[TOPERA v0.0.2] Security tools for IPv6

Topera is a new security tools for IPv6, with the particularity that their attacks can’t be detected by Snort.

Snort is the most known IDS/IPS and is widely used in many different critical environments. Some commercial tools (Juniper or Checkpoint ones) use it as detection engine also.

Mocking snort detection capabilities could suppose a high risk in some cases.

Changelog v0.0.2

• Slow HTTP attacks (Slowloris over IPv6).
• Improved TCP port scanner.

Download TOPERA v0.0.2

[ShellNoob v1.0] Shellcode Writing Toolkit

ShellNoob is a writing toolkit, that helps you to writting some shellcodes, converting to different formats, resolving some boring steps.

Features:

• convert shellcode between different formats (currently supported: asm, bin, hex, obj, exe, C, python, ruby, pretty)
• interactive opcode-to-binary conversion (and viceversa) mode. This is useful when you cannot use specific bytes in the shellcode.
• resolve syscall numbers and constants (not exactly implemented yet)
• portable and easily deployable (it only relies on gcc/as/objdump and python). And it just one python file!
• in-place development: you run ShellNoob directly on the target architecture!
• other options: prepend breakpoint, 32bit/64bit switch.
• read from stdin / write to stdout support (use “-” as filename)

Use Cases
$ ./shellnoob.py -h
./shellnoob.py [--from-INPUT] (input_file_path | - ) [--to-OUTPUT] [output_file_path | - ]
./shellnoob.py -i (for interactive mode)
./shellnoob.py -c (insert a breakpoint at the beginning of the shellcode)
./shellnoob.py --64 (64bits mode)
./shellnoob.py --get-const <const>
./shellnoob.py --get-sysnum <sysnum>
supported INPUT format: asm, obj, bin, hex
supported OUTPUT format: asm, obj, exe, bin, hex, C, python, bash, ruby, pretty

Download ShellNoob v1.0

[Fern Wifi Cracker] Wireless security auditing and attack software to crack and recover WEP/WPA/WPS keys

Fern Wifi Cracker is a Wireless security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library, the program is able to crack and recover WEP/WPA/WPS keys and also run other network based attacks on wireless or ethernet based networks

Operating System Supported

The Software runs on any Linux machine with the programs prerequisites, But the program has been tested on the following Linux based operating systems:

• Ubuntu KDE/GNOME
• BackTrack Linux
• BackBox Linux

Prerequisites

The Program requires the following to run properly:

The following dependencies can be installed using the Debian package installer command on Debian based systems using "apt-get install program" or otherwise downloaded and installed manually

• Aircrack-NG
• Python-Scapy
• Python Qt4
• Python
• Subversion
• Xterm
• Reaver (for WPS Attacks)
• Macchanger

---

Features

---

Fern Wifi Cracker currently supports the following features:

• WEP Cracking with Fragmentation,Chop-Chop, Caffe-Latte, Hirte, ARP Request Replay or WPS attack
• WPA/WPA2 Cracking with Dictionary or WPS based attacks
• Automatic saving of key in database on successful crack
• Automatic Access Point Attack System
• Session Hijacking (Passive and Ethernet Modes)
• Access Point MAC Address Geo Location Tracking
• Internal MITM Engine
• Bruteforce Attacks (HTTP,HTTPS,TELNET,FTP)
• Update Support

Download Fern Wifi Cracker

[ADEL] Android Data Extractor Lite

ADEL which is meant as an abbreviation of “Android Data Extractor Lite”. ADEL was developed for versions 2.x of Android and is able to automatically dump selected SQLite database files from Android devices and extract the contents stored within the dumped files. In this section we describe the main tasks of ADEL and what steps the tool actually performs.

However, there are conditions that must apply for ADEL to work correctly. These conditions are stated in the following sections, corresponding to the relevant tasks. A flow chart showing the structure of ADEL is depicted in the following figure:

During the development of ADEL we primarily took into account the following design guidelines:

Forensic principles: ADEL is intended to treat data in a forensically correct way. This goal is reached by the fact that activities are not conducted directly on the phone but on a copy of the databases. This procedure assures that data does not become changed, neither by the users of ADEL nor by an uncompromised operating system. In order to proof the forensic correctness of ADEL, hash values are calculated prior and after each analysis, to guarantee that dumped data did not become changed during analysis.

