MCPcopy
hub / github.com/lanjelot/patator

github.com/lanjelot/patator @1.1 sqlite

repository ↗ · DeepWiki ↗ · release 1.1 ↗
283 symbols 759 edges 2 files 39 documented · 14%
README

Patator

Patator was written out of frustration from using Hydra, Medusa, Ncrack, Metasploit modules and Nmap NSE scripts for password guessing attacks. I opted for a different approach in order to not create yet another brute-forcing tool and avoid repeating the same shortcomings. Patator is a multi-threaded tool written in Python, that strives to be more reliable and flexible than his fellow predecessors.

Currently it supports the following modules:

* ftp_login      : Brute-force FTP
* ssh_login      : Brute-force SSH
* telnet_login   : Brute-force Telnet
* smtp_login     : Brute-force SMTP
* smtp_vrfy      : Enumerate valid users using the SMTP VRFY command
* smtp_rcpt      : Enumerate valid users using the SMTP RCPT TO command
* finger_lookup  : Enumerate valid users using Finger
* http_fuzz      : Brute-force HTTP/HTTPS
* rdp_gateway    : Brute-force RDP Gateway
* ajp_fuzz       : Brute-force AJP
* pop_login      : Brute-force POP
* pop_passd      : Brute-force poppassd (not POP3)
* imap_login     : Brute-force IMAP
* ldap_login     : Brute-force LDAP
* dcom_login     : Brute-force DCOM
* smb_login      : Brute-force SMB
* smb_lookupsid  : Brute-force SMB SID-lookup
* rlogin_login   : Brute-force rlogin
* vmauthd_login  : Brute-force VMware Authentication Daemon
* mssql_login    : Brute-force MSSQL
* oracle_login   : Brute-force Oracle
* mysql_login    : Brute-force MySQL
* mysql_query    : Brute-force MySQL queries
* rdp_login      : Brute-force RDP (NLA)
* pgsql_login    : Brute-force PostgreSQL
* vnc_login      : Brute-force VNC
* dns_forward    : Brute-force DNS
* dns_reverse    : Brute-force DNS (reverse lookup subnets)
* ike_enum       : Enumerate IKE transforms
* snmp_login     : Brute-force SNMPv1/2 and SNMPv3
* unzip_pass     : Brute-force the password of encrypted ZIP files
* keystore_pass  : Brute-force the password of Java keystore files
* sqlcipher_pass : Brute-force the password of SQLCipher-encrypted databases
* umbraco_crack  : Crack Umbraco HMAC-SHA1 password hashes

The name "Patator" comes from this.

Patator is NOT script-kiddie friendly, please read the full README inside patator.py before reporting.

Please donate if you like this project! :)

paypal

Many thanks! @lanjelot

Install

git clone https://github.com/lanjelot/patator.git
git clone https://github.com/danielmiessler/SecLists.git
docker build -t patator patator/
docker run -it --rm -v $PWD/SecLists/Passwords:/mnt patator dummy_test data=FILE0 0=/mnt/richelieu-french-top5000.txt

Usage Examples

  • FTP : Enumerating users denied login in vsftpd/userlist
$ ftp_login host=10.0.0.1 user=FILE0 0=logins.txt password=asdf -x ignore:mesg='Login incorrect.' -x ignore,reset,retry:code=500
19:36:06 patator    INFO - Starting Patator v0.7-beta (https://github.com/lanjelot/patator) at 2015-02-08 19:36 AEDT
19:36:06 patator    INFO -
19:36:06 patator    INFO - code  size    time | candidate                          |   num | mesg
19:36:06 patator    INFO - -----------------------------------------------------------------------------
19:36:07 patator    INFO - 230   17     0.002 | anonymous                          |     7 | Login successful.
19:36:07 patator    INFO - 230   17     0.001 | ftp                                |    10 | Login successful.
19:36:08 patator    INFO - 530   18     1.000 | root                               |     1 | Permission denied.
19:36:17 patator    INFO - 530   18     1.000 | michael                            |    50 | Permission denied.
19:36:36 patator    INFO - 530   18     1.000 | robert                             |    93 | Permission denied.
...

