[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Patator - new multi-purpose brute-forcing tool
- To: lanjelot <lanjelot@xxxxxxxxx>
- Subject: Re: [Full-disclosure] Patator - new multi-purpose brute-forcing tool
- From: Nate Theis <nttheis@xxxxxxxxx>
- Date: Wed, 22 Feb 2012 16:51:06 -0800
You might look into PyPy for a speed boost: http://pypy.org
On Feb 22, 2012 6:43 AM, "lanjelot" <lanjelot@xxxxxxxxx> wrote:
> Hello FD,
>
> Released two months ago, and downloaded a few thousand times since, I
> wanted to share with you a new multi-purpose brute-forcing tool named
> Patator (http://code.google.com/p/patator/).
>
> I am posting here because I would like to get more feedback from
> people using it, so feel free to fire me an email if you have any
> queries, or rather use the issues tracker on patator project page.
>
> To put it bluntly, I just got tired of using Medusa, Hydra, ncrack,
> metasploit auxiliary modules, nmap NSE scripts and the like because:
> - they either do not work or are not reliable (got me false
> negatives several times in the past)
> - they are slow (not multi-threaded or not testing multiple
> passwords within the same TCP connection)
> - they lack very useful features that are easy to code in python
> (eg. interactive runtime)
>
> Basically you should give Patator a try once you get disappointed by
> Medusa, Hydra or other brute-forcing tools and are about to code your
> own small script because Patator will allow you to:
> - Not write the same code over and over, due to its a modular design
> and flexible usage
> - Run multi-threaded
> - Benefit from useful features such as the interactive runtime
> commands, automatic response logging, etc.
>
> Currently Patator supports the following modules :
> - ftp_login : Brute-force FTP
> - ssh_login : Brute-force SSH
> - telnet_login : Brute-force Telnet
> - smtp_login : Brute-force SMTP
> - smtp_vrfy : Enumerate valid users using the SMTP 'VRFY' command
> - smtp_rcpt : Enumerate valid users using the SMTP 'RCPT TO' command
> - http_fuzz : Brute-force HTTP/HTTPS
> - pop_passd : Brute-force poppassd (not POP3)
> - ldap_login : Brute-force LDAP
> - smb_login : Brute-force SMB
> - mssql_login : Brute-force MSSQL
> - oracle_login : Brute-force Oracle
> - mysql_login : Brute-force MySQL
> - pgsql_login : Brute-force PostgreSQL
> - vnc_login : Brute-force VNC
>
> - dns_forward : Forward lookup subdomains
> - dns_reverse : Reverse lookup subnets
> - snmp_login : Brute-force SNMPv1/2 and SNMPv3
>
> - unzip_pass : Brute-force the password of encrypted ZIP files
> - keystore_pass : Brute-force the password of Java keystore files
>
> The name "Patator" comes from the famous weapon :
> http://www.youtube.com/watch?v=xoBkBvnTTjo
>
> Cheers!
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/