Sorry if I'm just not seeing the option, but I can't find it - is it only 
possible to try passwords from a file, or will patator generate combinations to 
test? I know, this wouldn't be generally useful, but e.g. if I know the 
password is short.

If not, can patator take candidates from stdin?

In example with this command with these switches with the password file being 
100 passwords.

ftp_login host=NET0 user=anonymous password=FILE1 0=10.0.0.0-10.0.255.255 
1=pass.txt -t 25 --rate-reset 3

Patator will simultaneous creating 25 threads and more then likely stop the 
service from working. So it is almost equivalent to "persistent=0" when you 
even rate-reset switch. I guess what I am asking it would be perfect if there 
was a "-T 25 -t 1 --rate-reset 3" switch or something along and instead of 
creating simultaneous threads amongst it, it will test the 25 hosts in parallel 
with 1 thread per host to help keep the service stable with speed in mind.

BTW really awesome work! 

oscam:~# ./p
./p:906: Warning: 'with' will become a reserved keyword in Python 2.6
  File "./p", line 906
    with open(log_file, 'w') as f:
            ^
SyntaxError: invalid syntax

any ideea?
thanks

Earn Money business......

http://payfunda.biz/?share=SURJIT

When using ssh_login to scan a large number of hosts, it would be useful to 
have an action that would continue with the next host in your target list.  
This way when scanning a group of IPs for root passwords, you can stop once you 
found a password that works.

For example, you could do something like this:

./ssh_login host=FILE0 0=targets.txt user=root passwords=FILE1 1=wordlist.txt 
...yadda... -x reset,nexthost:code=0

"nexthost" obviously being the action I'd like to see added

What steps will reproduce the problem?
When using http_fuzz module, with no_pass, an error occured.
1. ./patator.py http_fuzz url=http://localhost:8080 user_pass="titi:toto"

What is the expected output? What do you see instead?
11:26:06 patator    FAIL - xxx  85:-1          0.000 |                          
        |     1 | <class 'pycurl.error'> (6, 'Could not resolve host: http; 
Name or service not known')

What version of the product are you using? On what operating system?
Last version

Please provide any additional information below.
Here is a patch (also change port detection regex from [^/]+ to [0-9]+).

What steps will reproduce the problem?
1. ./patator.py http_fuzz url=http://192.168.0.1/login.asp method=POST 
body='login_n=admin&log_pass=FILE0' 0=/media/SSD/Ordlister/wordlist.txt 
follow=1 accept_cookie=1 -x ignore:fgrep='Invalid password, please try again.'

What is the expected output? 
If I write 
./patator.py http_fuzz url=http://192.168.0.1/login.asp method=POST 
body='login_n=admin&log_pass=FILE0' 0=/media/SSD/Ordlister/wordlist.txt 
follow=1 accept_cookie=1 -x ignore:fgrep='Invalid password please try again.'
(the only difference being no comma in ignore:fgrep
the output is 
07:46:19 patator    INFO - Starting Patator v0.3 
(http://code.google.com/p/patator/) at 2012-01-19 07:46 EST
07:46:19 patator    INFO - 
07:46:19 patator    INFO - code & size     | candidate                   |   
num | mesg
07:46:19 patator    INFO - 
---------------------------------------------------------------
07:46:21 patator WARNING - xxx             | b                           |     
2 | <class 'pycurl.error'>, (52, 'Empty reply from server')
07:46:21 patator WARNING - xxx             | e                           |     
5 | <class 'pycurl.error'>, (52, 'Empty reply from server')
07:46:21 patator WARNING - xxx             | f                           |     
6 | <class 'pycurl.error'>, (52, 'Empty reply from server')
07:46:21 patator WARNING - xxx             | a                           |     
1 | <class 'pycurl.error'>, (52, 'Empty reply from server')
07:46:21 patator WARNING - xxx             | c                           |     
3 | <class 'pycurl.error'>, (52, 'Empty reply from server')
07:46:21 patator WARNING - xxx             | g                           |     
7 | <class 'pycurl.error'>, (52, 'Empty reply from server')
07:46:21 patator WARNING - xxx             | i                           |     
9 | <class 'pycurl.error'>, (52, 'Empty reply from server')
07:46:21 patator WARNING - xxx             | d                           |     
4 | <class 'pycurl.error'>, (52, 'Empty reply from server')
07:46:21 patator WARNING - xxx             | h                           |     
8 | <class 'pycurl.error'>, (52, 'Empty reply from server')
07:46:21 patator WARNING - xxx             | j                           |    
10 | <class 'pycurl.error'>, (52, 'Empty reply from server')
^C
07:46:22 patator    INFO - Hits/Done/Size/Fail: 0/10/29/10, Avg: 2 r/s, Time: 
0h 0m 3s
07:46:22 patator    INFO - To resume execution, pass --resume 
1,1,1,1,1,1,1,1,1,1