Tested against vsftpd-3.0.2-9 on CentOS 7.0-1406.

  • SSH : Time-based user enumeration
$ ssh_login host=10.0.0.1 user=FILE0 0=logins.txt password=$(perl -e "print 'A'x50000") --max-retries 0 --timeout 10 -x ignore:time=0-3
17:45:20 patator    INFO - Starting Patator v0.7-beta (https://github.com/lanjelot/patator) at 2015-02-08 17:45 AEDT
17:45:20 patator    INFO -
17:45:20 patator    INFO - code  size    time | candidate                          |   num | mesg
17:45:20 patator    INFO - -----------------------------------------------------------------------------
17:45:30 patator    FAIL - xxx   41    10.001 | root                               |     1 | <class '__main__.TimeoutError'> timed out
17:45:34 patator    FAIL - xxx   41    10.000 | john                               |    23 | <class '__main__.TimeoutError'> timed out
17:45:37 patator    FAIL - xxx   41    10.000 | joe                                |    40 | <class '__main__.TimeoutError'> timed out
...

Tested against openssh-server 1:6.0p1-4+deb7u2 on Debian 7.8.

  • HTTP : Brute-force phpMyAdmin logon
$ http_fuzz url=http://10.0.0.1/pma/index.php method=POST body='pma_username=COMBO00&pma_password=COMBO01&server=1&target=index.php&lang=en&token=' 0=combos.txt before_urls=http://10.0.0.1/pma/index.php accept_cookie=1 follow=1 -x ignore:fgrep='Cannot log in to the MySQL server' -l /tmp/qsdf
11:53:47 patator    INFO - Starting Patator v0.7-beta (http://code.google.com/p/patator/) at 2014-08-31 11:53 EST
11:53:47 patator    INFO -
11:53:47 patator    INFO - code size:clen       time | candidate                          |   num | mesg
11:53:47 patator    INFO - -----------------------------------------------------------------------------
11:53:48 patator    INFO - 200  49585:0        0.150 | root:p@ssw0rd                      |    26 | HTTP/1.1 200 OK
11:53:51 patator    INFO - 200  13215:0        0.351 | root:                              |    72 | HTTP/1.1 200 OK
^C
11:53:54 patator    INFO - Hits/Done/Skip/Fail/Size: 2/198/0/0/3000, Avg: 29 r/s, Time: 0h 0m 6s
11:53:54 patator    INFO - To resume execution, pass --resume 15,15,15,16,15,36,15,16,15,40

Payload #72 was a false positive due to an unexpected error message:

$ grep AllowNoPassword /tmp/qsdf/72_200\:13215\:0\:0.351.txt
... class="icon ic_s_error" /> Login without a password is forbidden by configuration (see AllowNoPassword)

<noscript>

Tested against phpMyAdmin 4.2.7.1.

  • IKEv1 : Enumerate transforms supported by VPN peer
# ike_enum host=10.0.0.1 transform=MOD0 0=TRANS aggressive=RANGE1 1=int:0-1 -x ignore:fgrep='NO-PROPOSAL'
16:52:58 patator    INFO - Starting Patator v0.7-beta (https://github.com/lanjelot/patator) at 2015-04-05 16:52 AEST
16:52:58 patator    INFO -
16:52:58 patator    INFO - code  size    time | candidate                          |   num | mesg
16:52:58 patator    INFO - -----------------------------------------------------------------------------
16:53:03 patator    INFO - 0     70     0.034 | 5,1,1,2:0                          |  1539 | Handshake returned: Enc=3DES Hash=MD5 Group=2:modp1024 Auth=PSK (Main)
16:53:03 patator    INFO - 0     72     0.031 | 5,1,65001,2:0                      |  1579 | Handshake returned: Enc=3DES Hash=MD5 Group=2:modp1024 Auth=XAUTH&PSK (Main)
16:53:03 patator    INFO - 0     76     0.033 | 5,1,1,2:1                          |  1540 | Handshake returned: Enc=3DES Hash=MD5 Group=2:modp1024 Auth=PSK (Aggressive)
16:53:03 patator    INFO - 0     78     0.034 | 5,1,65001,2:1                      |  1580 | Handshake returned: Enc=3DES Hash=MD5 Group=2:modp1024 Auth=XAUTH&PSK (Aggressive)
16:53:06 patator    INFO - 0     84     0.034 | 7/128,2,1,2:0                      |  2371 | Handshake returned: Enc=AES KeyLength=128 Hash=SHA1 Group=2:modp1024 Auth=PSK (Main)
16:53:06 patator    INFO - 0     90     0.033 | 7/128,2,1,2:1                      |  2372 | Handshake returned: Enc=AES KeyLength=128 Hash=SHA1 Group=2:modp1024 Auth=PSK (Aggressive)
16:53:06 patator    INFO - 0     86     0.034 | 7/128,2,65001,2:0                  |  2411 | Handshake returned: Enc=AES KeyLength=128 Hash=SHA1 Group=2:modp1024 Auth=XAUTH&PSK (Main)
16:53:06 patator    INFO - 0     92     0.035 | 7/128,2,65001,2:1                  |  2412 | Handshake returned: Enc=AES KeyLength=128 Hash=SHA1 Group=2:modp1024 Auth=XAUTH&PSK (Aggressive)

