| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 22 Feb 2012 23:52:06 -0600
From: Grandma Eubanks <tborland1@...il.com>
To: Nate Theis <nttheis@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Patator - new multi-purpose brute-forcing tool
Multiprocessing is quiet a bit faster than utilizing threads (this should
be obvious as threads are GIL locked, while multi-processing can be spread
amongst cores with the kernel's scheduler).
On Wed, Feb 22, 2012 at 6:51 PM, Nate Theis <nttheis@...il.com> wrote:
> You might look into PyPy for a speed boost: http://pypy.org
> On Feb 22, 2012 6:43 AM, "lanjelot" <lanjelot@...il.com> wrote:
>
>> Hello FD,
>>
>> Released two months ago, and downloaded a few thousand times since, I
>> wanted to share with you a new multi-purpose brute-forcing tool named
>> Patator (http://code.google.com/p/patator/).
>>
>> I am posting here because I would like to get more feedback from
>> people using it, so feel free to fire me an email if you have any
>> queries, or rather use the issues tracker on patator project page.
>>
>> To put it bluntly, I just got tired of using Medusa, Hydra, ncrack,
>> metasploit auxiliary modules, nmap NSE scripts and the like because:
>> - they either do not work or are not reliable (got me false
>> negatives several times in the past)
>> - they are slow (not multi-threaded or not testing multiple
>> passwords within the same TCP connection)
>> - they lack very useful features that are easy to code in python
>> (eg. interactive runtime)
>>
>> Basically you should give Patator a try once you get disappointed by
>> Medusa, Hydra or other brute-forcing tools and are about to code your
>> own small script because Patator will allow you to:
>> - Not write the same code over and over, due to its a modular design
>> and flexible usage
>> - Run multi-threaded
>> - Benefit from useful features such as the interactive runtime
>> commands, automatic response logging, etc.
>>
>> Currently Patator supports the following modules :
>> - ftp_login : Brute-force FTP
>> - ssh_login : Brute-force SSH
>> - telnet_login : Brute-force Telnet
>> - smtp_login : Brute-force SMTP
>> - smtp_vrfy : Enumerate valid users using the SMTP 'VRFY' command
>> - smtp_rcpt : Enumerate valid users using the SMTP 'RCPT TO' command
>> - http_fuzz : Brute-force HTTP/HTTPS
>> - pop_passd : Brute-force poppassd (not POP3)
>> - ldap_login : Brute-force LDAP
>> - smb_login : Brute-force SMB
>> - mssql_login : Brute-force MSSQL
>> - oracle_login : Brute-force Oracle
>> - mysql_login : Brute-force MySQL
>> - pgsql_login : Brute-force PostgreSQL
>> - vnc_login : Brute-force VNC
>>
>> - dns_forward : Forward lookup subdomains
>> - dns_reverse : Reverse lookup subnets
>> - snmp_login : Brute-force SNMPv1/2 and SNMPv3
>>
>> - unzip_pass : Brute-force the password of encrypted ZIP files
>> - keystore_pass : Brute-force the password of Java keystore files
>>
>> The name "Patator" comes from the famous weapon :
>> http://www.youtube.com/watch?v=xoBkBvnTTjo
>>
>> Cheers!
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists