From 49b541d2035942bf9a890837fb699f9ea1ff7cbc Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Thu, 2 Aug 2018 15:19:35 +1000
Subject: [PATCH 01/74] Work in progress for #67

---
 patator.py | 78 +++++++++++++++++++++++++++++++++++-------------------
 1 file changed, 51 insertions(+), 27 deletions(-)

diff --git a/patator.py b/patator.py
index 5120c59..fa5754d 100755
--- a/patator.py
+++ b/patator.py
@@ -3592,6 +3592,29 @@ def connect(self, host, port, scheme):
 
     return TCP_Connection(fp)
 
+  @staticmethod
+  def perform_fp(fp, method, url, header='', body=''):
+    #logger.debug('perform: %s' % url)
+    fp.setopt(pycurl.URL, url)
+
+    if method == 'GET':
+      fp.setopt(pycurl.HTTPGET, 1)
+
+    elif method == 'POST':
+      fp.setopt(pycurl.POST, 1)
+      fp.setopt(pycurl.POSTFIELDS, body)
+
+    elif method == 'HEAD':
+      fp.setopt(pycurl.NOBODY, 1)
+
+    else:
+      fp.setopt(pycurl.CUSTOMREQUEST, method)
+
+    headers = [h.strip('\r') for h in header.split('\n') if h]
+    fp.setopt(pycurl.HTTPHEADER, headers)
+
+    fp.perform()
+
   def execute(self, url=None, host=None, port='', scheme='http', path='/', params='', query='', fragment='', body='',
     header='', method='GET', auto_urlencode='1', user_pass='', auth_type='basic',
     follow='0', max_follow='5', accept_cookie='0', proxy='', proxy_type='http', resolve='', ssl_cert='', timeout_tcp='10', timeout='20', persistent='1',
@@ -3674,31 +3697,9 @@ def debug_func(t, s):
       # produce requests with more than one Cookie: header
       # and the server will process only one of them (eg. Apache only reads the last one)
 
-    def perform_fp(fp, method, url, header='', body=''):
-      #logger.debug('perform: %s' % url)
-      fp.setopt(pycurl.URL, url)
-
-      if method == 'GET':
-        fp.setopt(pycurl.HTTPGET, 1)
-
-      elif method == 'POST':
-        fp.setopt(pycurl.POST, 1)
-        fp.setopt(pycurl.POSTFIELDS, body)
-
-      elif method == 'HEAD':
-        fp.setopt(pycurl.NOBODY, 1)
-
-      else:
-        fp.setopt(pycurl.CUSTOMREQUEST, method)
-
-      headers = [h.strip('\r') for h in header.split('\n') if h]
-      fp.setopt(pycurl.HTTPHEADER, headers)
-
-      fp.perform()
-
     if before_urls:
       for before_url in before_urls.split(','):
-        perform_fp(fp, 'GET', before_url, before_header)
+        self.perform_fp(fp, 'GET', before_url, before_header)
 
       if before_egrep:
         for be in before_egrep.split('|'):
@@ -3718,7 +3719,7 @@ def perform_fp(fp, method, url, header='', body=''):
       host = '%s:%s' % (host, port)
 
     url = urlunparse((scheme, host, path, params, query, fragment))
-    perform_fp(fp, method, url, header, body)
+    self.perform_fp(fp, method, url, header, body)
 
     target = {}
     target['ip'] = fp.getinfo(pycurl.PRIMARY_IP)
@@ -3734,7 +3735,7 @@ def perform_fp(fp, method, url, header='', body=''):
 
     if after_urls:
       for after_url in after_urls.split(','):
-        perform_fp(fp, 'GET', after_url)
+        self.perform_fp(fp, 'GET', after_url)
 
     http_code = fp.getinfo(pycurl.HTTP_CODE)
     content_length = fp.getinfo(pycurl.CONTENT_LENGTH_DOWNLOAD)
@@ -3747,6 +3748,28 @@ def perform_fp(fp, method, url, header='', body=''):
 
 # }}}
 
+# RDP Gateway {{{
+import uuid
+
+class RDP_gateway(HTTP_fuzz):
+  '''Brute-force RDP Gateway'''
+
+  usage_hints = (
+      '''%prog rdp_gateway url='https://example.com/remoteDesktopGateway/' user_pass=COMBO00:COMBO01 0=combos.txt -x ignore:code=401''',
+    )
+
+  @staticmethod
+  def perform_fp(fp, method, url, header='', body=''):
+    method = 'RDG_OUT_DATA'
+    header += '\nRDG-Connection-Id: {%s}' % uuid.uuid4()
+
+    # if authentication is successful the gateway server hangs and won't send a body
+    fp.setopt(pycurl.NOBODY, 1)
+
+    HTTP_fuzz.perform_fp(fp, method, url, header)
+
+# }}}
+
 # AJP {{{
 try:
   from ajpy.ajp import AjpForwardRequest
@@ -4807,6 +4830,7 @@ def execute(self, data, data2='', delay='1'):
   ('smtp_rcpt', (Controller, SMTP_rcpt)),
   ('finger_lookup', (Controller_Finger, Finger_lookup)),
   ('http_fuzz', (Controller_HTTP, HTTP_fuzz)),
+  ('rdp_gateway', (Controller_HTTP, RDP_gateway)),
   ('ajp_fuzz', (Controller, AJP_fuzz)),
   ('pop_login', (Controller, POP_login)),
   ('pop_passd', (Controller, POP_passd)),
@@ -4840,8 +4864,8 @@ def execute(self, data, data2='', delay='1'):
 
 dependencies = {
   'paramiko': [('ssh_login',), 'http://www.paramiko.org/', '1.7.7.1'],
-  'pycurl': [('http_fuzz',), 'http://pycurl.io/', '7.43.0'],
-  'libcurl': [('http_fuzz',), 'https://curl.haxx.se/', '7.21.0'],
+  'pycurl': [('http_fuzz', 'rdp_gateway'), 'http://pycurl.io/', '7.43.0'],
+  'libcurl': [('http_fuzz', 'rdp_gateway'), 'https://curl.haxx.se/', '7.21.0'],
   'ajpy': [('ajp_fuzz',), 'https://github.com/hypn0s/AJPy/', '0.0.1'],
   'openldap': [('ldap_login',), 'http://www.openldap.org/', '2.4.24'],
   'impacket': [('smb_login', 'smb_lookupsid', 'mssql_login'), 'https://github.com/CoreSecurity/impacket', '0.9.12'],

From 1ca6a41f778a0af0d959eec94eee3a4550419b90 Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Sat, 4 Aug 2018 12:30:28 +1000
Subject: [PATCH 02/74] Fixes #67

---
 README.md        | 3 ++-
 patator.py       | 3 ++-
 requirements.txt | 2 +-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 99b7f45..dd253e1 100644
--- a/README.md
+++ b/README.md
@@ -13,6 +13,7 @@ Currently it supports the following modules:
 * smtp_rcpt      : Enumerate valid users using the SMTP RCPT TO command
 * finger_lookup  : Enumerate valid users using Finger
 * http_fuzz      : Brute-force HTTP/HTTPS
+* rdp_gateway    : Brute-force RDP Gateway
 * ajp_fuzz       : Brute-force AJP
 * pop_login      : Brute-force POP
 * pop_passd      : Brute-force poppassd (not POP3)
@@ -43,7 +44,7 @@ The name "Patator" comes from [this](https://www.youtube.com/watch?v=kU2yPJJdpag
 
 Patator is NOT script-kiddie friendly, please read the full README inside [patator.py](patator.py) before reporting.
 
