#!/usr/bin/env python # Copyright (C) 2012 Sebastien MACKE # # This program is free software; you can redistribute it and/or modify it under # the terms of the GNU General Public License version 2, as published by the # Free Software Foundation # # This program is distributed in the hope that it will be useful, but WITHOUT # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS # FOR A PARTICULAR PURPOSE. See the GNU General Public License for more # details (http://www.gnu.org/licenses/gpl.txt). __author__ = 'Sebastien Macke' __email__ = 'patator@hsc.fr' __url__ = 'http://www.hsc.fr/ressources/outils/patator/' __git__ = 'http://code.google.com/p/patator/' __twitter__ = 'http://twitter.com/lanjelot' __version__ = '0.5' __license__ = 'GPLv2' __banner__ = 'Patator v%s (%s)' % (__version__, __git__) # README {{{ ''' INTRODUCTION ------------ * What ? Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage. Currently it supports the following modules: - ftp_login : Brute-force FTP - ssh_login : Brute-force SSH - telnet_login : Brute-force Telnet - smtp_login : Brute-force SMTP - smtp_vrfy : Enumerate valid users using the SMTP 'VRFY' command - smtp_rcpt : Enumerate valid users using the SMTP 'RCPT TO' command - finger_lookup : Enumerate valid users using Finger - http_fuzz : Brute-force HTTP - pop_login : Brute-force POP3 - pop_passd : Brute-force poppassd (http://netwinsite.com/poppassd/) - imap_login : Brute-force IMAP4 - ldap_login : Brute-force LDAP - smb_login : Brute-force SMB - smb_lookupsid : Brute-force SMB SID-lookup - vmauthd_login : Brute-force VMware Authentication Daemon - mssql_login : Brute-force MSSQL - oracle_login : Brute-force Oracle - mysql_login : Brute-force MySQL - mysql_queries : Brute-force MySQL queries - pgsql_login : Brute-force PostgreSQL - vnc_login : Brute-force VNC - dns_forward : Brute-force DNS - dns_reverse : Brute-force DNS (reverse lookup subnets) - snmp_login : Brute-force SNMPv1/2 and SNMPv3 - unzip_pass : Brute-force the password of encrypted ZIP files - keystore_pass : Brute-force the password of Java keystore files Future modules to be implemented: - rdp_login The name "Patator" comes from http://www.youtube.com/watch?v=xoBkBvnTTjo "Whatever the payload to fire, always use the same cannon" * Why ? Basically, I got tired of using Medusa, Hydra, Ncrack, Metasploit auxiliary modules, Nmap NSE scripts and the like because: - they either do not work or are not reliable (got me false negatives several times in the past) - they are not flexible enough (how to iterate over all wordlists, fuzz any module parameter) - they lack useful features (display progress or pause during execution) FEATURES -------- * No false negatives, as it is the user that decides what results to ignore based on: + status code of response + size of response + matching string or regex in response data + ... see --help * Modular design + not limited to network modules (eg. the unzip_pass module) + not limited to brute-forcing (eg. remote exploit testing, or vulnerable version probing) * Interactive runtime + show progress during execution (press Enter) + pause/unpause execution (press p) + increase/decrease verbosity + add new actions & conditions during runtime (eg. to exclude more types of response from showing) + ... press h to see all available interactive commands * Use persistent connections (ie. will test several passwords until the server disconnects) * Multi-threaded * Flexible user input - Any module parameter can be fuzzed: + use the FILE keyword to iterate over a file + use the COMBO keyword to iterate over a combo file + use the NET keyword to iterate over every hosts of a network subnet + use the RANGE