Patator v0.3 Brute-Forcer Released

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage. Patator is licensed GPLv2.

Currently it supports the following modules:

ftp_login    : Brute-force FTP
ssh_login    : Brute-force SSH
telnet_login : Brute-force Telnet
smtp_login   : Brute-force SMTP
smtp_vrfy    : Enumerate valid users using the SMTP VRFY command
smtp_rcpt    : Enumerate valid users using the SMTP RCPT TO command
http_fuzz    : Brute-force HTTP/HTTPS
pop_passd    : Brute-force poppassd (not POP3)
ldap_login   : Brute-force LDAP
smb_login    : Brute-force SMB
mssql_login  : Brute-force MSSQL
oracle_login : Brute-force Oracle
mysql_login  : Brute-force MySQL
pgsql_login  : Brute-force PostgreSQL
vnc_login    : Brute-force VNC
dns_forward  : Forward lookup subdomains
dns_reverse  : Reverse lookup subnets
snmp_login   : Brute-force SNMPv1/2 and SNMPv3
unzip_pass   : Brute-force the password of encrypted ZIP files
keystore_pass: Brute-force the password of Java keystore files

Features

No false negatives, as it is the user that decides what results to ignore based on:

  • –  status code of response
  • –  size of response
  • –  matching string or regex in response data
  • –  … see –help

Modular design

  • –  not limited to network modules (eg. the unzip_pass module)
  • –  not limited to brute-forcing (eg. remote exploit testing, or vulnerable version probing)

Interactive runtime

  • –  show verbose progress
  • –  pause/unpause execution
  • –  increase/decrease verbosity
  • –  add new actions & conditions during runtime in order to exclude more types of response from showing
  • –  … press h to see all available interactive commands

Use persistent connections (ie. will test several passwords until the server disconnects)

Multi-threaded

Flexible user input

  • – Any part of a payload is fuzzable:
  • –  use FILE[0-9] keywords to iterate on a file
  • –  use COMBO[0-9] keywords to iterate on the combo entries of a file
  • –  use NET[0-9] keywords to iterate on every host of a network subnet

Iteration over the joined wordlists may be done in any order

Save every response (along with request) to seperate log files for later reviewing

Changelog v0.3

  • minor bugs fixed in http_fuzz
  • option -e better implemented
  • better warnings about missing dependencies

Download Patator v0.3

MaxiSoler

www.artssec.com @maxisoler
Strengthening Security: ToolsWatch Welcomes Dr. Magda Lilia Chelly and Vivek Ramachandran to Black Hat Arsenal’s Board of Review

Strengthening Security: ToolsWatch Welcomes Dr. Magda Lilia Chelly and Vivek Ramachandran to Black Hat Arsenal’s Board of Review

GISEC Armory Edition 1 Dubai 2024 – Call For Tools is Open

GISEC Armory Edition 1 Dubai 2024 – Call For Tools is Open

Black Hat Arsenal 2024 Next Stop Singapore !

Black Hat Arsenal 2024 Next Stop Singapore !

ToolsWatch introducing Armory at Gisec 2024 in Dubai: A New Arena for Cybersecurity Open Source Tools Announced

ToolsWatch introducing Armory at Gisec 2024 in Dubai: A New Arena for Cybersecurity Open Source Tools Announced

Unveiling the Awesome Lineup for Black Hat MEA Arsenal 2023 in Riyadh, KSA

Unveiling the Awesome Lineup for Black Hat MEA Arsenal 2023 in Riyadh, KSA

Announcing the First Black Hat / ToolsWatch SecTor Toronto 2023 Arsenal Tools and Their Impact on the Community

Announcing the First Black Hat / ToolsWatch SecTor Toronto 2023 Arsenal Tools and Their Impact on the Community