-And please donate if you like this project.
+Please donate if you like this project! :)
 
 [![paypal](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=SB36VJH4EM5WG&lc=AU&item_name=lanjelot&item_number=patator&currency_code=AUD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted)
 
diff --git a/patator.py b/patator.py
index fa5754d..24f7f4f 100755
--- a/patator.py
+++ b/patator.py
@@ -39,6 +39,7 @@
   + smtp_rcpt      : Enumerate valid users using SMTP RCPT TO
   + finger_lookup  : Enumerate valid users using Finger
   + http_fuzz      : Brute-force HTTP
+  + rdp_gateway    : Brute-force RDP Gateway
   + ajp_fuzz       : Brute-force AJP
   + pop_login      : Brute-force POP3
   + pop_passd      : Brute-force poppassd (http://netwinsite.com/poppassd/)
@@ -3755,7 +3756,7 @@ class RDP_gateway(HTTP_fuzz):
   '''Brute-force RDP Gateway'''
 
   usage_hints = (
-      '''%prog rdp_gateway url='https://example.com/remoteDesktopGateway/' user_pass=COMBO00:COMBO01 0=combos.txt -x ignore:code=401''',
+      '''%prog url='https://example.com/remoteDesktopGateway/' user_pass=COMBO00:COMBO01 0=combos.txt -x ignore:code=401''',
     )
 
   @staticmethod
diff --git a/requirements.txt b/requirements.txt
index 0e1ca73..bb8acd4 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -5,7 +5,7 @@ ajpy
 pyopenssl
 cx_Oracle
 mysqlclient
-psycopg2
+psycopg2-binary
 pycrypto
 dnspython
 IPy

From 53ace4f7e797d001b986c61174108ae5d6dc15e0 Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Thu, 27 Jun 2019 16:11:22 +1000
Subject: [PATCH 03/74] Fixes #116

---
 Vagrantfile |  1 +
 patator.py  | 16 +++++++++++++++-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/Vagrantfile b/Vagrantfile
index 504c88e..5ce4e48 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -16,6 +16,7 @@ apt-get install -y ldap-utils # ldapsearch
 apt-get install -y libmysqlclient-dev # mysqlclient-python
 apt-get install -y ike-scan unzip default-jdk
 apt-get install -y libsqlite3-dev libsqlcipher-dev # pysqlcipher
+apt-get install -y libpq-dev # psycopg2
 
 # xfreerdp
 apt-get install -y git-core cmake xsltproc libssl-dev libx11-dev libxext-dev libxinerama-dev libxcursor-dev libxdamage-dev libxv-dev libxkbfile-dev libasound2-dev libcups2-dev libxml2 libxml2-dev libxrandr-dev libxi-dev libgstreamer-plugins-base1.0-dev
diff --git a/patator.py b/patator.py
index 24f7f4f..ab210a1 100755
--- a/patator.py
+++ b/patator.py
@@ -1053,6 +1053,15 @@ def md5hex(plain):
 def sha1hex(plain):
   return hashlib.sha1(plain).hexdigest()
 
+def html_unescape(s):
+  if PY3:
+    import html
+    return html.unescape(s)
+  else:
+    from HTMLParser import HTMLParser
+    h = HTMLParser()
+    return h.unescape(h)
+
 # I rewrote itertools.product to avoid memory over-consumption when using large wordlists
 def product(xs, *rest):
   if len(rest) == 0:
@@ -1456,6 +1465,7 @@ def __init__(self, module, argv):
     wlists = {}
     kargs = []
     for arg in args: # ('host=NET0', '0=10.0.0.0/24', 'user=COMBO10', 'password=COMBO11', '1=combos.txt', 'name=google.MOD2', '2=TLD')
+      logger.debug('arg: %r' % arg)
       for k, v in self.expand_key(arg):
         logger.debug('k: %s, v: %s' % (k, v))
 
@@ -3707,6 +3717,10 @@ def debug_func(t, s):
           mark, regex = be.split(':', 1)
           val = re.search(regex, response.getvalue(), re.M).group(1)
 
+          if auto_urlencode == '1':
+            val = html_unescape(val)
+            val = quote(val)
+
           header = header.replace(mark, val)
           query = query.replace(mark, val)
           body = body.replace(mark, val)
@@ -4039,7 +4053,7 @@ class VNC_login:
   '''Brute-force VNC'''
 
   usage_hints = (
-    '''%prog host=10.0.0.1 password=FILE0 0=passwords.txt -t 1 -x retry:fgrep!='Authentication failure' --max-retries -1 -x quit:code=0''',
+    '''%prog host=10.0.0.1 password=FILE0 0=passwords.txt -t 1 -x 'retry:fgrep!=Authentication failure' --max-retries -1 -x quit:code=0''',
     )
 
   available_options = (

From 22e84d9c071cbdad6b6ea4eb7ea1b301085ce7fb Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Fri, 28 Jun 2019 16:54:51 +1000
Subject: [PATCH 04/74] Fixes #117

---
 patator.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/patator.py b/patator.py
index ab210a1..1f3bb66 100755
--- a/patator.py
+++ b/patator.py
@@ -1060,7 +1060,7 @@ def html_unescape(s):
   else:
     from HTMLParser import HTMLParser
     h = HTMLParser()
-    return h.unescape(h)
+    return h.unescape(s)
 
 # I rewrote itertools.product to avoid memory over-consumption when using large wordlists
 def product(xs, *rest):

From 3c72f68554ecfe494c922ec81538d9496e44b230 Mon Sep 17 00:00:00 2001
From: ines <ines@localhost.localdomain>
Date: Sat, 27 Jul 2019 13:48:44 +0200
Subject: [PATCH 05/74] add ssl support for TCP_fuzz

---
 patator.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/patator.py b/patator.py
index 1f3bb66..eab7bba 100755
--- a/patator.py
+++ b/patator.py
@@ -4787,13 +4787,17 @@ class TCP_fuzz:
     ('host', 'target host'),
     ('port', 'target port'),
     ('timeout', 'seconds to wait for a response [10]'),
+    ('ssl', 'use SSL/TLS [0|1]'),
     )
   available_actions = ()
 
   Response = Response_Base
 
-  def execute(self, host, port, data='', timeout='2'):
+  def execute(self, host, port, data='', timeout='2',ssl='0'):
     fp = socket.create_connection((host, port), int(timeout))
+    if ssl!='0':
+      from ssl import wrap_socket
+      fp = wrap_socket(fp)
     fp.send(data.decode('hex'))
     with Timing() as timing:
       resp = fp.recv(1024)

