changelog updated for v0.4

pull/4/merge 0.4
lanjelot 12 years ago
parent f58e7afe10
commit d0b7b1d0e8

@ -15,7 +15,7 @@ __author__ = 'Sebastien Macke'
__email__ = 'patator@hsc.fr' __email__ = 'patator@hsc.fr'
__url__ = 'http://www.hsc.fr/ressources/outils/patator/' __url__ = 'http://www.hsc.fr/ressources/outils/patator/'
__git__ = 'http://code.google.com/p/patator/' __git__ = 'http://code.google.com/p/patator/'
__version__ = '0.4-beta' __version__ = '0.4'
__license__ = 'GPLv2' __license__ = 'GPLv2'
__banner__ = 'Patator v%s (%s)' % (__version__, __git__) __banner__ = 'Patator v%s (%s)' % (__version__, __git__)
@ -60,7 +60,6 @@ Currently it supports the following modules:
Future modules to be implemented: Future modules to be implemented:
- rdp_login - rdp_login
- vmware_login (902/tcp)
The name "Patator" comes from http://www.youtube.com/watch?v=xoBkBvnTTjo The name "Patator" comes from http://www.youtube.com/watch?v=xoBkBvnTTjo
"Whatever the payload to fire, always use the same cannon" "Whatever the payload to fire, always use the same cannon"
@ -120,7 +119,7 @@ pycurl | HTTP | http://pycurl.sourceforge.net/
-------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------
openldap | LDAP | http://www.openldap.org/ | 2.4.24 | openldap | LDAP | http://www.openldap.org/ | 2.4.24 |
-------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------
impacket | SMB | http://oss.coresecurity.com/projects/impacket.html | svn#414 | impacket | SMB | http://code.google.com/p/impacket/ | svn#525 |
-------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------
cx_Oracle | Oracle | http://cx-oracle.sourceforge.net/ | 5.1.1 | cx_Oracle | Oracle | http://cx-oracle.sourceforge.net/ | 5.1.1 |
-------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------
@ -175,21 +174,21 @@ Each keyword is numbered in order to:
For instance, this would be the classic order: For instance, this would be the classic order:
--------- ---------
./module host=FILE0 user=FILE1 password=FILE2 0=hosts.txt 1=logins.txt 2=passwords.txt $ ./module host=FILE0 user=FILE1 password=FILE2 0=hosts.txt 1=logins.txt 2=passwords.txt
10.0.0.1 root password 10.0.0.1 root password
10.0.0.1 root 123456 10.0.0.1 root 123456
10.0.0.1 root qsdfghj 10.0.0.1 root qsdfghj
.... ... (trying all passwords before testing next login)
10.0.0.1 admin password 10.0.0.1 admin password
10.0.0.1 admin 123456 10.0.0.1 admin 123456
10.0.0.1 admin qsdfghj 10.0.0.1 admin qsdfghj
... ... (trying all logins before testing next host)
10.0.0.2 root password 10.0.0.2 root password
... ...
While a smarter way might be: While a smarter way might be:
--------- ---------
./module host=FILE2 user=FILE1 password=FILE0 2=hosts.txt 1=logins.txt 0=passwords.txt $ ./module host=FILE2 user=FILE1 password=FILE0 2=hosts.txt 1=logins.txt 0=passwords.txt
10.0.0.1 root password 10.0.0.1 root password
10.0.0.2 root password 10.0.0.2 root password
10.0.0.1 admin password 10.0.0.1 admin password
@ -235,8 +234,8 @@ instance. A failure is actually an exception that the module does not expect,
and as a result the exception is caught upstream by the controller. and as a result the exception is caught upstream by the controller.
Such exceptions, or failures, are not immediately reported to the user, the Such exceptions, or failures, are not immediately reported to the user, the
controller will try 4 more times before reporting the failed payload with the controller will retry 4 more times before reporting the failed payload with the
code "xxx" (--max-retries defaults to 5). code "xxx" (--max-retries defaults to 4).
* Read carefully the following examples to get a good understanding of how patator works. * Read carefully the following examples to get a good understanding of how patator works.
@ -322,7 +321,7 @@ smtp_login host=10.0.0.1 helo='ehlo its.me.com' user=FILE0@dom.com password=FILE
}}} }}}
{{{ HTTP {{{ HTTP
* Find hidden Web resources. * Find hidden web resources.
(a) Use a specific header. (a) Use a specific header.
(b) Follow redirects. (b) Follow redirects.
(c) Do not report 404 errors. (c) Do not report 404 errors.
@ -544,6 +543,19 @@ unzip_pass zipfile=path/to/file.zip password=FILE0 0=passwords.txt -x ignore:cod
CHANGELOG CHANGELOG
--------- ---------
* v0.4 2012/11/02
- new modules: smb_lookupsid, finger_lookup, pop_login, imap_login, vmauthd_login
- improved connection cache
- improved usage, user can now act upon specific reponses (eg. stop brute-forcing host if down, or stop testing login if password found)
- improved dns brute-forcing presentation
- switched to dnspython which is not limited to the IN class (eg. can now scan for {hostname,version}.bind)
- rewrote itertools.product to avoid memory over-consumption when using large wordlists
- can now read wordlist from stdin
- added timeout option to most of the network brute-forcing modules
- added SSL and/or TLS support to a few modules
- before_egrep now allows more than one expression (ie. useful when more than one random nonce needs to be submitted)
- fixed numerous bugs
