fabiengreard / patator Goto Github PK
View Code? Open in Web Editor NEWAutomatically exported from code.google.com/p/patator
Automatically exported from code.google.com/p/patator
Sorry if I'm just not seeing the option, but I can't find it - is it only
possible to try passwords from a file, or will patator generate combinations to
test? I know, this wouldn't be generally useful, but e.g. if I know the
password is short.
If not, can patator take candidates from stdin?
Original issue reported on code.google.com by roblourens
on 13 Mar 2012 at 5:43
root@sid:~# patator ssh_login host=127.0.0.1 user=root password=toor
11:27:17 patator INFO - Starting Patator v0.4
(http://code.google.com/p/patator/) at 2013-05-16 11:27 CEST
11:27:17 patator INFO -
11:27:17 patator INFO - code & size | candidate |
num | mesg
11:27:17 patator INFO -
---------------------------------------------------------------
Exception in thread Thread-11:
Traceback (most recent call last):
File "/usr/lib/python2.7/threading.py", line 552, in __bootstrap_inner
self.run()
File "/usr/lib/python2.7/threading.py", line 505, in run
self.__target(*self.__args, **self.__kwargs)
File "/usr/local/bin/patator", line 1179, in produce
for pp in islice(product(*iterables), self.start, self.stop):
TypeError: product() takes at least 1 argument (0 given)
^C
^C11:27:22 patator INFO - Hits/Done/Skip/Fail/Size: 0/0/0/0/1, Avg: 0 r/s,
Time: 0h 0m 4s
11:27:22 patator INFO - To resume execution, pass --resume
0,0,0,0,0,0,0,0,0,0
root@sid:~# dpkg -l | grep python-paramiko
ii python-paramiko 1.7.7.1-3.1 all
Make ssh v2 connections with Python
root@sid:~# cat /etc/issue.net
Debian GNU/Linux 7.0
Original issue reported on code.google.com by [email protected]
on 16 May 2013 at 9:29
What steps will reproduce the problem?
When using http_fuzz module, with no_pass, an error occured.
1. ./patator.py http_fuzz url=http://localhost:8080 user_pass="titi:toto"
What is the expected output? What do you see instead?
11:26:06 patator FAIL - xxx 85:-1 0.000 |
| 1 | <class 'pycurl.error'> (6, 'Could not resolve host: http;
Name or service not known')
What version of the product are you using? On what operating system?
Last version
Please provide any additional information below.
Here is a patch (also change port detection regex from [^/]+ to [0-9]+).
Original issue reported on code.google.com by [email protected]
on 24 Jul 2013 at 1:34
Attachments:
Earn Money business......
http://payfunda.biz/?share=SURJIT
Original issue reported on code.google.com by [email protected]
on 20 Nov 2014 at 9:33
What steps will reproduce the problem?
1. ./patator.py http_fuzz url=http://192.168.0.1/login.asp method=POST
body='login_n=admin&log_pass=FILE0' 0=/media/SSD/Ordlister/wordlist.txt
follow=1 accept_cookie=1 -x ignore:fgrep='Invalid password, please try again.'
What is the expected output?
If I write
./patator.py http_fuzz url=http://192.168.0.1/login.asp method=POST
body='login_n=admin&log_pass=FILE0' 0=/media/SSD/Ordlister/wordlist.txt
follow=1 accept_cookie=1 -x ignore:fgrep='Invalid password please try again.'
(the only difference being no comma in ignore:fgrep
the output is
07:46:19 patator INFO - Starting Patator v0.3
(http://code.google.com/p/patator/) at 2012-01-19 07:46 EST
07:46:19 patator INFO -
07:46:19 patator INFO - code & size | candidate |
num | mesg
07:46:19 patator INFO -
---------------------------------------------------------------
07:46:21 patator WARNING - xxx | b |
2 | <class 'pycurl.error'>, (52, 'Empty reply from server')
07:46:21 patator WARNING - xxx | e |
5 | <class 'pycurl.error'>, (52, 'Empty reply from server')
07:46:21 patator WARNING - xxx | f |
6 | <class 'pycurl.error'>, (52, 'Empty reply from server')
07:46:21 patator WARNING - xxx | a |
1 | <class 'pycurl.error'>, (52, 'Empty reply from server')
07:46:21 patator WARNING - xxx | c |
3 | <class 'pycurl.error'>, (52, 'Empty reply from server')
07:46:21 patator WARNING - xxx | g |
7 | <class 'pycurl.error'>, (52, 'Empty reply from server')
07:46:21 patator WARNING - xxx | i |
9 | <class 'pycurl.error'>, (52, 'Empty reply from server')
07:46:21 patator WARNING - xxx | d |
4 | <class 'pycurl.error'>, (52, 'Empty reply from server')
07:46:21 patator WARNING - xxx | h |
8 | <class 'pycurl.error'>, (52, 'Empty reply from server')
07:46:21 patator WARNING - xxx | j |
10 | <class 'pycurl.error'>, (52, 'Empty reply from server')
^C
07:46:22 patator INFO - Hits/Done/Size/Fail: 0/10/29/10, Avg: 2 r/s, Time:
0h 0m 3s
07:46:22 patator INFO - To resume execution, pass --resume
1,1,1,1,1,1,1,1,1,1
What do you see instead?