From 988d21101499e037e9d2ddd5bbfc4fffbd481d12 Mon Sep 17 00:00:00 2001
From: ines <ines@localhost.localdomain>
Date: Sat, 27 Jul 2019 13:52:42 +0200
Subject: [PATCH 06/74] adding port in example command

---
 patator.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/patator.py b/patator.py
index eab7bba..a3cfc21 100755
--- a/patator.py
+++ b/patator.py
@@ -4780,7 +4780,7 @@ class TCP_fuzz:
   '''Fuzz TCP services'''
 
   usage_hints = (
-    '''%prog host=10.0.0.1 data=RANGE0 0=hex:0x00-0xffffff''',
+    '''%prog host=10.0.0.1 port=10000 data=RANGE0 0=hex:0x00-0xffffff''',
     )
 
   available_options = (

From 748bb90eafa28a31956e721e7f00286a9773ab02 Mon Sep 17 00:00:00 2001
From: MrTchuss <buffer@0x90.fr>
Date: Wed, 9 Oct 2019 14:40:01 +0200
Subject: [PATCH 07/74] [HTTP_FUZZ] cURL path-as-is support in command-line

---
 patator.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/patator.py b/patator.py
index 1f3bb66..531d7ff 100755
--- a/patator.py
+++ b/patator.py
@@ -3575,6 +3575,7 @@ class HTTP_fuzz(TCP_Cache):
     ('user_pass', 'username and password for HTTP authentication (user:pass)'),
     ('auth_type', 'type of HTTP authentication [basic | digest | ntlm]'),
     ('follow', 'follow any Location redirect [0|1]'),
+    ('pathasis', 'handle sequences of /../ or /./ [0|1]'),
     ('max_follow', 'redirection limit [5]'),
     ('accept_cookie', 'save received cookies to issue them in future requests [0|1]'),
     ('proxy', 'proxy to use (host:port)'),
@@ -3628,7 +3629,7 @@ def perform_fp(fp, method, url, header='', body=''):
 
   def execute(self, url=None, host=None, port='', scheme='http', path='/', params='', query='', fragment='', body='',
     header='', method='GET', auto_urlencode='1', user_pass='', auth_type='basic',
-    follow='0', max_follow='5', accept_cookie='0', proxy='', proxy_type='http', resolve='', ssl_cert='', timeout_tcp='10', timeout='20', persistent='1',
+    follow='0', pathasis='0', max_follow='5', accept_cookie='0', proxy='', proxy_type='http', resolve='', ssl_cert='', timeout_tcp='10', timeout='20', persistent='1',
     before_urls='', before_header='', before_egrep='', after_urls='', max_mem='-1'):
 
     if url:
@@ -3656,6 +3657,7 @@ def execute(self, url=None, host=None, port='', scheme='http', path='/', params=
     fp, _ = self.bind(host, port, scheme)
 
     fp.setopt(pycurl.FOLLOWLOCATION, int(follow))
+    fp.setopt(pycurl.PATH_AS_IS, int(pathasis))
     fp.setopt(pycurl.MAXREDIRS, int(max_follow))
     fp.setopt(pycurl.CONNECTTIMEOUT, int(timeout_tcp))
     fp.setopt(pycurl.TIMEOUT, int(timeout))

From a1db6bf842696364f0459c359e65b84e50b26792 Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Sun, 13 Oct 2019 16:55:30 +1000
Subject: [PATCH 08/74] Add pathasis option to http_fuzz

---
 patator.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/patator.py b/patator.py
index 531d7ff..28ace63 100755
--- a/patator.py
+++ b/patator.py
@@ -3572,10 +3572,10 @@ class HTTP_fuzz(TCP_Cache):
     ('raw_request', 'load request from file'),
     ('scheme', 'scheme [http|https]'),
     ('auto_urlencode', 'automatically perform URL-encoding [1|0]'),
+    ('pathasis', 'retain sequences of /../ or /./ [0|1]'),
     ('user_pass', 'username and password for HTTP authentication (user:pass)'),
     ('auth_type', 'type of HTTP authentication [basic | digest | ntlm]'),
     ('follow', 'follow any Location redirect [0|1]'),
-    ('pathasis', 'handle sequences of /../ or /./ [0|1]'),
     ('max_follow', 'redirection limit [5]'),
     ('accept_cookie', 'save received cookies to issue them in future requests [0|1]'),
     ('proxy', 'proxy to use (host:port)'),
@@ -3628,8 +3628,8 @@ def perform_fp(fp, method, url, header='', body=''):
     fp.perform()
 
   def execute(self, url=None, host=None, port='', scheme='http', path='/', params='', query='', fragment='', body='',
-    header='', method='GET', auto_urlencode='1', user_pass='', auth_type='basic',
-    follow='0', pathasis='0', max_follow='5', accept_cookie='0', proxy='', proxy_type='http', resolve='', ssl_cert='', timeout_tcp='10', timeout='20', persistent='1',
+    header='', method='GET', auto_urlencode='1', pathasis='0', user_pass='', auth_type='basic',
+    follow='0', max_follow='5', accept_cookie='0', proxy='', proxy_type='http', resolve='', ssl_cert='', timeout_tcp='10', timeout='20', persistent='1',
     before_urls='', before_header='', before_egrep='', after_urls='', max_mem='-1'):
 
     if url:
@@ -3656,8 +3656,8 @@ def execute(self, url=None, host=None, port='', scheme='http', path='/', params=
 
     fp, _ = self.bind(host, port, scheme)
 
-    fp.setopt(pycurl.FOLLOWLOCATION, int(follow))
     fp.setopt(pycurl.PATH_AS_IS, int(pathasis))
+    fp.setopt(pycurl.FOLLOWLOCATION, int(follow))
     fp.setopt(pycurl.MAXREDIRS, int(max_follow))
     fp.setopt(pycurl.CONNECTTIMEOUT, int(timeout_tcp))
     fp.setopt(pycurl.TIMEOUT, int(timeout))

From 03fdb3cce08d8cebf6a3ca49f4b2179bdd659ac2 Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Sun, 13 Oct 2019 17:12:46 +1000
Subject: [PATCH 09/74] Add ssl option to tcp_fuzz

---
 patator.py | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/patator.py b/patator.py
index a3cfc21..5f8adc4 100755
--- a/patator.py
+++ b/patator.py
@@ -899,6 +899,7 @@ def process_logs(queue, indicatorsfmt, argv, log_dir):
 import ctypes
 import glob
 from xml.sax.saxutils import escape as xmlescape, quoteattr as xmlquoteattr
+from ssl import wrap_socket
 try:
   # python3+
   from queue import Empty, Full
@@ -3112,8 +3113,6 @@ def execute(self, host, port='513', luser='root', user='', password=None, prompt
 # }}}
 
 # VMauthd {{{
-from ssl import wrap_socket
-
 class LineReceiver_Error(Exception):
   pass
 
@@ -4793,10 +4792,9 @@ class TCP_fuzz:
 