What do you see instead?

Traceback (most recent call last):
  File "./patator.py", line 2942, in <module>
    powder = ctrl(module, [name] + argv[1:])
  File "./patator.py", line 895, in __init__
    self.update_actions(x)
  File "./patator.py", line 921, in update_actions
    key, val = cond.split('=', 1)
ValueError: need more than 1 value to unpack


What version of the product are you using? On what operating system?
Backtrack 5 R1 w/ Patatar v0.3.3

I have also tried using "" instead of '', but it doesn't work. 

Hello.

Is it possible to add some info about brute-force progress? E.g. realime 
version of "INFO - Hits/Done/Skip/Fail/Size: ..., Avg: ... r/s, Time: ...", 
which shows in the end of attack.

For example while running, 
./patator_v0.4.py http_fuzz url=http://url/ method=POST 
body='login=admin&password=FILE0' 0=English.dic follow=1 accept_cookie=1 -x 
ignore:fgrep='Wrong password'
it shows nothing about current progress =\

I am getting the following exception when attacking an old SSH daemon:
Bad authentication type (allowed_types=['publickey', 'keyboard-interactive'])

The problem is Hydra,  and Metasploit brute force this daemon easily,  but not 
patator,  so I patched patator, and my patch is starts on line 1866:
    except paramiko.AuthenticationException as e:
      if auth_type == 'password' and str(e).find("Bad authentication type") >= 0:
        return self.execute(host, port, user, password, 'keyboard-interactive', persistent)
      else:
        logger.debug('AuthenticationException: %s' % e)
        code, mesg = '1', str(e)

A recursive exception handler is messy,  but this login should work! Maybe 
always using an interactive keyboard would be better seeing as this is a 
problem with the auth_password method.  Attached is my modified version. 

Project labels only have Python label. This project can include labels like 
"Security" or "Hacking".

Good app! Thx.

Hi. 
Proxy support? :)

SOCKS5, HTTP .. 

Awesome project :)

I've added url encoding in this patch.
Allows one to write stuff like:

-e _@@_:url

Which will use python's urllib's quote_plus().

------

Hasn't been tested in Python 3. But according to the docs, it's the same 
function & method name, just in urllib.parse instead.

root@sid:~# patator ssh_login host=127.0.0.1 user=root password=toor
11:27:17 patator    INFO - Starting Patator v0.4 
(http://code.google.com/p/patator/) at 2013-05-16 11:27 CEST
11:27:17 patator    INFO - 
11:27:17 patator    INFO - code & size     | candidate                   |   
num | mesg
11:27:17 patator    INFO - 
---------------------------------------------------------------
Exception in thread Thread-11:
Traceback (most recent call last):
  File "/usr/lib/python2.7/threading.py", line 552, in __bootstrap_inner
    self.run()
  File "/usr/lib/python2.7/threading.py", line 505, in run
    self.__target(*self.__args, **self.__kwargs)
  File "/usr/local/bin/patator", line 1179, in produce
    for pp in islice(product(*iterables), self.start, self.stop):
TypeError: product() takes at least 1 argument (0 given)

^C
^C11:27:22 patator    INFO - Hits/Done/Skip/Fail/Size: 0/0/0/0/1, Avg: 0 r/s, 
Time: 0h 0m 4s
11:27:22 patator    INFO - To resume execution, pass --resume 
0,0,0,0,0,0,0,0,0,0


root@sid:~# dpkg -l | grep python-paramiko
ii  python-paramiko                      1.7.7.1-3.1                        all 
         Make ssh v2 connections with Python
root@sid:~# cat /etc/issue.net
Debian GNU/Linux 7.0