Extendibility: ADEL has been modularly built and contains two separate modules: the analysis and the report module. Predefined interfaces exist between these modules and both of them can be easily amended by additional functions. The modular structure allows for dumping and analyzing further databases of smartphones without great effort and facilitates updates of the system in the future.

Usability: The use of ADEL is intended to be as simple as possible to allow its use by both qualified persons and non-experts. At best, the analysis of the mobile phone is conducted in an autonomous way so that the user does not receive any notice of internal processes. Moreover, the report module creates a detailed report in a readable form, including all of the decoded data. During the execution, ADEL optionally writes an extensive log file where all of the important steps that were executed are traced.

ADEL makes use of the Android Software Development Kit (Android SDK) and especially the adb deamon to dump database files to the investigator’s machine.

To extract contents contained within a SQLite database file ADEL parses the low-level data structures. After having opened the database file that is to be parsed in read-only mode, ADEL reads the database header (first 100 bytes of the file) and extracts the values for each of the header fields. Not all, but some of the values in the header fields are necessary to be able to parse the rest of the database file. An important value is the size of the pages in the database file which is required for parsing the b-tree structures (page-wise). After having read the database header fields, ADEL parses the b-tree that contains the “sqlite_master” table for which the first page of the database always is the root page. The SQL CREATE statement and the page number of the b-tree root page are extracted for each of the database tables. Additionally, the SQL CREATE statement is further analyzed to extract the name and the data type for each column of the corresponding table. Finally the complete b-tree structure is parsed for each table, beginning at the b-tree root page that was extracted from the “sqlite_master” table. Every leaf page of the b-tree is identified by following the pointers of all of the interior pages. Finally the row contents of each table are extracted from the cells found in any leaf page that belongs to the same table b-tree.

Within this section we address the report module and its functionalities. In the current development state, the following databases are forensically treated and parsed:

• telephone and SIM-card information (e. g. IMSI and serial number)
• telephone book and call lists,
• calendar entries,
• SMS messages,
• GPS locations from different sources on the smartphone.

Data retrieved this way is written to an XML-File by the report module in order to ease further use and depiction of the data. As the analysis module, it can be easily updated regarding possible changes in future Android versions or in the underlying database schemas. Therefore, we have created different tuple – e. g. [table, row, column] – to define the data that is exchanged between both modules. If the database design changes in the future, only the tuple have to be adapted. The report module automatically creates XML-files for each of the data types listed above. In addition, a report is created which contains all data extracted from the analyzed databases. With the help of a XSL-file the report will be graphically refurbished. All files created by ADEL are stored in a subfolder of the current project.

Download ADEL

[Cuckoo Sandbox v0.6] Software for Automating Analysis of Suspicious Files

Cuckoo Sandbox is an Open Source software for automating analysis of suspicious files. To do so it makes use of custom components that monitor the behavior of the malicious processes while running in an isolated environment.

Cuckoo generates a handful of different raw data which include:

• Native functions and Windows API calls traces
• Copies of files created and deleted from the filesystem
• Dump of the memory of the selected process
• Screenshots of the desktop during the execution of the malware analysis
• Network dump generated by the machine used for the analysis

In order to make such results more consumable to the end users, Cuckoo is able to process them and generate different type of reports, which could include:

• JSON report
• HTML report
• MAEC report
• MongoDB interface
• HPFeeds interface

Cuckoo Sandbox 0.6 (2012-04-15)

===============================

(note for author’s blog)

This release represents a major step forward for the quality of the project: you won’t find an endless list of new features this time, but a handful of solid improvements that should make your experience with sandboxing much more pleasant.

Along with a few smaller additions, the focus of 0.6 revolves around the introduction of network logging. Until now the retrieval of the analysis results from the analysis machines happened through an inefficient and resource-expensive XMLRPC transaction. With Cuckoo Sandbox 0.6 we are now able to collect behavioral logs, dropped files, screenshots and memory dumps in real-time from the analysis machines through the use of what it’s been called ResultServer.

The advantages of this approach are multiple:

• You will now see results coming in in real-time.
• The memory errors and timeouts that used to occur with previous versions when trying to retrieve the resuts are now gone!
• Even if the analysis machine is somehow compromised (crashed, shutdown or otherwise locked) you will still have complete results up to that point.
• Probably some more advantages, but it’s already awesome as it is.

- Added procmemdump option to all analysis packages
- Added randomization of folders and pipes in the analysis machines
- Added checks to block injection of Cuckoo's agent and analyzer
- Added configuration file for processing modules
- Added result server to collect logs, files, screenshots and all results in real-time
- Added option for enabling/disabling generation of CSV logs
- Added REST API function to delete analysis task
- Added matching of Yara signatures against dropped files
- Added default fail-over on "exe" package if can't automatically identify the correct one
- Added password option to zip package
- Improved human auxiliary module
- Improved Sleep() bypass
- Improved dump of dropped files by tracking writing operations
- Improved creation of screenshots by calculating a diff threshold
- Fixed memory error issues
- Fixed bugs in analysis procedure logic and in deletion of original files
- Fixed bugs in MongoDB reporting module
- Fixed bugs in HTML reporting module
- Fixed bugs in VirusTotal processing module
- Fixed bug in handling GetLastError() result
- Fixed bug in network traffic capture
- Fixed bug in submission and creation of tasks in the database
- Removed hooks for NtOpenProcess, NtClose, NtAllocateVirtualMemory and VirtualFreeEx because of stability issues

Download Cuckoo Sandbox v0.6

[Topera] The IPv6 port scanner invisible to Snort (IDS)

Topera is a brand new TCP port scanner under IPv6, with the particularity that these scans are not detected by Snort.

Snort is the most known IDS/IPS and is widely used in many different critical environments. Some commercial tools (Juniper or Checkpoint ones) use it as detection engine also.

Mocking snort detection capabilities could suppose a high risk in some cases.

All the community is invited to test it in any environment and we would be thankful if you send us any feedback.

We keep researching on the security implications that the "new" IPv6 protocol will have in different environments. 

You can see an example of execution of Topera here:

Download Topera

[Panoptic] Automates the process of search and retrieval of content for common log and config files through LFI vulnerability

Panoptic is an open source penetration testing tool that automates the process of search and retrieval of content for common log and config files through LFI vulnerability. Official introductionary post can be found here. Also, you can find a sample run here.

Help Menu

Usage: panoptic.py --url TARGET [options]

Options:
  -h/--help             show this help message and exit
  -v/--verbose          display extra output information
  -u/--url=URL          set target URL
  -p/--param=PARAM      set parameter name to test for (e.g. "page")
  -d/--data=DATA        set data for HTTP POST request (e.g. "page=default")
  -t/--type=TYPE        set type of file to look for ("conf" or "log")
  -o/--os=OS            set filter name for OS (e.g. "*NIX")
  -s/--software=SOFT..  set filter name for software (e.g. "PHP")
  -c/--category=CATE..  set filter name for category (e.g. "FTP")
  -l/--list=GROUP       list available filters for group (e.g. "software")
  -a/--auto             avoid user interaction by using default options
  -w/--write-files      write content of retrieved files to output folder
  -x/--skip-parsing     skip special tests if *NIX passwd file is found
  --ignore-proxy        ignore system default HTTP proxy
  --proxy=PROXY         set proxy (e.g. "socks5://192.168.5.92")
  --user-agent=UA       set HTTP User-Agent header value
  --random-agent        choose random HTTP User-Agent header value
  --cookie=COOKIE       set HTTP Cookie header value (e.g. "sid=foobar")
  --header=HEADER       set a custom HTTP header (e.g. "Max-Forwards=10")
  --prefix=PREFIX       set prefix for file path (e.g. "../")
  --postfix=POSTFIX     set postfix for file path (e.g. "")
  --multiplier=MULTI..  set multiplication number for prefix (e.g. 10)
  --bad-string=STRING   set a string occurring when file is not found
  --replace-slash=RE..  set replacement for char / in paths (e.g. "/././")
  --update              update Panoptic from official repository

Examples

./panoptic.py --url "http://localhost/lfi.php?file=test.txt"
./panoptic.py --url "http://localhost/lfi.php?file=test.txt&id=1" --param file
./panoptic.py --url "http://localhost/lfi.php" --data "file=test.txt&id=1" --param file

./panoptic.py --list software
./panoptic.py --list category
./panoptic.py --list os

./panoptic.py -u "http://localhost/lfi.php?file=test.txt" --os Windows
./panoptic.py -u "http://localhost/lfi.php?file=test.txt" --software WAMP

Download Panoptic

[Ghost Phisher] GUI suite for phishing and penetration attacks

Ghost Phisher is a Wireless and Ethernet security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library, the program is able to emulate access points and deploy various internal networking servers for networking, penetration testing and phishing attacks.