   Response = Response_Base
 
-  def execute(self, host, port, data='', timeout='2',ssl='0'):
+  def execute(self, host, port, data='', timeout='2', ssl='0'):
     fp = socket.create_connection((host, port), int(timeout))
-    if ssl!='0':
-      from ssl import wrap_socket
+    if ssl != '0':
       fp = wrap_socket(fp)
     fp.send(data.decode('hex'))
     with Timing() as timing:

From e539ab5271a10432d65f82d9332cf3f36546a53c Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Wed, 16 Oct 2019 17:10:36 +1000
Subject: [PATCH 10/74] Fixes #120

---
 patator.py | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/patator.py b/patator.py
index b87d170..b9f0842 100755
--- a/patator.py
+++ b/patator.py
@@ -745,7 +745,7 @@ def filter(self, record):
     else:
       return 1
 
-def process_logs(queue, indicatorsfmt, argv, log_dir):
+def process_logs(queue, indicatorsfmt, argv, log_dir, runtime_file):
 
   ignore_ctrlc()
 
@@ -765,14 +765,21 @@ def process_logs(queue, indicatorsfmt, argv, log_dir):
 
   names = [name for name, _ in indicatorsfmt] + ['candidate', 'num', 'mesg']
 
-  if log_dir:
-    runtime_log = os.path.join(log_dir, 'RUNTIME.log')
-    results_csv = os.path.join(log_dir, 'RESULTS.csv')
-    results_xml = os.path.join(log_dir, 'RESULTS.xml')
+  if runtime_file:
+    runtime_log = os.path.join(log_dir if log_dir else './', runtime_file)
 
     with open(runtime_log, 'a') as f:
       f.write('$ %s\n' % ' '.join(argv))
 
+    handler_log = logging.FileHandler(runtime_log)
+    handler_log.setFormatter(TXTFormatter(indicatorsfmt))
+
+    logger.addHandler(handler_log)
+
+  if log_dir:
+    results_csv = os.path.join(log_dir, 'RESULTS.csv')
+    results_xml = os.path.join(log_dir, 'RESULTS.xml')
+
     if not os.path.exists(results_csv):
       with open(results_csv, 'w') as f:
         f.write('time,level,%s\n' % ','.join(names))
@@ -815,18 +822,15 @@ def process_logs(queue, indicatorsfmt, argv, log_dir):
           f.seek(offset)
           f.truncate(f.tell())
 
-    handler_log = logging.FileHandler(runtime_log)
     handler_csv = logging.FileHandler(results_csv)
     handler_xml = logging.FileHandler(results_xml)
 
     handler_csv.addFilter(MsgFilter())
     handler_xml.addFilter(MsgFilter())
 
-    handler_log.setFormatter(TXTFormatter(indicatorsfmt))
     handler_csv.setFormatter(CSVFormatter(indicatorsfmt))
     handler_xml.setFormatter(XMLFormatter(indicatorsfmt))
 
-    logger.addHandler(handler_log)
     logger.addHandler(handler_csv)
     logger.addHandler(handler_xml)
 
@@ -1396,6 +1400,7 @@ def format_usage(self, usage):
     log_grp = OptionGroup(parser, 'Logging')
     log_grp.add_option('-l', dest='log_dir', metavar='DIR', help="save output and response data into DIR ")
     log_grp.add_option('-L', dest='auto_log', metavar='SFX', help="automatically save into DIR/yyyy-mm-dd/hh:mm:ss_SFX (DIR defaults to '/tmp/patator')")
+    log_grp.add_option('-R', dest='runtime_file', metavar='FILE', help="save output to FILE")
 
     dbg_grp = OptionGroup(parser, 'Debugging')
     dbg_grp.add_option('-d', '--debug', dest='debug', action='store_true', default=False, help='enable debug messages')
@@ -1451,7 +1456,7 @@ def __init__(self, module, argv):
 
     log_queue = multiprocessing.Queue()
 
-    logsvc = multiprocessing.Process(name='LogSvc', target=process_logs, args=(log_queue, module.Response.indicatorsfmt, argv, build_logdir(opts.log_dir, opts.auto_log)))
+    logsvc = multiprocessing.Process(name='LogSvc', target=process_logs, args=(log_queue, module.Response.indicatorsfmt, argv, build_logdir(opts.log_dir, opts.auto_log), opts.runtime_file))
     logsvc.daemon = True
     logsvc.start()
 

From 3135ea166658e5345d8bd3ae47c5b04c3a6b58c2 Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Thu, 17 Oct 2019 10:24:17 +1000
Subject: [PATCH 11/74] Fixes #120

---
 patator.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/patator.py b/patator.py
index b9f0842..0b36c4c 100755
--- a/patator.py
+++ b/patator.py
@@ -765,8 +765,8 @@ def process_logs(queue, indicatorsfmt, argv, log_dir, runtime_file):
 
   names = [name for name, _ in indicatorsfmt] + ['candidate', 'num', 'mesg']
 
-  if runtime_file:
-    runtime_log = os.path.join(log_dir if log_dir else './', runtime_file)
+  if runtime_file or log_dir:
+    runtime_log = os.path.join(log_dir or '', runtime_file or 'RUNTIME.log')
 
     with open(runtime_log, 'a') as f:
       f.write('$ %s\n' % ' '.join(argv))

From 1732fbbae7e0ad127007f03b0cee25695df1c1ad Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Thu, 17 Oct 2019 16:21:55 +1000
Subject: [PATCH 12/74] Fixes #118

---
 patator.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/patator.py b/patator.py
index 0b36c4c..cb04b41 100755
--- a/patator.py
+++ b/patator.py
@@ -3731,6 +3731,8 @@ def debug_func(t, s):
           query = query.replace(mark, val)
           body = body.replace(mark, val)
 
+      response = StringIO()
+
     if auto_urlencode == '1':
       path = quote(path)
       query = urlencode(parse_qsl(query, True))

From 22ba7337956fbc8cb9333cd282df15f66de3db69 Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Sun, 24 Nov 2019 13:57:02 +1000
Subject: [PATCH 13/74] Fixes #103 and more

---
 patator.py | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/patator.py b/patator.py
index cb04b41..8bbc996 100755
--- a/patator.py
+++ b/patator.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python2
+#!/usr/bin/env python3
 
 # Copyright (C) 2012 Sebastien MACKE
 #
@@ -2079,7 +2079,7 @@ def monitor_interaction(self):
         etc_time = etc_seconds.strftime('%H:%M:%S')
 
       logger.info('Progress: {0:>3}% ({1}/{2}) | Speed: {3:.0f} r/s | ETC: {4} ({5} remaining) {6}'.format(
-        total_count * 100/total_size,
+        total_count * 100 // total_size,
         total_count,
         total_size,
         speed_avg,
@@ -2885,10 +2885,6 @@ def execute(self, host, port='139', user='', password='', sid=None, rid=None, pe
 # POP {{{
 from poplib import POP3, POP3_SSL, error_proto as pop_error
 
-class POP_Connection(TCP_Connection):
-  def close(self):
-    self.fp.quit()
-
 class POP_login(TCP_Cache):
   '''Brute-force POP3'''
 