+ 10.0.0.1:500 (Main Mode)
    Encryption       Hash             Auth       Group
    ---------- ----------       ----------  ----------
          3DES        MD5              PSK    modp1024
          3DES        MD5        XAUTH&PSK    modp1024
        AES128       SHA1              PSK    modp1024
        AES128       SHA1        XAUTH&PSK    modp1024

+ 10.0.0.1:500 (Aggressive Mode)
    Encryption       Hash             Auth       Group
    ---------- ----------       ----------  ----------
          3DES        MD5              PSK    modp1024
          3DES        MD5        XAUTH&PSK    modp1024
        AES128       SHA1              PSK    modp1024
        AES128       SHA1        XAUTH&PSK    modp1024
16:53:11 patator    INFO - Hits/Done/Skip/Fail/Size: 8/3840/0/0/3840, Avg: 284 r/s, Time: 0h 0m 13s
  • SNMPv3 : Find valid usernames
$ snmp_login host=10.0.0.1 version=3 user=FILE0 0=logins.txt -x ignore:mesg=unknownUserName
17:51:06 patator    INFO - Starting Patator v0.5
17:51:06 patator    INFO -
17:51:06 patator    INFO - code  size | candidate                          |   num | mesg
17:51:06 patator    INFO - ----------------------------------------------------------------------
17:51:11 patator    INFO - 0-0   11   | robert                             |    55 | wrongDigest
17:51:12 patator    INFO - Progress:  20% (70/345) | Speed: 10 r/s | ETC: 17:51:38 (00:00:26 remaining)
17:51:33 patator    INFO - 0-0   11   | myuser                             |   311 | wrongDigest
17:51:36 patator    INFO - Hits/Done/Skip/Fail/Size: 2/345/0/0/345, Avg: 11 r/s, Time: 0h 0m 30s
  • SNMPv3 : Find valid passwords
$ snmp_login host=10.0.0.1 version=3 user=robert auth_key=FILE0 0=passwords_8+.txt -x ignore:mesg=wrongDigest
17:52:15 patator    INFO - Starting Patator v0.5
17:52:15 patator    INFO -
17:52:15 patator    INFO - code  size | candidate                          |   num | mesg
17:52:15 patator    INFO - ----------------------------------------------------------------------
17:52:16 patator    INFO - 0-0   69   | password123                        |    16 | Linux thug 2.6.36-gentoo #5 SMP Fri Aug 12 14:49:51 CEST 2011 i686
17:52:17 patator    INFO - Hits/Done/Skip/Fail/Size: 1/50/0/0/50, Avg: 38 r/s, Time: 0h 0m 1s
  • DNS : Forward lookup

``` $ dns_forward name=FILE0.hsc.fr 0=names.txt -x ignore:code=3 03:18:46 patator INFO - Starting Patator v0.5 (http://code.google.com/p/patator/) at 2012-06-29 03:18 PMT 03:18:46 patator INFO - 03:18:46 patator INFO - code size | candidate | num | mesg 03:18:46 patator INFO - ---------------------------------------------------------------------- 03:18:46 patator INFO - 0 41 | www | 4 | NOERROR [www.hsc.fr. IN