Operating System Supported

The Software runs on any Linux machine with the programs prerequisites, But the program has been tested on the following Linux based operating systems:

• Ubuntu KDE/GNOME
• BackTrack Linux
• BackBox Linux

Prerequisites

The Program requires the following to run properly:

The following dependencies can be installed using the Debian package installer command on Debian based systems using "apt-get install program" or otherwise downloaded and installed manually

• Aircrack-NG
• Python-Scapy
• Python Qt4
• Python
• Subversion
• Xterm
• Metasploit Framework (Optional)

---

Features

---

Ghost Phisher currently supports the following features:

• HTTP Server
• Inbuilt RFC 1035 DNS Server
• Inbuilt RFC 2131 DHCP Server
• Webpage Hosting and Credential Logger (Phishing)
• Wifi Access point Emulator
• Session Hijacking (Passive and Ethernet Modes)
• ARP Cache Poisoning (MITM and DOS Attacks)
• Penetration using Metasploit Bindings
• Automatic credential logging using SQlite Database
• Update Support

---

Installation

Installation on Debian Package supported systems:

---

root@host:~# dpkg -i ghost-phisher_1.5_all.deb

---

The source code for the program can be fetched using the following command on terminal

---

root@host:~# svn checkout http://ghost-phisher.googlecode.com/svn/Ghost-Phisher/

Download Ghost Phisher

[Hackersh] Free shell (command interpreter) written in Python

Hackersh ("Hacker Shell") is a free and open source (license) shell (command interpreter) written in Python with Pythonect-like syntax, builtin security commands, and out of the box wrappers for various security tools. It is like Unix pipeline, but for processing security information and metadata rather than bytes.

Download Hackersh version 0.1
Web: http://www.hackersh.org/

[HookME] TCP Proxy (Data tamper)

HookME es un software diseñado para la interceptación de las comunicaciones hookeando el proceso deseado e interceptando las llamadas del API para el envío y recepción de tráfico de red (incluso SSL). HookMe proporciona una interfaz gráfica de usuario que permite cambiar el contenido del paquete en tiempo real, o descartar o reenviarlo. También cuenta con un sistema de plugins en python para ampliar la funcionalidad HookMe.

Se puede utilizar para muchos propósitos, tales como:

• Analizar y modificar protocolos de red
• Creación de malware o backdoors embebidos en protocolos de red
• Parcheo de vulnerabilidades de memoria de protocolos
• Firewall a nivel de protocolo
• Como herramienta postexplotation
• Lo que quiera tu imaginación creando plugins

En el siguiente video podemos ver como crear un backdoor usando HookME y plugins en python que son inyectados en el proceso mysqld.exe permitiendo al atacante ejecutar comandos remotos:

Download HookME

[Fuente]

[SSLyze v0.6] SSL Server Configuration Scanning Tool

SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. It is designed to be fast and comprehensive, and should help organizations and testers identify misconfigurations affecting their SSL servers.

Features

• SSL 2.0/3.0 and TLS 1.0/1.1/1.2 compatibility
• Performance testing: session resumption and TLS tickets support
• Security testing: weak cipher suites, insecure renegation, CRIME and THC-SSL DOS attacks
• Server certificate validation
• Support for StartTLS with SMTP and XMPP, and traffic tunneling through an HTTPS proxy
• Client certificate support for servers performing mutual authentication
• Scan results can be written to an XML file for further processing

New in v0.6:

• Added support for Server Name Indication; see –sni
• Partial results are returned when the server requires client authentication but no client certificate was provided
• Preliminary IPv6 support
• Various bug fixes and better support of client authentication and HTTPS tunneling

You can download SSLyze v0.6 here:

Linux/OSX – sslyze-0.6_src.zip
Windows 7/Python 32-bit – sslyze-0.6_Windows7_Python32.zip
Windows 7/Python 64-bit – sslyze-0.6_Windows7_Python64.zip

Or read more here.

