Patator是一款多用途暴力破解工具,使用pyton语言编写,采用模块化设计和灵活的使用,可以自己进行增删改。新版本主要增加了smb_lookupsid, finger_lookup, pop_login, imap_login, vmauthd_login破解,以及添加了SSL和TLS的几个模块,详细如下:
new modules: smb_lookupsid, finger_lookup, pop_login, imap_login, vmauthd_login
improved connection cache
improved usage, user can now act upon specific reponses (eg. stop brute-forcing host if down, or stop testing login if password found)
improved dns brute-forcing presentation
switched to dnspython which is not limited to the IN class (eg. can now scan for {hostname,version}.bind)
rewrote itertools.product to avoid memory over-consumption when using large wordlists
can now read wordlist from stdin
added timeout option to most of the network brute-forcing modules
added SSL and/or TLS support to a few modules
before_egrep now allows more than one expression (ie. useful when more than one random nonce needs to be submitted)
fixed numerous bugs
目前支持以下模式:
smtp_vrfy : Enumerate valid users using the SMTP VRFY command smtp_rcpt : Enumerate valid users using the SMTP RCPT TO command finger_lookup : Enumerate valid users using Finger http_fuzz : Brute-force HTTP HTTPS pop_login : Brute-force POP pop_passd : Brute-force poppassd (not POP3) imap_login : Brute-force IMAP ldap_login : Brute-force LDAP smb_login : Brute-force SMB smb_lookupsid : Brute-force SMB SID-lookup vmauthd_login : Brute-force VMware Authentication Daemon mssql_login : Brute-force MSSQL oracle_login : Brute-force Oracle mysql_login : Brute-force MySQL pgsql_login : Brute-force PostgreSQL vnc_login : Brute-force VNC dns_forward : Brute-force DNS dns_reverse : Brute-force DNS (reverse lookup subnets) snmp_login : Brute-force SNMPv1/2 and SNMPv3 unzip_pass : Brute-force the password of encrypted ZIP files keystore_pass : Brute-force the password of Java keystore files