A 217.174.211.25] 03:18:46 patator INFO - 0 81 | mail | 32 | NOERROR [mail.hsc.fr. IN CNAME itesec.hsc.fr.][itesec.hsc.fr. IN A 192.70.106.33] 03:18:46 patator INFO - 0 44 | webmail | 62 | NOERROR [webmail.hsc.fr. IN A 192.70.106.95] 03:18:46 patator INFO - 0 93 | test | 54 | NOERROR [hsc.fr. IN SOA itesec.hsc.fr. hostmaster.hsc.fr. 2012012301 21600 3600 1209600 3600] 03:18:46 patator INFO - 0 40 | wap | 66 | NOERROR [wap.hsc.fr. IN A 192.70.106.33] 03:18:46 patator INFO - 0 85 | extranet | 131 | NOERROR [extranet.hsc.fr. IN CNAME itesec.hsc.fr.][itesec.hsc.fr. IN A 192.70.106.33] 03:18:46 patator INFO - 0 81 | news | 114 | NOERROR [news.hsc.fr. IN CNAME itesec.hsc.fr.][itesec.hsc.fr. IN A 192.70.106.33] 03:18:46 patator INFO - 0 93 | mailhost | 137 | NOERROR [mailhost.hsc.fr. IN A 192.70.106.33][mailhost.hsc.fr. IN AAAA 2001:7a8:1155:2::abcd] 03:18:46 patator INFO - 0 47 | lists | 338 | NOERROR [lists.hsc.fr. IN MX 10 itesec.hsc.fr.] 03:18:46 patator INFO - 0 93 | fr | 319 | NOERROR [hsc.fr. IN SOA itesec.hsc.fr. hostmaster.hsc.fr. 2012012301 21600 3600 1209600 3600] 03:18:47 patator INFO - 0 40 | gl | 586 | NOERROR [gl.hsc.fr. IN A 192.70.106.103] Records ------------------------------------------ extranet.hsc.fr. IN CNAME itesec.hsc.fr. gl.hsc.fr. IN A 192.70.106.103 hsc.fr. IN SOA itesec.hsc.fr. hostmaster.hsc.fr. 2012012301 21600 3600 1209600 3600 itesec.hsc.fr. IN A 192.70.106.33 lists.hsc.fr. IN MX 10 itesec.hsc.fr. mail.hsc.fr. IN CNAME itesec.hsc.fr. mailhost.hsc.fr. IN A 192.70.106.33 mailhost.hsc.fr. IN AAAA 2001:7a8:1155:2::abcd news.hsc.fr. IN CNAME itesec.hsc.fr. wap.hsc.fr. IN A 192.70.106.33 webmail.hsc.fr. IN A 192.70.106.95 www.hsc.fr. IN A 217.174.211.25 Hostmap ------------------------------------------ mailhost.hsc.fr 2001:7a8:1155:2::abcd mailhost.hsc.fr 192.70.106.33 wap.hsc.fr 192.70.106.33 itesec.hsc.fr 192.70.106.33 extranet.hsc.fr mail.hsc.fr

Core symbols most depended-on inside this repo

debug
called by 58
patator.py
B
called by 28
patator.py
reset
called by 19
patator.py
bind
called by 16
patator.py
b
called by 15
patator.py
connect
called by 14
patator.py
send
called by 12
patator.py
info
called by 12
patator.py

Shape

Method 170
Class 74
Function 39

Languages

Python100%

Modules by API surface

patator.py282 symbols
setup.py1 symbols

Dependencies from manifests, versioned

IPy1.1 · 1×
ajpy0.0.5 · 1×
cx_Oracle8.3.0 · 1×
dnspython2.7.0 · 1×
impacket0.12.0 · 1×
mysqlclient2.2.7 · 1×
paramiko3.5.1 · 1×
psycopg2-binary2.9.10 · 1×
pycryptodomex3.21.0 · 1×
pycurl7.45.4 · 1×
pysnmp7.1.16 · 1×
telnetlib-313-and-up3.13.1 · 1×

For agents

$ claude mcp add patator \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact