Re: Patator - new multi-purpose brute-forcing tool

[Grandma Eubanks <tborland1 () gmail com>]

Multiprocessing is quiet a bit faster than utilizing threads (this should
be obvious as threads are GIL locked, while multi-processing can be spread
amongst cores with the kernel's scheduler).

On Wed, Feb 22, 2012 at 6:51 PM, Nate Theis <nttheis () gmail com> wrote:

> You might look into PyPy for a speed boost: http://pypy.org
> On Feb 22, 2012 6:43 AM, "lanjelot" <lanjelot () gmail com> wrote:
>
> > Hello FD,
> >
> > Released two months ago, and downloaded a few thousand times since, I
> > wanted to share with you a new multi-purpose brute-forcing tool named
> > Patator (http://code.google.com/p/patator/).
> >
> > I am posting here because I would like to get more feedback from
> > people using it, so feel free to fire me an email if you have any
> > queries, or rather use the issues tracker on patator project page.
> >
> > To put it bluntly, I just got tired of using Medusa, Hydra, ncrack,
> > metasploit auxiliary modules, nmap NSE scripts and the like because:
> >  - they either do not work or are not reliable (got me false
> > negatives several times in the past)
> >  - they are slow (not multi-threaded or not testing multiple
> > passwords within the same TCP connection)
> >  - they lack very useful features that are easy to code in python
> > (eg. interactive runtime)
> >
> > Basically you should give Patator a try once you get disappointed by
> > Medusa, Hydra or other brute-forcing tools and are about to code your
> > own small script because Patator will allow you to:
> >  - Not write the same code over and over, due to its a modular design
> > and flexible usage
> >  - Run multi-threaded
> >  - Benefit from useful features such as the interactive runtime
> > commands, automatic response logging, etc.
> >
> > Currently Patator supports the following modules :
> >  - ftp_login     : Brute-force FTP
> >  - ssh_login     : Brute-force SSH
> >  - telnet_login  : Brute-force Telnet
> >  - smtp_login    : Brute-force SMTP
> >  - smtp_vrfy     : Enumerate valid users using the SMTP 'VRFY' command
> >  - smtp_rcpt     : Enumerate valid users using the SMTP 'RCPT TO' command
> >  - http_fuzz     : Brute-force HTTP/HTTPS
> >  - pop_passd     : Brute-force poppassd (not POP3)
> >  - ldap_login    : Brute-force LDAP
> >  - smb_login     : Brute-force SMB
> >  - mssql_login   : Brute-force MSSQL
> >  - oracle_login  : Brute-force Oracle
> >  - mysql_login   : Brute-force MySQL
> >  - pgsql_login   : Brute-force PostgreSQL
> >  - vnc_login     : Brute-force VNC
> >
> >  - dns_forward   : Forward lookup subdomains
> >  - dns_reverse   : Reverse lookup subnets
> >  - snmp_login    : Brute-force SNMPv1/2 and SNMPv3
> >
> >  - unzip_pass    : Brute-force the password of encrypted ZIP files
> >  - keystore_pass : Brute-force the password of Java keystore files
> >
> > The name "Patator" comes from the famous weapon :
> > http://www.youtube.com/watch?v=xoBkBvnTTjo
> >
> > Cheers!
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/