@@ -2916,7 +2912,7 @@ def connect(self, host, port, ssl, timeout):
       if not port: port = 995
       fp = POP3_SSL(host, int(port)) # timeout=int(timeout)) # no timeout option in python2
 
-    return POP_Connection(fp, fp.welcome)
+    return TCP_Connection(fp, fp.welcome)
 
   def execute(self, host, port='', ssl='0', user=None, password=None, timeout='10', persistent='1'):
 
@@ -2937,12 +2933,12 @@ def execute(self, host, port='', ssl='0', user=None, password=None, timeout='10'
 
     except pop_error as e:
       logger.debug('pop_error: %s' % e)
-      resp = str(e)
+      resp = e.args[0]
 
     if persistent == '0':
       self.reset()
 
-    code, mesg = resp.split(' ', 1)
+    code, mesg = B(resp).split(' ', 1)
     return self.Response(code, mesg, timing)
 
 class POP_passd:
@@ -3676,6 +3672,9 @@ def debug_func(t, s):
       if max_mem > 0 and trace.tell() > max_mem:
         return 0
 
+      if t not in (pycurl.INFOTYPE_HEADER_OUT, pycurl.INFOTYPE_DATA_OUT, pycurl.INFOTYPE_TEXT, pycurl.INFOTYPE_HEADER_IN, pycurl.INFOTYPE_DATA_IN):
+        return 0
+
       s = B(s)
 
       if t in (pycurl.INFOTYPE_HEADER_OUT, pycurl.INFOTYPE_DATA_OUT):

From 94cdfb19bbd8ac4f86b79a2d5e5c5788078145a8 Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Sun, 24 Nov 2019 14:23:41 +1000
Subject: [PATCH 14/74] Fixes #27

---
 patator.py | 26 +++++++++++++++-----------
 1 file changed, 15 insertions(+), 11 deletions(-)

diff --git a/patator.py b/patator.py
index 8bbc996..aecc78a 100755
--- a/patator.py
+++ b/patator.py
@@ -745,7 +745,7 @@ def filter(self, record):
     else:
       return 1
 
-def process_logs(queue, indicatorsfmt, argv, log_dir, runtime_file):
+def process_logs(queue, indicatorsfmt, argv, log_dir, runtime_file, csv_file, xml_file):
 
   ignore_ctrlc()
 
@@ -776,14 +776,22 @@ def process_logs(queue, indicatorsfmt, argv, log_dir, runtime_file):
 
     logger.addHandler(handler_log)
 
-  if log_dir:
-    results_csv = os.path.join(log_dir, 'RESULTS.csv')
-    results_xml = os.path.join(log_dir, 'RESULTS.xml')
+  if csv_file or log_dir:
+    results_csv = os.path.join(log_dir or '', csv_file or 'RESULTS.csv')
 
     if not os.path.exists(results_csv):
       with open(results_csv, 'w') as f:
         f.write('time,level,%s\n' % ','.join(names))
 
+    handler_csv = logging.FileHandler(results_csv)
+    handler_csv.addFilter(MsgFilter())
+    handler_csv.setFormatter(CSVFormatter(indicatorsfmt))
+
+    logger.addHandler(handler_csv)
+
+  if xml_file or log_dir:
+    results_xml = os.path.join(log_dir or '', xml_file or 'RESULTS.xml')
+
     if not os.path.exists(results_xml):
       with open(results_xml, 'w') as f:
         f.write('<?xml version="1.0" encoding="UTF-8"?>\n<root>\n')
@@ -822,16 +830,10 @@ def process_logs(queue, indicatorsfmt, argv, log_dir, runtime_file):
           f.seek(offset)
           f.truncate(f.tell())
 
-    handler_csv = logging.FileHandler(results_csv)
     handler_xml = logging.FileHandler(results_xml)
-
-    handler_csv.addFilter(MsgFilter())
     handler_xml.addFilter(MsgFilter())
-
-    handler_csv.setFormatter(CSVFormatter(indicatorsfmt))
     handler_xml.setFormatter(XMLFormatter(indicatorsfmt))
 
-    logger.addHandler(handler_csv)
     logger.addHandler(handler_xml)
 
   while True:
@@ -1401,6 +1403,8 @@ def format_usage(self, usage):
     log_grp.add_option('-l', dest='log_dir', metavar='DIR', help="save output and response data into DIR ")
     log_grp.add_option('-L', dest='auto_log', metavar='SFX', help="automatically save into DIR/yyyy-mm-dd/hh:mm:ss_SFX (DIR defaults to '/tmp/patator')")
     log_grp.add_option('-R', dest='runtime_file', metavar='FILE', help="save output to FILE")
+    log_grp.add_option('--csv', dest='csv_file', metavar='FILE', help="save CSV results to FILE")
+    log_grp.add_option('--xml', dest='xml_file', metavar='FILE', help="save XML results to FILE")
 
     dbg_grp = OptionGroup(parser, 'Debugging')
     dbg_grp.add_option('-d', '--debug', dest='debug', action='store_true', default=False, help='enable debug messages')
@@ -1456,7 +1460,7 @@ def __init__(self, module, argv):
 
     log_queue = multiprocessing.Queue()
 
-    logsvc = multiprocessing.Process(name='LogSvc', target=process_logs, args=(log_queue, module.Response.indicatorsfmt, argv, build_logdir(opts.log_dir, opts.auto_log), opts.runtime_file))
+    logsvc = multiprocessing.Process(name='LogSvc', target=process_logs, args=(log_queue, module.Response.indicatorsfmt, argv, build_logdir(opts.log_dir, opts.auto_log), opts.runtime_file, opts.csv_file, opts.xml_file))
     logsvc.daemon = True
     logsvc.start()
 

From a92c06f0d0205d92fcaf4f641b5481ccae8252bf Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Sun, 24 Nov 2019 18:45:07 +1000
Subject: [PATCH 15/74] Fixes #89

---
 patator.py | 36 +++++++++++++++++++++++++-----------
 1 file changed, 25 insertions(+), 11 deletions(-)

diff --git a/patator.py b/patator.py
index aecc78a..9edffcf 100755
--- a/patator.py
+++ b/patator.py
@@ -664,8 +664,11 @@ def headers(self):
   def result(self, *args):
     self.send('result', *args)
 
-  def save(self, *args):
-    self.send('save', *args)
+  def save_response(self, *args):
+    self.send('save_response', *args)
+
+  def save_hit(self, *args):
+    self.send('save_hit', *args)
 
   def setLevel(self, level):
     self.send('setLevel', level)
@@ -745,7 +748,7 @@ def filter(self, record):
     else:
       return 1
 
-def process_logs(queue, indicatorsfmt, argv, log_dir, runtime_file, csv_file, xml_file):
+def process_logs(queue, indicatorsfmt, argv, log_dir, runtime_file, csv_file, xml_file, hits_file):
 
   ignore_ctrlc()
 
@@ -836,6 +839,10 @@ def process_logs(queue, indicatorsfmt, argv, log_dir, runtime_file, csv_file, xm
 
     logger.addHandler(handler_xml)
 
