| Threads | Configurable | 1 (default) |
| Speed | Fast | Slow (by design) |
| Detection risk | High | Low |
What Stealth Mode Does NOT Do
- Does not route through proxy (use
--proxyseparately) - Does not spoof source IP
- Does not guarantee complete anonymity
- Does not bypass Mikrotik's built-in login attempt limits
For maximum anonymity, combine stealth + Tor:
python mikrotikapi-bf.py -t 192.168.88.1 -d combos.txt \
--stealth \
--proxy socks5://127.0.0.1:9050
See also: Features · Usage Examples