lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 22 Feb 2012 11:52:50 +1100
From: lanjelot <lanjelot@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Patator - new multi-purpose brute-forcing tool

Hello FD,

Released two months ago, and downloaded a few thousand times since, I
wanted to share with you a new multi-purpose brute-forcing tool named
Patator (http://code.google.com/p/patator/).

I am posting here because I would like to get more feedback from
people using it, so feel free to fire me an email if you have any
queries, or rather use the issues tracker on patator project page.

To put it bluntly, I just got tired of using Medusa, Hydra, ncrack,
metasploit auxiliary modules, nmap NSE scripts and the like because:
 - they either do not work or are not reliable (got me false
negatives several times in the past)
 - they are slow (not multi-threaded or not testing multiple
passwords within the same TCP connection)
 - they lack very useful features that are easy to code in python
(eg. interactive runtime)

Basically you should give Patator a try once you get disappointed by
Medusa, Hydra or other brute-forcing tools and are about to code your
own small script because Patator will allow you to:
 - Not write the same code over and over, due to its a modular design
and flexible usage
 - Run multi-threaded
 - Benefit from useful features such as the interactive runtime
commands, automatic response logging, etc.

Currently Patator supports the following modules :
 - ftp_login     : Brute-force FTP
 - ssh_login     : Brute-force SSH
 - telnet_login  : Brute-force Telnet
 - smtp_login    : Brute-force SMTP
 - smtp_vrfy     : Enumerate valid users using the SMTP 'VRFY' command
 - smtp_rcpt     : Enumerate valid users using the SMTP 'RCPT TO' command
 - http_fuzz     : Brute-force HTTP/HTTPS
 - pop_passd     : Brute-force poppassd (not POP3)
 - ldap_login    : Brute-force LDAP
 - smb_login     : Brute-force SMB
 - mssql_login   : Brute-force MSSQL
 - oracle_login  : Brute-force Oracle
 - mysql_login   : Brute-force MySQL
 - pgsql_login   : Brute-force PostgreSQL
 - vnc_login     : Brute-force VNC

 - dns_forward   : Forward lookup subdomains
 - dns_reverse   : Reverse lookup subnets
 - snmp_login    : Brute-force SNMPv1/2 and SNMPv3

 - unzip_pass    : Brute-force the password of encrypted ZIP files
 - keystore_pass : Brute-force the password of Java keystore files

The name "Patator" comes from the famous weapon :
http://www.youtube.com/watch?v=xoBkBvnTTjo

Cheers!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