border: 1px solid #d2d2d2; padding: 0px 8px 0px 8px; color: #a19999; font-size: 12px; height: 25px; width: 165px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; margin:0px; } .submitbutton{ background:#F66303; border: 1px solid #F66303; text-shadow: 1px 1px 1px #333; box-shadow: 3px 3px 3px #666; font:bold 12px Arial, sans-serif; color: #fff; height: 25px; padding: 0 12px 0 12px; margin: 0 0 0 5px; border-radius: 5px; -moz-border-radius: 5px; -webkit-border-radius: 5px; cursor:pointer;}

Receive all updates via Facebook. Just Click the Like Button Below

You can also receive Free Email Updates:

Powered By Blogger Widgets

Related Posts Plugin for WordPress, Blogger...

Thursday, June 7, 2012

Patator - Multi-Purpose Tool to Brute Force

Patator is a tool (python script) multi-purpose brute force, this tool is born of the boredom of using other tools for creative brute force known as Medusa , Hydra , ncrack , auxiliary modules Metasploit , scripting Nmap NSE and the like because:
Or do not work or are unreliable (false negative on several occasions).
They are slow (not multi-threaded or multiple passwords tested in the same TCP connection).
Lack of useful features offered by Python (eg interactive runtime).

Therefore Patator is a good option if you are disappointed in Medusa, Hydra, ncrack, etc ... FB and other tools, as it offers:
Do not write the same code over and over again.
Run multiple threads.
Benefit from useful features such as run-time commands interactively, the response record, etc 

Currently supports the following modules:

 * Ftp_login: FTP Brute-force
 * Ssh_login queue: Brute-force SSH
 * Telnet_login: Telnet Brute-force
 * Smtp_login: Brute-force SMTP
 * Smtp_vrfy: Enumerate valid users using the SMTP VRFY command
 * Smtp_rcpt: Enumerate valid users using the SMTP RCPT TO command
 * Http_fuzz: Brute-force HTTP / HTTPS
 * Pop_passd: Brute-force poppassd (not POP3)
 * Ldap_login: Brute-force LDAP
 * Smb_login: SMB Brute-force
 * Mssql_login: Brute-force MSSQL
 * Oracle_login: Brute-force Oracle
 * Mysql_login: Brute-force MySQL
 * Pgsql_login: Brute-force PostgreSQL
 * Vnc_login: Brute-force VNC
 * Dns_forward: Forward lookup subdomains
 * Dns_reverse: Reverse lookup subnets
 * Snmp_login: Brute-force SNMPv1 / 2 and SNMPv3
 * Unzip_pass: Brute-force the password of encrypted ZIP files
 * Keystore_pass: Brute-force the password of Java keystore files

Note that it is tool is not recommended for people who are bored with Medusa, Hydra ... for not knowing how to use them, is just if not given the expected result. The author leaves a note saying that this tool is NOT script-kiddie-friendly , since its operation requires many more variables than other tools for that too is more effective.

In the author's website make it clear how to use it, I will not include here how to use it as I am informed of the tool and I'm not doing your manual.

1 comment:

  1. Just curious wich version of Python do you use to run it ?



Twitter Delicious Facebook Digg Stumbleupon Favorites More