+  if hits_file:
+    if os.path.exists(hits_file):
+      os.rename(hits_file, hits_file + '.' + strftime("%Y%m%d%H%M%S", localtime()))
+
   while True:
 
     pname, action, args = queue.get()
@@ -864,7 +871,7 @@ def process_logs(queue, indicatorsfmt, argv, log_dir, runtime_file, csv_file, xm
       else:
         logger.info(None, extra=dict(results))
 
-    elif action == 'save':
+    elif action == 'save_response':
 
       resp, num = args
 
@@ -873,6 +880,11 @@ def process_logs(queue, indicatorsfmt, argv, log_dir, runtime_file, csv_file, xm
         with open('%s.txt' % os.path.join(log_dir, filename), 'w') as f:
           f.write(resp.dump())
 
+    elif action == 'save_hit':
+      if hits_file:
+        with open(hits_file, 'a') as f:
+          f.write('%s\n' % ':'.join(args))
+
     elif action == 'setLevel':
       logger.setLevel(args[0])
 
@@ -923,7 +935,7 @@ def process_logs(queue, indicatorsfmt, argv, log_dir, runtime_file, csv_file, xm
 PY3 = sys.version_info >= (3,)
 if PY3: # http://python3porting.com/problems.html
   def b(x):
-    return x.encode('ISO-8859-1')
+    return x.encode('UTF-8') # 'ISO-8859-1')
   def B(x):
     return x.decode()
 else:
@@ -1140,13 +1152,13 @@ def __init__(self, typ, rng, random=None):
         step = 1
 
     elif typ == 'letters':
-      charset = [c for c in string.letters]
+      charset = [c for c in string.ascii_letters]
 
     elif typ in ('lower', 'lowercase'):
-      charset = [c for c in string.lowercase]
+      charset = [c for c in string.ascii_lowercase]
 
     elif typ in ('upper', 'uppercase'):
-      charset = [c for c in string.uppercase]
+      charset = [c for c in string.ascii_uppercase]
 
     def zrange(start, stop, step, fmt):
       x = start
@@ -1405,6 +1417,7 @@ def format_usage(self, usage):
     log_grp.add_option('-R', dest='runtime_file', metavar='FILE', help="save output to FILE")
     log_grp.add_option('--csv', dest='csv_file', metavar='FILE', help="save CSV results to FILE")
     log_grp.add_option('--xml', dest='xml_file', metavar='FILE', help="save XML results to FILE")
+    log_grp.add_option('--hits', dest='hits_file', metavar='FILE', help="save found candidates to FILE")
 
     dbg_grp = OptionGroup(parser, 'Debugging')
     dbg_grp.add_option('-d', '--debug', dest='debug', action='store_true', default=False, help='enable debug messages')
@@ -1460,7 +1473,7 @@ def __init__(self, module, argv):
 
     log_queue = multiprocessing.Queue()
 
-    logsvc = multiprocessing.Process(name='LogSvc', target=process_logs, args=(log_queue, module.Response.indicatorsfmt, argv, build_logdir(opts.log_dir, opts.auto_log), opts.runtime_file, opts.csv_file, opts.xml_file))
+    logsvc = multiprocessing.Process(name='LogSvc', target=process_logs, args=(log_queue, module.Response.indicatorsfmt, argv, build_logdir(opts.log_dir, opts.auto_log), opts.runtime_file, opts.csv_file, opts.xml_file, opts.hits_file))
     logsvc.daemon = True
     logsvc.start()
 
@@ -1881,7 +1894,7 @@ def shutdown():
             payload[k] = payload[k].replace('PROG%d' %i, prod[i])
 
       for k, m, e in self.enc_keys:
-        payload[k] = re.sub(r'{0}(.+?){0}'.format(m), lambda m: e(m.group(1)), payload[k])
+        payload[k] = re.sub(r'{0}(.+?){0}'.format(m), lambda m: e(b(m.group(1))), payload[k])
 
       logger.debug('product: %s' % prod)
       pp_prod = ':'.join(prod)
@@ -2003,7 +2016,8 @@ def report_progress(self):
         elif 'ignore' not in actions:
           p.hits_count += 1
 
-          logger.save(resp, offset)
+          logger.save_response(resp, offset)
+          logger.save_hit(current)
 
           self.push_final(resp)
 

From e975529cea83778c19f6d4442c426a7514044b3a Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Sat, 30 Nov 2019 15:31:02 +1000
Subject: [PATCH 16/74] Fixes #107

---
 patator.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/patator.py b/patator.py
index 9edffcf..aa84b9d 100755
--- a/patator.py
+++ b/patator.py
@@ -3524,8 +3524,12 @@ def __init__(self, fd):
     self.rfile = fd
     self.error = None
     self.body = None
-    self.raw_requestline = self.rfile.readline()
+
+    command, path, version = B(self.rfile.readline()).split()
+    self.raw_requestline = b('%s %s %s' % (command, path, 'HTTP/1.1' if version.startswith('HTTP/2') else version))
+
     self.parse_request()
+    self.request_version = version
 
     if self.command == 'POST':
       self.body = B(self.rfile.read(-1)).rstrip('\r\n')

From f5b161a38986b32f756e2e2bd6640d2a764fce15 Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Sat, 30 Nov 2019 15:33:27 +1000
Subject: [PATCH 17/74] Fix Python3 compat

---
 patator.py | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/patator.py b/patator.py
index aa84b9d..c58e5d6 100755
--- a/patator.py
+++ b/patator.py
@@ -935,9 +935,9 @@ def process_logs(queue, indicatorsfmt, argv, log_dir, runtime_file, csv_file, xm
 PY3 = sys.version_info >= (3,)
 if PY3: # http://python3porting.com/problems.html
   def b(x):
-    return x.encode('UTF-8') # 'ISO-8859-1')
+    return x.encode('ISO-8859-1', errors='ignore')
   def B(x):
-    return x.decode()
+    return x.decode(errors='ignore')
 else:
   def b(x):
     return x
@@ -3826,12 +3826,15 @@ def close(self):
     sock.close()
 
 class Response_AJP(Response_HTTP):
-  def __init__(self, code, response, status_msg='', timing=0, trace=None, content_length=-1, target={}):
+  def __init__(self, code, response, timing=0, trace=None, content_length=-1, target={}):
     Response_HTTP.__init__(self, code, response, timing, trace, content_length, target)
-    self.status_msg = status_msg
 
   def __str__(self):
-    return self.status_msg or self.mesg
+    lines = self.mesg.splitlines()
+    if lines:
+      return lines[0].rstrip('\r')
+    else:
+      return self.mesg
 
 def prepare_ajp_forward_request(target_host, req_uri, method):
   fr = AjpForwardRequest(AjpForwardRequest.SERVER_TO_CONTAINER)
@@ -3878,7 +3881,7 @@ def connect(self, host, port):
     sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
     sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
     sock.connect((host, int(port)))
-    stream = sock.makefile("rb", bufsize=0)
+    stream = sock.makefile('rb', None if PY3 else 0)
 
     return AJP_Connection((sock, stream))
 
