Patator

Patator is designed as a versatile tool for security testing, particularly brute-force attacks and service enumeration. Its modular architecture allows targeting numerous protocols including FTP, SSH, SMTP, HTTP, databases like MySQL and PostgreSQL, and others such as SNMP, RDP, and VNC. This makes it suitable for penetration testing scenarios where credential guessing or service probing is required.

Use cases include brute-forcing login credentials against remote services, enumerating valid users via SMTP VRFY/RELAY or Finger, fuzzing HTTP/AJP endpoints, and even cracking passwords on ZIP files or Java keystores. The tool's flexibility comes from its payload system, such as loading passwords from files, and options for ignoring specific responses to refine attacks.

It operates efficiently with statistics on hits, skips, and performance metrics, aiding testers in monitoring progress during large-scale attempts.

Patator uses a modular system where each module handles a specific protocol or service, such as mysql_login for MySQL brute-forcing. It iterates through payloads like usernames or passwords from files (e.g., FILE0=/path/to/file), sending requests to targets specified by parameters like host=127.0.0.1 and user=root. Responses are parsed for success indicators, with options like -x ignore:fgrep='string' to skip matches on error messages such as 'Access denied for user'. It tracks metrics like hits, done, skip, fail, and rate in real-time.