patator

Brute-force FTP login

$ patator ftp_login host=[target] user=FILE0 password=FILE1 0=[users.txt] 1=[passwords.txt]

$ patator ssh_login host=[target] user=[admin] password=FILE0 0=[passwords.txt]

$ patator http_fuzz url=[http://target/login] method=POST body='user=admin&pass=FILE0' 0=[passwords.txt]

$ patator mysql_login host=[target] user=[root] password=FILE0 0=[passwords.txt]

$ patator

$ patator [module] ... -t [10]

patator module [options] host=target param=value...

patator is a multi-purpose brute-forcer with modular design. It supports numerous protocols and services.
Modules handle specific protocols like SSH, FTP, HTTP, and databases. Each module has protocol-specific options.
File placeholders enable wordlist combinations. Multiple files can be combined for user/password pairs.
Conditional actions filter responses. Ignore successful logins, log specific errors, or stop on match.
Rate limiting and threading control resource usage. Proxy support enables anonymized testing.

-t N

Number of threads.

Actions on conditions.

Log directory.

Connection timeout.

Retry count.

File placeholders.

File assignments.

Numeric range.

Combo file.

ssh_login - SSH authentication
ftp_login - FTP authentication
http_fuzz - HTTP requests
mysql_login - MySQL authentication
smtp_login - SMTP authentication
pop_login - POP3 authentication
dns_forward - DNS queries

For authorized penetration testing only. Aggressive testing may trigger lockouts. Network monitoring may detect attacks.

patator was created by Sebastien Macke (lanjelot) as an alternative to Hydra and Medusa. It emphasizes flexibility and scriptability for security testing.

hydra(1), medusa(1), ncrack(1)