[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Patator - new multi-purpose brute-forcing tool
- To: Grandma Eubanks <tborland1@xxxxxxxxx>
- Subject: Re: [Full-disclosure] Patator - new multi-purpose brute-forcing tool
- From: Andres Riancho <andres.riancho@xxxxxxxxx>
- Date: Thu, 23 Feb 2012 09:36:49 -0300
Grandma,
On Thu, Feb 23, 2012 at 2:52 AM, Grandma Eubanks <tborland1@xxxxxxxxx> wrote:
> Multiprocessing is quiet a bit faster than utilizing threads (this should be
> obvious as threads are GIL locked, while multi-processing can be spread
> amongst cores with the kernel's scheduler).
That's not always true. If the process is network bound (which seems
to be the case with a bruteforce tool), then having multiprocessing
will not necessarily increase speed. If the software was well written,
it can be very fast and use python threads.
> On Wed, Feb 22, 2012 at 6:51 PM, Nate Theis <nttheis@xxxxxxxxx> wrote:
>>
>> You might look into PyPy for a speed boost: http://pypy.org
>>
>> On Feb 22, 2012 6:43 AM, "lanjelot" <lanjelot@xxxxxxxxx> wrote:
>>>
>>> Hello FD,
>>>
>>> Released two months ago, and downloaded a few thousand times since, I
>>> wanted to share with you a new multi-purpose brute-forcing tool named
>>> Patator (http://code.google.com/p/patator/).
>>>
>>> I am posting here because I would like to get more feedback from
>>> people using it, so feel free to fire me an email if you have any
>>> queries, or rather use the issues tracker on patator project page.
>>>
>>> To put it bluntly, I just got tired of using Medusa, Hydra, ncrack,
>>> metasploit auxiliary modules, nmap NSE scripts and the like because:
>>> - they either do not work or are not reliable (got me false
>>> negatives several times in the past)
>>> - they are slow (not multi-threaded or not testing multiple
>>> passwords within the same TCP connection)
>>> - they lack very useful features that are easy to code in python
>>> (eg. interactive runtime)
>>>
>>> Basically you should give Patator a try once you get disappointed by
>>> Medusa, Hydra or other brute-forcing tools and are about to code your
>>> own small script because Patator will allow you to:
>>> - Not write the same code over and over, due to its a modular design
>>> and flexible usage
>>> - Run multi-threaded
>>> - Benefit from useful features such as the interactive runtime
>>> commands, automatic response logging, etc.
>>>
>>> Currently Patator supports the following modules :
>>> - ftp_login : Brute-force FTP
>>> - ssh_login : Brute-force SSH
>>> - telnet_login : Brute-force Telnet
>>> - smtp_login : Brute-force SMTP
>>> - smtp_vrfy : Enumerate valid users using the SMTP 'VRFY' command
>>> - smtp_rcpt : Enumerate valid users using the SMTP 'RCPT TO' command
>>> - http_fuzz : Brute-force HTTP/HTTPS
>>> - pop_passd : Brute-force poppassd (not POP3)
>>> - ldap_login : Brute-force LDAP
>>> - smb_login : Brute-force SMB
>>> - mssql_login : Brute-force MSSQL
>>> - oracle_login : Brute-force Oracle
>>> - mysql_login : Brute-force MySQL
>>> - pgsql_login : Brute-force PostgreSQL
>>> - vnc_login : Brute-force VNC
>>>
>>> - dns_forward : Forward lookup subdomains
>>> - dns_reverse : Reverse lookup subnets
>>> - snmp_login : Brute-force SNMPv1/2 and SNMPv3
>>>
>>> - unzip_pass : Brute-force the password of encrypted ZIP files
>>> - keystore_pass : Brute-force the password of Java keystore files
>>>
>>> The name "Patator" comes from the famous weapon :
>>> http://www.youtube.com/watch?v=xoBkBvnTTjo
>>>
>>> Cheers!
>>>
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
--
Andrés Riancho
Director of Web Security at Rapid7 LLC
Founder at Bonsai Information Security
Project Leader at w3af
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/