patator Package Description
Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage. Currently it supports the following modules:
- ftp_login : Brute-force FTP
- ssh_login : Brute-force SSH
- telnet_login : Brute-force Telnet
- smtp_login : Brute-force SMTP
- smtp_vrfy : Enumerate valid users using the SMTP ‘VRFY’ command
- smtp_rcpt : Enumerate valid users using the SMTP ‘RCPT TO’ command
- finger_lookup : Enumerate valid users using Finger
- http_fuzz : Brute-force HTTP
- pop_login : Brute-force POP3
- pop_passd : Brute-force poppassd (http://netwinsite.com/poppassd/)
- imap_login : Brute-force IMAP4 – ldap_login : Brute-force LDAP
- smb_login : Brute-force SMB
- smb_lookupsid : Brute-force SMB SID-lookup
- vmauthd_login : Brute-force VMware Authentication Daemon
- mssql_login : Brute-force MSSQL
- oracle_login : Brute-force Oracle
- mysql_login : Brute-force MySQL
- pgsql_login : Brute-force PostgreSQL
- vnc_login : Brute-force VNC
- dns_forward : Brute-force DNS
- dns_reverse : Brute-force DNS (reverse lookup subnets)
- snmp_login : Brute-force SNMPv1/2 and SNMPv3
- unzip_pass : Brute-force the password of encrypted ZIP files
- keystore_pass : Brute-force the password of Java keystore files
Source: http://code.google.com/p/patator/
patator Homepage | Kali patator Repo
- Author: Sebastien MACKE
- License: GPLv2
Tools included in the patator package”
patator – Multi-purpose brute-forcer
[email protected]:~# patator
Patator v0.5 (http://code.google.com/p/patator/)
Usage: patator.py module --help
Available modules:
+ ftp_login : Brute-force FTP
+ ssh_login : Brute-force SSH
+ telnet_login : Brute-force Telnet
+ smtp_login : Brute-force SMTP
+ smtp_vrfy : Enumerate valid users using SMTP VRFY
+ smtp_rcpt : Enumerate valid users using SMTP RCPT TO
+ finger_lookup : Enumerate valid users using Finger
+ http_fuzz : Brute-force HTTP
+ pop_login : Brute-force POP3
+ pop_passd : Brute-force poppassd (http://netwinsite.com/poppassd/)
+ imap_login : Brute-force IMAP4
+ ldap_login : Brute-force LDAP
+ smb_login : Brute-force SMB
+ smb_lookupsid : Brute-force SMB SID-lookup
+ vmauthd_login : Brute-force VMware Authentication Daemon
+ mssql_login : Brute-force MSSQL
+ oracle_login : Brute-force Oracle
+ mysql_login : Brute-force MySQL
+ mysql_query : Brute-force MySQL queries
+ pgsql_login : Brute-force PostgreSQL
+ vnc_login : Brute-force VNC
+ dns_forward : Forward lookup names
+ dns_reverse : Reverse lookup subnets
+ snmp_login : Brute-force SNMP v1/2/3
+ unzip_pass : Brute-force the password of encrypted ZIP files
+ keystore_pass : Brute-force the password of Java keystore files
+ tcp_fuzz : Fuzz TCP services
+ dummy_test : Testing module
patator Usage Example
Do a MySQL brute force attack (mysql_login) with the root user (user=root) and passwords contained in a file (password=FILE0 0=/root/passes.txt) against the given host (host=127.0.0.1), ignoring the specified string (-x ignore:fgrep=’Access denied for user’):
[email protected]:~# patator mysql_login user=root password=FILE0 0=/root/passes.txt host=127.0.0.1 -x ignore:fgrep='Access denied for user'
12:30:36 patator INFO - Starting Patator v0.5 (http://code.google.com/p/patator/) at 2014-05-19 12:30 EDT
12:30:36 patator INFO -
12:30:36 patator INFO - code size | candidate | num | mesg
12:30:36 patator INFO - ----------------------------------------------------------------------
12:30:37 patator INFO - 0 16 | toor | 4493 | 5.5.37-0+wheezy1
12:30:37 patator INFO - Hits/Done/Skip/Fail/Size: 1/4493/0/0/4493, Avg: 3582 r/s, Time: 0h 0m 1s