Patator v0.3 Brute-Forcer Released
Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage. Patator is licensed GPLv2.
Currently it supports the following modules:
ftp_login : Brute-force FTP
ssh_login : Brute-force SSH
telnet_login : Brute-force Telnet
smtp_login : Brute-force SMTP
smtp_vrfy : Enumerate valid users using the SMTP VRFY command
smtp_rcpt : Enumerate valid users using the SMTP RCPT TO command
http_fuzz : Brute-force HTTP/HTTPS
pop_passd : Brute-force poppassd (not POP3)
ldap_login : Brute-force LDAP
smb_login : Brute-force SMB
mssql_login : Brute-force MSSQL
oracle_login : Brute-force Oracle
mysql_login : Brute-force MySQL
pgsql_login : Brute-force PostgreSQL
vnc_login : Brute-force VNC
dns_forward : Forward lookup subdomains
dns_reverse : Reverse lookup subnets
snmp_login : Brute-force SNMPv1/2 and SNMPv3
unzip_pass : Brute-force the password of encrypted ZIP files
keystore_pass: Brute-force the password of Java keystore files
Features
No false negatives, as it is the user that decides what results to ignore based on:
- – status code of response
- – size of response
- – matching string or regex in response data
- – … see –help
Modular design
- – not limited to network modules (eg. the unzip_pass module)
- – not limited to brute-forcing (eg. remote exploit testing, or vulnerable version probing)
Interactive runtime
- – show verbose progress
- – pause/unpause execution
- – increase/decrease verbosity
- – add new actions & conditions during runtime in order to exclude more types of response from showing
- – … press h to see all available interactive commands
Use persistent connections (ie. will test several passwords until the server disconnects)
Multi-threaded
Flexible user input
- – Any part of a payload is fuzzable:
- – use FILE[0-9] keywords to iterate on a file
- – use COMBO[0-9] keywords to iterate on the combo entries of a file
- – use NET[0-9] keywords to iterate on every host of a network subnet
Iteration over the joined wordlists may be done in any order
Save every response (along with request) to seperate log files for later reviewing
Changelog v0.3
- minor bugs fixed in http_fuzz
- option -e better implemented
- better warnings about missing dependencies
Download Patator v0.3