Locked Patator Brute Forcer 0.5 - multi-purpose brute-forcer

[sQuo]

This is the hidden content, please

• Sign In
• or
• Sign Up

 

Website

This is the hidden content, please

• Sign In
• or
• Sign Up

 

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

Currently it supports the following modules:

- ftp_login : Brute-force FTP

- ssh_login : Brute-force SSH

- telnet_login : Brute-force Telnet

- smtp_login : Brute-force SMTP

- smtp_vrfy : Enumerate valid users using the SMTP 'VRFY' command

- smtp_rcpt : Enumerate valid users using the SMTP 'RCPT TO' command

- finger_lookup : Enumerate valid users using Finger

- http_fuzz : Brute-force HTTP

- pop_login : Brute-force POP3

- pop_passd : Brute-force poppassd (

This is the hidden content, please

• Sign In
• or
• Sign Up

)

- imap_login : Brute-force IMAP4

- ldap_login : Brute-force LDAP

- smb_login : Brute-force SMB

- smb_lookupsid : Brute-force SMB SID-lookup

- vmauthd_login : Brute-force VMware Authentication Daemon

- mssql_login : Brute-force MSSQL

- oracle_login : Brute-force Oracle

- mysql_login : Brute-force MySQL

- mysql_queries : Brute-force MySQL queries

- pgsql_login : Brute-force PostgreSQL

- vnc_login : Brute-force VNC

- dns_forward : Brute-force DNS

- dns_reverse : Brute-force DNS (reverse lookup subnets)

- snmp_login : Brute-force SNMPv1/2 and SNMPv3

 

- unzip_pass : Brute-force the password of encrypted ZIP files

- keystore_pass : Brute-force the password of Java keystore files

 

Future modules to be implemented:

- rdp_login

 

The name "Patator" comes from

This is the hidden content, please

• Sign In
• or
• Sign Up

"Whatever the payload to fire, always use the same cannon"

 

* Why ?

 

Basically, I got tired of using Medusa, Hydra, Ncrack, Metasploit auxiliary modules, Nmap NSE scripts and the like because:

- they either do not work or are not reliable (got me false negatives several times in the past)

- they are not flexible enough (how to iterate over all wordlists, fuzz any module parameter)

- they lack useful features (display progress or pause during execution)

 

FEATURES

--------

* No false negatives, as it is the user that decides what results to ignore based on:

+ status code of response

+ size of response

+ matching string or regex in response data

+ ... see --help

 

* Modular design

+ not limited to network modules (eg. the unzip_pass module)

+ not limited to brute-forcing (eg. remote exploit testing, or vulnerable version probing)

 

* Interactive runtime

+ show progress during execution (press Enter)

+ pause/unpause execution (press p)

+ increase/decrease verbosity

+ add new actions & conditions during runtime (eg. to exclude more types of response from showing)

+ ... press h to see all available interactive commands

 

* Use persistent connections (ie. will test several passwords until the server disconnects)

 

* Multi-threaded

 

* Flexible user input

- Any module parameter can be fuzzed:

+ use the FILE keyword to iterate over a file

+ use the COMBO keyword to iterate over a combo file

+ use the NET keyword to iterate over every hosts of a network subnet

+ use the RANGE keyword to iterate over hexadecimal, decimal or alphabetical ranges

+ use the PROG keyword to iterage over the output of an external program

 

- Iteration over the joined wordlists can be done in any order

 

* Save every response (along with request) to seperate log files for later reviewing

[sQuo]

Re: Patator Brute Forcer 0.5 - multi-purpose brute-forcer

 

patator-Tor

 

A TOR addon for Patator by lanjelot

This is the hidden content, please

• Sign In
• or
• Sign Up

is a multi-purpose brute-forcer, with a modular design and a flexible usage.

 

 

This is the hidden content, please

• Sign In
• or
• Sign Up