[Xortool] A tool to analyze multi-byte xor cipher

A tool to do some xor analysis:

• guess the key length (based on count of equal chars)
• guess the key (base on knowledge of most frequent char)

Usage

! python3 is not supported, use python 2.x

  xortool [-h|--help] [OPTIONS] [<filename>]
Options:
  -l,--key-length       length of the key (integer)
  -c,--char             most possible char (one char or hex code)
  -m,--max-keylen=32    maximum key length to probe (integer)
  -x,--hex              input is hex-encoded str
  -b,--brute-chars      brute-force all possible characters
  -o,--brute-printable  same as -b but will only use printable
                        characters for keys

Example

# xor is some external script to encrypt files
tests $ xor -f /bin/ls -s "secret_key" > binary_xored

tests $ xortool binary_xored
The most probable key lengths:
   2:   5.0%
   5:   8.7%
   8:   4.9%
  10:   15.4%
  12:   4.8%
  15:   8.5%
  18:   4.8%
  20:   15.1%
  25:   8.4%
  30:   14.9%
Key-length can be 5*n
Most possible char is needed to guess the key!

# 00 is the most frequent byte in binaries
tests $ xortool binary_xored -l 10 -c 00
...
1 possible key(s) of length 10:
secret_key

# decrypted ciphertexts are placed in ./xortool_out/Number_<key repr>
# ( have no better idea )
tests $ md5sum xortool_out/0_secret_key /bin/ls
29942e290876703169e1b614d0b4340a  xortool_out/0_secret_key
29942e290876703169e1b614d0b4340a  /bin/ls

The most common use is to pass just the encrypted file and the most frequent character (usually 00 for binaries and 20 for text files) - length will be automatically chosen:

tests $ xortool tool_xored -c 20
The most probable key lengths:
   2:   5.6%
   5:   7.8%
   8:   6.0%
  10:   11.7%
  12:   5.6%
  15:   7.6%
  20:   19.8%
  25:   7.8%
  28:   5.7%
  30:   11.4%
Key-length can be 5*n
1 possible key(s) of length 20:
an0ther s3cret \xdd key

Here, the key is longer then default 32 limit:

tests $ xortool ls_xored -c 00 -m 64
The most probable key lengths:
   3:   3.3%
   6:   3.3%
   9:   3.3%
  11:   7.0%
  22:   6.9%
  24:   3.3%
  27:   3.2%
  33:   18.4%
  44:   6.8%
  55:   6.7%
Key-length can be 3*n
1 possible key(s) of length 33:
really long s3cr3t k3y... PADDING

So, if automated decryption fails, you can calibrate:

• (-m) max length to try longer keys
• (-l) selected length to see some interesting keys
• (-c) the most frequent char to produce right plaintext

[MASTIFF2HTML] Static Analysis Framework Results Viewer

MASTIFF2HTML is a python program that is used to create a GUI results interface in HTML from MASTIFF results.

Download the python program at:
https://github.com/1aN0rmus/TekDefense/blob/master/MASTIFF2HTML.py
MASTIFF is an automated static malware analysis framework.

Learn more about MASTIFF at:
http://www.tekdefense.com/news/2013/2/22/tektip-ep23-mastiff-with-a-splash-of-maltrieve.html

[ARPwner] ARP and DNS Poisoning Attack Tool

ARPwner is a tool to do ARP poisoning and DNS poisoning attacks, with a simple GUI and a plugin system to do filtering of the information gathered, also has a implementation of sslstrip and is coded 100% in python and on Github, so you can modify according to your needs.

This tool was released by Nicolas Trippar at BlackHat USA 2012.

For the tool to work you need pypcap, so assuming are using a Debian derivative OS (like all sane people do) – you’ll need to do this first:

apt-get install python-pypcap

You can download ARPwner here: ARPwner.zip

Or read more here.

[Automater 1.2] IP and URL Analysis Tool

Automater is a IP and URL Analysis tool we created to help automate the analysis process. You can see a video of Automater in action in TekTip episode 15.

Download Automater 1.2

[BlindElephant] Web Application Fingerprinting

 During Black Hat USA 2010, Patrick Thomas presented a new web application fingerprinting tool called Blind Elephant.

The BlindElephant Web Application Finger-printer attempts to discover the version of a (known) web application by comparing static files at known locations against precomputed hashes for versions of those files in all all available releases. The technique is fast, low-bandwidth, non-invasive, generic, and highly automatically.

BlindElephant works via a new trendy technique of fetching static elements of the web app such as .js, .css, and other core files then running a check sum to compare sizes of those files from released versions.

BlindElephant is available via SVN here

svn co https://blindelephant.svn.sourceforge.net/svnroot/blindelephant/trunk blindelephant

[Zexplo] Penetration Testing Toolkit

Zexplo is a python based Penetration Testing toolkit with simple and cool interface. This first version of Zexplo has 6 enumeration modules for various network scanning operations such as zping, zarpcache, ztcpscan, znmapport etc and 1 exploit (filecopa). In addition to this it also has some exciting modules for man in the middle (MITM) attack and autopwn. You will also see tools such as Injector (inject modules into running process)and Encoder (with triple layer of XOR).