* v0.3 2011/12/16 * v0.3 2011/12/16
- minor bugs fixed in http_fuzz - minor bugs fixed in http_fuzz
- option -e better implemented - option -e better implemented
@ -807,7 +819,7 @@ Please read the README inside for more examples and usage information.
opt_grp = OptionGroup(parser, 'Optimization') opt_grp = OptionGroup(parser, 'Optimization')
opt_grp.add_option('--rate-limit', dest='rate_limit', type='float', default=0, metavar='N', help='wait N seconds between tests (default is 0)') opt_grp.add_option('--rate-limit', dest='rate_limit', type='float', default=0, metavar='N', help='wait N seconds between tests (default is 0)')
opt_grp.add_option('--max-retries', dest='max_retries', type='int', default=5, metavar='N', help='skip payload after N failures (default is 5) (-1 for unlimited)') opt_grp.add_option('--max-retries', dest='max_retries', type='int', default=4, metavar='N', help='skip payload after N failures (default is 4) (-1 for unlimited)')
opt_grp.add_option('-t', '--threads', dest='num_threads', type='int', default=10, metavar='N', help='number of threads (default is 10)') opt_grp.add_option('-t', '--threads', dest='num_threads', type='int', default=10, metavar='N', help='number of threads (default is 10)')
log_grp = OptionGroup(parser, 'Logging') log_grp = OptionGroup(parser, 'Logging')
@ -960,7 +972,7 @@ Please read the README inside for more examples and usage information.
name, opts = action, None name, opts = action, None
if name not in self.available_actions: if name not in self.available_actions:
raise NotImplementedError('Unsupported action: %s' % n) raise NotImplementedError('Unsupported action: %s' % name)
if name not in self.actions: if name not in self.actions:
self.actions[name] = [] self.actions[name] = []
@ -1196,12 +1208,19 @@ Please read the README inside for more examples and usage information.
def consume(self, gqueue, pqueue): def consume(self, gqueue, pqueue):
module = self.module() module = self.module()
def shutdown():
logger.debug('thread exits')
if hasattr(module, '__del__'):
module.__del__()
while True: while True:
if self.stop_now: if self.stop_now:
shutdown()
return return
prod = gqueue.get() prod = gqueue.get()
if not prod: if prod is None:
shutdown()
return return
payload = self.payload.copy() payload = self.payload.copy()
@ -1239,18 +1258,19 @@ Please read the README inside for more examples and usage information.
sleep(1) sleep(1)
if self.stop_now: if self.stop_now:
shutdown()
return return
if self.rate_limit: if self.rate_limit:
sleep(self.rate_limit) sleep(self.rate_limit)
if try_count < self.max_retries or self.max_retries < 0: if try_count <= self.max_retries or self.max_retries < 0:
actions = {} actions = {}
try_count += 1 try_count += 1
logger.debug('payload: %s [%d/%d]' % (payload, try_count, self.max_retries)) logger.debug('payload: %s [try %d/%d]' % (payload, try_count, self.max_retries+1))
try: try:
resp = module.execute(**payload) resp = module.execute(**payload)
@ -1396,9 +1416,9 @@ Please read the README inside for more examples and usage information.
if command == 'f': if command == 'f':
for i, p in enumerate(self.thread_progress): for i, p in enumerate(self.thread_progress):
total_count = p.done_count + p.skip_count total_count = p.done_count + p.skip_count
logger.info(' #{0}: {1:>3}% ({2}/{3}) {4}'.format( logger.info(' {0:>3}: {1:>3}% ({2}/{3}) {4}'.format(
i+1, '#%d' % (i+1),
total_count * 100/(self.total_size/self.num_threads), int(100*total_count/(1.0*self.total_size/self.num_threads)),
total_count, total_count,
self.total_size/self.num_threads, self.total_size/self.num_threads,
p.current)) p.current))
@ -1615,7 +1635,8 @@ class SSH_Cache(TCP_Cache):
def __del__(self): def __del__(self):
for k, pool in self.cache.items(): for k, pool in self.cache.items():
for u, c in pool.items(): for u, c in pool.items():
with self.lock: self.count[k] -= 1 with self.lock:
self.count[k] -= 1
c.close() c.close()
def bind(self, host, port, user, max_conn): def bind(self, host, port, user, max_conn):
@ -1676,7 +1697,7 @@ class SSH_login(SSH_Cache):
('user', 'usernames to test'), ('user', 'usernames to test'),
('password', 'passwords to test'), ('password', 'passwords to test'),
('auth_type', 'auth type to use [password|keyboard-interactive]'), ('auth_type', 'auth type to use [password|keyboard-interactive]'),
('max_conn', 'maximum concurrent connections per host:port tuple [10]'), ('max_conn', 'maximum concurrent connections per host:port [10]'),
) )
available_options += SSH_Cache.available_options available_options += SSH_Cache.available_options
@ -1916,9 +1937,10 @@ class Controller_Finger(Controller):
user_list = [] user_list = []
def push_final(self, resp): def push_final(self, resp):
for l in resp.lines: if hasattr(resp, 'lines'):
if l not in self.user_list: for l in resp.lines:
self.user_list.append(l) if l not in self.user_list:
self.user_list.append(l)
def show_final(self): def show_final(self):
print('\n'.join(self.user_list)) print('\n'.join(self.user_list))

Loading…
Cancel
Save