@@ -3893,7 +3896,7 @@ def execute(self, url=None, host=None, port='8009', path='/', params='', query='
     req_uri = urlunparse(('', '', path, params, query, fragment))
 
     fr = prepare_ajp_forward_request(host, req_uri, AjpForwardRequest.REQUEST_METHODS.get('GET'))
-    fr.request_headers['SC_REQ_AUTHORIZATION'] = "Basic " + b64encode(user_pass)
+    fr.request_headers['SC_REQ_AUTHORIZATION'] = "Basic " + B(b64encode(b(user_pass)))
 
     headers = [h.strip('\r') for h in header.split('\n') if h]
     for h in headers:
@@ -3907,13 +3910,13 @@ def execute(self, url=None, host=None, port='8009', path='/', params='', query='
 
     snd_hdrs_res = responses[0]
     http_code = snd_hdrs_res.http_status_code
-    http_status_msg = snd_hdrs_res.http_status_msg
+    http_status_msg = B(snd_hdrs_res.http_status_msg)
     content_length = int(snd_hdrs_res.response_headers.get('Content-Length', 0))
 
     data_res = responses[1:-1]
     data = ''
     for dr in data_res:
-      data += dr.data
+      data += B(dr.data)
 
     target = {}
     target['ip'] = host
@@ -3922,7 +3925,7 @@ def execute(self, url=None, host=None, port='8009', path='/', params='', query='
     if persistent == '0':
       self.reset()
 
-    return self.Response(http_code, data, http_status_msg, timing, data, content_length, target)
+    return self.Response(http_code, http_status_msg + '\n' + data, timing, data, content_length, target)
 
 # }}}
 

From 98bd95bd5e865cb238bab46d082065cacc121be1 Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Sat, 21 Mar 2020 15:01:58 +1000
Subject: [PATCH 18/74] Switch to bionic64

---
 Vagrantfile      | 4 ++--
 patator.py       | 8 +++++---
 requirements.txt | 2 +-
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/Vagrantfile b/Vagrantfile
index 5ce4e48..6124ec3 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -13,7 +13,7 @@ apt-get install -y tmux git wget build-essential vim
 # requirements.txt deps
 apt-get install -y libcurl4-openssl-dev python3-dev libssl-dev # pycurl
 apt-get install -y ldap-utils # ldapsearch
-apt-get install -y libmysqlclient-dev # mysqlclient-python
+apt-get install -y libmariadbclient-dev # mysqlclient-python
 apt-get install -y ike-scan unzip default-jdk
 apt-get install -y libsqlite3-dev libsqlcipher-dev # pysqlcipher
 apt-get install -y libpq-dev # psycopg2
@@ -33,7 +33,7 @@ pip install patator
 SCRIPT
 
 Vagrant.configure(2) do |config|
-  config.vm.box = "ubuntu/xenial64"
+  config.vm.box = "ubuntu/bionic64"
   config.vm.box_check_update = false
  
   # prevent TTY error messages
diff --git a/patator.py b/patator.py
index c58e5d6..34836ff 100755
--- a/patator.py
+++ b/patator.py
@@ -2522,10 +2522,12 @@ class SMTP_Base(TCP_Cache):
   def connect(self, host, port, ssl, helo, starttls, timeout):
 
     if ssl == '0':
-      if not port: port = 25
+      if not port:
+        port = 25
       fp = SMTP(timeout=int(timeout))
     else:
-      if not port: port = 465
+      if not port:
+        port = 465
       fp = SMTP_SSL(timeout=int(timeout))
 
     resp = fp.connect(host, int(port))
@@ -3235,7 +3237,7 @@ def execute(self, host, port='902', user=None, password=None, ssl='1', timeout='
 
 # MySQL {{{
 try:
-  import _mysql
+  from MySQLdb import _mysql
 except ImportError:
   notfound.append('mysqlclient')
 
diff --git a/requirements.txt b/requirements.txt
index bb8acd4..5c93b5a 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,7 +1,7 @@
 paramiko
 pycurl
 ajpy
-#impacket # no python3 compatibility
+impacket
 pyopenssl
 cx_Oracle
 mysqlclient

From 30abee9a36aa181320cbae9a845fec2b45e05e1a Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Sun, 22 Mar 2020 12:08:56 +1000
Subject: [PATCH 19/74] Update versions

---
 Vagrantfile |  5 ++--
 patator.py  | 81 +++++++++++++++++++++++++++++++----------------------
 2 files changed, 50 insertions(+), 36 deletions(-)

diff --git a/Vagrantfile b/Vagrantfile
index 6124ec3..acac447 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -18,8 +18,9 @@ apt-get install -y ike-scan unzip default-jdk
 apt-get install -y libsqlite3-dev libsqlcipher-dev # pysqlcipher
 apt-get install -y libpq-dev # psycopg2
 
-# xfreerdp
-apt-get install -y git-core cmake xsltproc libssl-dev libx11-dev libxext-dev libxinerama-dev libxcursor-dev libxdamage-dev libxv-dev libxkbfile-dev libasound2-dev libcups2-dev libxml2 libxml2-dev libxrandr-dev libxi-dev libgstreamer-plugins-base1.0-dev
+# xfreerdp (see https://github.com/FreeRDP/FreeRDP/wiki/Compilation)
+apt-get install ninja-build build-essential git-core debhelper cdbs dpkg-dev autotools-dev cmake pkg-config xmlto libssl-dev docbook-xsl xsltproc libxkbfile-dev libx11-dev libwayland-dev libxrandr-dev libxi-dev libxrender-dev libxext-dev libxinerama-dev libxfixes-dev libxcursor-dev libxv-dev libxdamage-dev libxtst-dev libcups2-dev libpcsclite-dev libasound2-dev libpulse-dev libjpeg-dev libgsm1-dev libusb-1.0-0-dev libudev-dev libdbus-glib-1-dev uuid-dev libxml2-dev libgstreamer1.0-dev libgstreamer-plugins-base1.0-dev libfaad-dev libfaac-dev
+apt-get install libavutil-dev libavcodec-dev libavresample-dev
 git clone https://github.com/FreeRDP/FreeRDP/ /tmp/FreeRDP && (cd /tmp/FreeRDP && cmake -DCMAKE_BUILD_TYPE=Debug -DWITH_SSE2=ON . && make && sudo make install)
 
 SCRIPT
diff --git a/patator.py b/patator.py
index 34836ff..78d7691 100755
--- a/patator.py
+++ b/patator.py
@@ -11,14 +11,17 @@
 # FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
 # details (http://www.gnu.org/licenses/gpl.txt).
 
