Updates Potator v-0.7-Beta :  is a multi-purpose brute-forcer, with a modular design and a flexible usage.

Updates Potator v-0.7-Beta : is a multi-purpose brute-forcer, with a modular design and a flexible usage.

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage. Patator was written out of frustration from using Hydra, Medusa, Ncrack, Metasploit modules and Nmap NSE scripts for password guessing attacks. I opted for a different approach in order to not create yet another brute-forcing tool and avoid repeating the same shortcomings. Patator is a multi-threaded tool written in Python, that strives to be more reliable and flexible than his fellow predecessors.
change v-0.7 Beta :

  • – Potator.py; forgot to comment out debug line
  • – Update JTR Examples

FEATURES
—————–
* No false negatives, as it is the user that decides what results to ignore based on:
+ status code of response
+ size of response
+ matching string or regex in response data
+ … see –help
* Modular design
+ not limited to network modules (eg. the unzip_pass module)
+ not limited to brute-forcing (eg. remote exploit testing, or vulnerable version probing)
* Interactive runtime
+ show progress during execution (press Enter)
+ pause/unpause execution (press p)
+ increase/decrease verbosity
+ add new actions & conditions during runtime (eg. to exclude more types of response from showing)
+ … press h to see all available interactive commands

* Use persistent connections (ie. will test several passwords until the server disconnects)
* Multi-threaded
* Flexible user input
– Any module parameter can be fuzzed:
+ use the FILE keyword to iterate over a file
+ use the COMBO keyword to iterate over a combo file
+ use the NET keyword to iterate over every hosts of a network subnet
+ use the RANGE keyword to iterate over hexadecimal, decimal or alphabetical ranges
+ use the PROG keyword to iterate over the output of an external program

– Iteration over the joined wordlists can be done in any order

* Save every response (along with request) to seperate log files for later reviewing

Currently it supports the following modules:

  • ftp_login : Brute-force FTP
  • ssh_login : Brute-force SSH
  • telnet_login : Brute-force Telnet
  • smtp_login : Brute-force SMTP
  • smtp_vrfy : Enumerate valid users using the SMTP VRFY command
  • smtp_rcpt : Enumerate valid users using the SMTP RCPT TO command
  • finger_lookup : Enumerate valid users using Finger
  • http_fuzz : Brute-force HTTP/HTTPS
  • pop_login : Brute-force POP
  • pop_passd : Brute-force poppassd (not POP3)
  • imap_login : Brute-force IMAP
  • ldap_login : Brute-force LDAP
  • smb_login : Brute-force SMB
  • smb_lookupsid : Brute-force SMB SID-lookup
  • rlogin_login : Brute-force rlogin
  • vmauthd_login : Brute-force VMware Authentication Daemon
  • mssql_login : Brute-force MSSQL
  • oracle_login : Brute-force Oracle
  • mysql_login : Brute-force MySQL
  • mysql_query : Brute-force MySQL queries
  • pgsql_login : Brute-force PostgreSQL
  • vnc_login : Brute-force VNC
  • dns_forward : Brute-force DNS
  • dns_reverse : Brute-force DNS (reverse lookup subnets)
  • snmp_login : Brute-force SNMPv1/2 and SNMPv3
  • unzip_pass : Brute-force the password of encrypted ZIP files
  • keystore_pass : Brute-force the password of Java keystore files
  • umbraco_crack : Crack Umbraco HMAC-SHA1 password hashes

Video The name “Patator” comes from http://www.youtube.com/watch?v=xoBkBvnTTjo

Install :install potator Brute force

 

* Shortcuts (optionnal)

ln -s path/to/patator.py /usr/bin/ftp_login
ln -s path/to/patator.py /usr/bin/http_fuzz
so on …

USAGE
———

$ python patator.py <module> -h
or
$ <module> -h (if you created the shortcuts)

There are global options and module options:
– all global options start with – or —
– all module options are of the form option=value

  • ZIP : Crack a password-protected ZIP file (older pkzip encryption used not to be supported in JtR)

Download : potator-master.zip (39.6 KB) |
or git Clone
Source : https://code.google.com/p/patator/ Our Post Before