Zexplo works on Linux operating system and should work well on all variants of Linux as long as required dependencies are in place. For more details refer to 'Requirements' section.

Features

Here are the main features of Zexplo.

Presents 6 enumeration modules and 1 exploit  Includes Injector tool for injecting chosen modules into running processes  Special encoder featuring triple layer XOR encoder for shellcodes  Simple and easy to use interface even for beginners

Requirements

Here are the main requirements for smoother functioning of Zexplo Toolkit Linux OS Python (version < 3.0 and > 2.4) Scapy - powerful packet manipulation program

Screenshots

Here is the screenshot of Zexplo showing the usage.

Download

FREE Download Zexplo v1.1 [password - securityxploded] License  : Freeware Platform : Linux

[Http-enum] Automated HTTP Enumeration Tool

Null Security Team writing a python script for Automated HTTP Enumeration. currently only in the initial beta stage, but includes basic checking of files including the Apache server-status as well as well IIS WebDAV and Microsoft FrontPage Extensions, many more features will be added to this tool which will make lot of the enumeration process quick and simple.

Version 0.2 adds scanning of SSL / TLS as well as an option for probing delays and general bug fixes.

Download the Python Script

[Stegano 0.4] Python Steganography Module

Stéganô is a Python Steganography module.

Steganography is the art and science of writing hidden messages in such a way that no one, apart from the sender and intended recipient, suspects the existence of the message, a form of security through obscurity. Consequently, functions provided by Stéganô only hide message, without encryption. Indeed steganography is often used with cryptography.

The advantage of steganography, over cryptography alone, is that messages do not attract attention to themselves. If you are interested in cryptography have a look at my project pySecret.

Requirements

• Python (2.4 -> 2.7);
• Python Imaging Library (PIL).

Tutorial

Documentation and tutorial of Stéganô.

Methods of hiding

For the moment, Stéganô implements these methods of hiding:

• using the red portion of a pixel to hide ASCII messages;
• using the Least Significant Bit (LSB) technique;
• using the LSB technique with sets based on generators (Sieve for Eratosthenes, Fermat, Mersenne numbers, etc.);
• using the description field of the image (JPEG).

Moreover some methods of steganalysis are provided:

• steganalysis of LSB encoding in color images;
• statistical steganalysis.

Links

• Ohloh page of Stéganô;
• freecode page of Stéganô.

License

Stéganô is under GPL v3 license.

Download

https://bitbucket.org/cedricbonhomme/stegano/src

[Patator Brute Forcer] v 0.4

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.

Currently it supports the following modules:
 * ftp_login     : Brute-force FTP
 * ssh_login     : Brute-force SSH
 * telnet_login  : Brute-force Telnet
 * smtp_login    : Brute-force SMTP
 * smtp_vrfy     : Enumerate valid users using the SMTP VRFY command
 * smtp_rcpt     : Enumerate valid users using the SMTP RCPT TO command
 * finger_lookup : Enumerate valid users using Finger
 * http_fuzz     : Brute-force HTTP/HTTPS
 * pop_login     : Brute-force POP
 * pop_passd     : Brute-force poppassd (not POP3)
 * imap_login    : Brute-force IMAP
 * ldap_login    : Brute-force LDAP
 * smb_login     : Brute-force SMB
 * smb_lookupsid : Brute-force SMB SID-lookup
 * vmauthd_login : Brute-force VMware Authentication Daemon
 * mssql_login   : Brute-force MSSQL
 * oracle_login  : Brute-force Oracle
 * mysql_login   : Brute-force MySQL
 * pgsql_login   : Brute-force PostgreSQL
 * vnc_login     : Brute-force VNC
 * dns_forward   : Brute-force DNS
 * dns_reverse   : Brute-force DNS (reverse lookup subnets)
 * snmp_login    : Brute-force SNMPv1/2 and SNMPv3
 * unzip_pass    : Brute-force the password of encrypted ZIP files
 * keystore_pass : Brute-force the password of Java keystore files

The name "Patator" comes from http://www.youtube.com/watch?v=xoBkBvnTTjo

Patator is NOT script-kiddie friendly, please read the README inside patator.py before reporting. 

Patator Brute Forcer 0.4