sQuo Posted July 23, 2013 Share Posted July 23, 2013 This is the hidden content, please Sign In or Sign Up Website This is the hidden content, please Sign In or Sign Up Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage. Currently it supports the following modules: - ftp_login : Brute-force FTP - ssh_login : Brute-force SSH - telnet_login : Brute-force Telnet - smtp_login : Brute-force SMTP - smtp_vrfy : Enumerate valid users using the SMTP 'VRFY' command - smtp_rcpt : Enumerate valid users using the SMTP 'RCPT TO' command - finger_lookup : Enumerate valid users using Finger - http_fuzz : Brute-force HTTP - pop_login : Brute-force POP3 - pop_passd : Brute-force poppassd ( This is the hidden content, please Sign In or Sign Up ) - imap_login : Brute-force IMAP4 - ldap_login : Brute-force LDAP - smb_login : Brute-force SMB - smb_lookupsid : Brute-force SMB SID-lookup - vmauthd_login : Brute-force VMware Authentication Daemon - mssql_login : Brute-force MSSQL - oracle_login : Brute-force Oracle - mysql_login : Brute-force MySQL - mysql_queries : Brute-force MySQL queries - pgsql_login : Brute-force PostgreSQL - vnc_login : Brute-force VNC - dns_forward : Brute-force DNS - dns_reverse : Brute-force DNS (reverse lookup subnets) - snmp_login : Brute-force SNMPv1/2 and SNMPv3 - unzip_pass : Brute-force the password of encrypted ZIP files - keystore_pass : Brute-force the password of Java keystore files Future modules to be implemented: - rdp_login The name "Patator" comes from This is the hidden content, please Sign In or Sign Up "Whatever the payload to fire, always use the same cannon" * Why ? Basically, I got tired of using Medusa, Hydra, Ncrack, Metasploit auxiliary modules, Nmap NSE scripts and the like because: - they either do not work or are not reliable (got me false negatives several times in the past) - they are not flexible enough (how to iterate over all wordlists, fuzz any module parameter) - they lack useful features (display progress or pause during execution) FEATURES -------- * No false negatives, as it is the user that decides what results to ignore based on: + status code of response + size of response + matching string or regex in response data + ... see --help * Modular design + not limited to network modules (eg. the unzip_pass module) + not limited to brute-forcing (eg. remote exploit testing, or vulnerable version probing) * Interactive runtime + show progress during execution (press Enter) + pause/unpause execution (press p) + increase/decrease verbosity + add new actions & conditions during runtime (eg. to exclude more types of response from showing) + ... press h to see all available interactive commands * Use persistent connections (ie. will test several passwords until the server disconnects) * Multi-threaded * Flexible user input - Any module parameter can be fuzzed: + use the FILE keyword to iterate over a file + use the COMBO keyword to iterate over a combo file + use the NET keyword to iterate over every hosts of a network subnet + use the RANGE keyword to iterate over hexadecimal, decimal or alphabetical ranges + use the PROG keyword to iterage over the output of an external program - Iteration over the joined wordlists can be done in any order * Save every response (along with request) to seperate log files for later reviewing Link to comment Share on other sites More sharing options...
sQuo Posted October 31, 2013 Author Share Posted October 31, 2013 Re: Patator Brute Forcer 0.5 - multi-purpose brute-forcer patator-Tor A TOR addon for Patator by lanjelot This is the hidden content, please Sign In or Sign Up is a multi-purpose brute-forcer, with a modular design and a flexible usage. This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Recommended Posts