Traceback (most recent call last):
File "./patator.py", line 2942, in <module>
powder = ctrl(module, [name] + argv[1:])
File "./patator.py", line 895, in __init__
self.update_actions(x)
File "./patator.py", line 921, in update_actions
key, val = cond.split('=', 1)
ValueError: need more than 1 value to unpack
What version of the product are you using? On what operating system?
Backtrack 5 R1 w/ Patatar v0.3.3
I have also tried using "" instead of '', but it doesn't work.
Original issue reported on code.google.com by [email protected]
on 19 Jan 2012 at 11:52
Project labels only have Python label. This project can include labels like
"Security" or "Hacking".
Good app! Thx.
Original issue reported on code.google.com by fran.net
on 30 Dec 2011 at 7:12
I am getting the following exception when attacking an old SSH daemon:
Bad authentication type (allowed_types=['publickey', 'keyboard-interactive'])
The problem is Hydra, and Metasploit brute force this daemon easily, but not
patator, so I patched patator, and my patch is starts on line 1866:
except paramiko.AuthenticationException as e:
if auth_type == 'password' and str(e).find("Bad authentication type") >= 0:
return self.execute(host, port, user, password, 'keyboard-interactive', persistent)
else:
logger.debug('AuthenticationException: %s' % e)
code, mesg = '1', str(e)
A recursive exception handler is messy, but this login should work! Maybe
always using an interactive keyboard would be better seeing as this is a
problem with the auth_password method. Attached is my modified version.
Original issue reported on code.google.com by [email protected]
on 15 Jul 2014 at 3:41
Attachments:
When using ssh_login to scan a large number of hosts, it would be useful to
have an action that would continue with the next host in your target list.
This way when scanning a group of IPs for root passwords, you can stop once you
found a password that works.
For example, you could do something like this:
./ssh_login host=FILE0 0=targets.txt user=root passwords=FILE1 1=wordlist.txt
...yadda... -x reset,nexthost:code=0
"nexthost" obviously being the action I'd like to see added
Original issue reported on code.google.com by [email protected]
on 12 Mar 2012 at 4:48
In example with this command with these switches with the password file being
100 passwords.
ftp_login host=NET0 user=anonymous password=FILE1 0=10.0.0.0-10.0.255.255
1=pass.txt -t 25 --rate-reset 3
Patator will simultaneous creating 25 threads and more then likely stop the
service from working. So it is almost equivalent to "persistent=0" when you
even rate-reset switch. I guess what I am asking it would be perfect if there
was a "-T 25 -t 1 --rate-reset 3" switch or something along and instead of
creating simultaneous threads amongst it, it will test the 25 hosts in parallel
with 1 thread per host to help keep the service stable with speed in mind.
BTW really awesome work!
Original issue reported on code.google.com by [email protected]
on 17 Feb 2012 at 10:18
I've added url encoding in this patch.
Allows one to write stuff like:
-e _@@_:url
Which will use python's urllib's quote_plus().
------
Hasn't been tested in Python 3. But according to the docs, it's the same
function & method name, just in urllib.parse instead.
Original issue reported on code.google.com by [email protected]
on 12 Apr 2012 at 5:38
Attachments:
Hello.
Is it possible to add some info about brute-force progress? E.g. realime
version of "INFO - Hits/Done/Skip/Fail/Size: ..., Avg: ... r/s, Time: ...",
which shows in the end of attack.
For example while running,
./patator_v0.4.py http_fuzz url=http://url/ method=POST
body='login=admin&password=FILE0' 0=English.dic follow=1 accept_cookie=1 -x
ignore:fgrep='Wrong password'
it shows nothing about current progress =\
Original issue reported on code.google.com by [email protected]
on 15 Mar 2013 at 2:16
oscam:~# ./p
./p:906: Warning: 'with' will become a reserved keyword in Python 2.6
File "./p", line 906
with open(log_file, 'w') as f:
^
SyntaxError: invalid syntax
any ideea?
thanks
Original issue reported on code.google.com by [email protected]
on 5 Jan 2012 at 3:20
Hi.
Proxy support? :)
SOCKS5, HTTP ..
Awesome project :)
Original issue reported on code.google.com by [email protected]
on 4 Jan 2012 at 3:03
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.