+import sys
+
 __author__  = 'Sebastien Macke'
 __email__   = 'patator@hsc.fr'
 __url__     = 'http://www.hsc.fr/ressources/outils/patator/'
 __git__     = 'https://github.com/lanjelot/patator'
-__twitter__ = 'http://twitter.com/lanjelot'
-__version__ = '0.7'
+__twitter__ = 'https://twitter.com/lanjelot'
+__version__ = '0.8'
 __license__ = 'GPLv2'
-__banner__  = 'Patator v%s (%s)' % (__version__, __git__)
+__pyver__   = '%d.%d.%d' % sys.version_info[0:3]
+__banner__  = 'Patator %s (%s) with python-%s' % (__version__, __git__, __pyver__)
 
 # README {{{
 
@@ -126,37 +129,37 @@
 
                  |  Required for  |                        URL                         | Version |
 --------------------------------------------------------------------------------------------------
-paramiko         | SSH            | http://www.lag.net/paramiko/                       | 1.7.7.1 |
+paramiko         | SSH            | http://www.lag.net/paramiko/                       |   2.7.1 |
 --------------------------------------------------------------------------------------------------
 pycurl           | HTTP           | http://pycurl.sourceforge.net/                     |  7.43.0 |
 --------------------------------------------------------------------------------------------------
-libcurl          | HTTP           | https://curl.haxx.se/                              |  7.21.0 |
+libcurl          | HTTP           | https://curl.haxx.se/                              |  7.58.0 |
 --------------------------------------------------------------------------------------------------
-ajpy             | AJP            | https://github.com/hypn0s/AJPy/                    |   0.0.1 |
+ajpy             | AJP            | https://github.com/hypn0s/AJPy/                    |   0.0.4 |
 --------------------------------------------------------------------------------------------------
-openldap         | LDAP           | http://www.openldap.org/                           |  2.4.24 |
+openldap         | LDAP           | http://www.openldap.org/                           |  2.4.45 |
 --------------------------------------------------------------------------------------------------
-impacket         | SMB, MSSQL     | https://github.com/CoreSecurity/impacket           |  0.9.12 |
+impacket         | SMB, MSSQL     | https://github.com/CoreSecurity/impacket           |  0.9.20 |
 --------------------------------------------------------------------------------------------------
-pyOpenSSL        | impacket       | https://pyopenssl.org/                             |  17.5.0 |
+pyOpenSSL        | impacket       | https://pyopenssl.org/                             |  19.1.0 |
 --------------------------------------------------------------------------------------------------
-cx_Oracle        | Oracle         | http://cx-oracle.sourceforge.net/                  |   5.1.1 |
+cx_Oracle        | Oracle         | http://cx-oracle.sourceforge.net/                  |   7.3.0 |
 --------------------------------------------------------------------------------------------------
-mysqlclient      | MySQL          | https://github.com/PyMySQL/mysqlclient-python      |  1.3.12 |
+mysqlclient      | MySQL          | https://github.com/PyMySQL/mysqlclient-python      |   1.4.6 |
 --------------------------------------------------------------------------------------------------
 xfreerdp         | RDP (NLA)      | https://github.com/FreeRDP/FreeRDP/                |   1.2.0 |
 --------------------------------------------------------------------------------------------------
-psycopg          | PostgreSQL     | http://initd.org/psycopg/                          |   2.4.5 |
+psycopg          | PostgreSQL     | http://initd.org/psycopg/                          |   2.8.4 |
 --------------------------------------------------------------------------------------------------
 pycrypto         | VNC, impacket  | http://www.dlitz.net/software/pycrypto/            |   2.6.1 |
 --------------------------------------------------------------------------------------------------
-dnspython        | DNS            | http://www.dnspython.org/                          |  1.10.0 |
+dnspython        | DNS            | http://www.dnspython.org/                          |  1.16.0 |
 --------------------------------------------------------------------------------------------------
-IPy              | NET keyword    | https://github.com/haypo/python-ipy                |    0.75 |
+IPy              | NET keyword    | https://github.com/haypo/python-ipy                |     1.0 |
 --------------------------------------------------------------------------------------------------
-pysnmp           | SNMP           | http://pysnmp.sourceforge.net/                     |   4.2.1 |
+pysnmp           | SNMP           | http://pysnmp.sourceforge.net/                     |  4.4.12 |
 --------------------------------------------------------------------------------------------------
-pyasn1           | SNMP, impacket | http://sourceforge.net/projects/pyasn1/            |   0.1.2 |
+pyasn1           | SNMP, impacket | http://sourceforge.net/projects/pyasn1/            |   0.4.8 |
 --------------------------------------------------------------------------------------------------
 ike-scan         | IKE            | http://www.nta-monitor.com/tools-resources/        |     1.9 |
 --------------------------------------------------------------------------------------------------
@@ -166,7 +169,7 @@
 --------------------------------------------------------------------------------------------------
 pysqlcipher      | SQLCipher      | https://github.com/leapcode/pysqlcipher/           |  2.6.10 |
 --------------------------------------------------------------------------------------------------
-python           |                | http://www.python.org/                             |     2.7 |
+python           |                | http://www.python.org/                             |     3.6 |
 --------------------------------------------------------------------------------------------------
 
 * Shortcuts (optional)
@@ -587,6 +590,12 @@
 CHANGELOG
 ---------
 
+* v0.8 2020/03/22
+  - new switches (-R, --csv, --xml, --hits)
+  - new pathasis option for http_fuzz
+  - new rdp_gateway module
+  - fixed various issues reported on Github
+
 * v0.7 2017/12/14
   - added Python3 support
   - added Windows support
@@ -1962,6 +1971,9 @@ def shutdown():
         if 'fail' in actions:
           break
 
+        if 'quit' in actions:
+          return shutdown()
+
         if 'retry' in actions:
           continue
 
@@ -2000,6 +2012,9 @@ def report_progress(self):
         p.current = current
         p.seconds[p.done_count % len(p.seconds)] = seconds
 
+        if 'quit' in actions:
+          self.ns.quit_now = True
+
         if 'fail' in actions:
           if not self.allow_ignore_failures or 'ignore' not in actions:
             logger.result('fail', resp, current, offset)
@@ -2023,9 +2038,6 @@ def report_progress(self):
 
         p.done_count += 1
 
-        if 'quit' in actions:
-          self.ns.quit_now = True
-
 
   def monitor_interaction(self):
 
@@ -3106,6 +3118,7 @@ def execute(self, host, port='513', luser='root', user='', password=None, prompt
     fp, _ = self.bind(host, port, timeout=int(timeout))
 
     trace = b''
+    prompt_re = b(prompt_re)
     timeout = int(timeout)
 
     with Timing() as timing:
@@ -4915,27 +4928,27 @@ def execute(self, data, data2='', delay='1'):
   ]
 
 dependencies = {
-  'paramiko': [('ssh_login',), 'http://www.paramiko.org/', '1.7.7.1'],
+  'paramiko': [('ssh_login',), 'http://www.paramiko.org/', '2.7.1'],
   'pycurl': [('http_fuzz', 'rdp_gateway'), 'http://pycurl.io/', '7.43.0'],
-  'libcurl': [('http_fuzz', 'rdp_gateway'), 'https://curl.haxx.se/', '7.21.0'],
-  'ajpy': [('ajp_fuzz',), 'https://github.com/hypn0s/AJPy/', '0.0.1'],
-  'openldap': [('ldap_login',), 'http://www.openldap.org/', '2.4.24'],
-  'impacket': [('smb_login', 'smb_lookupsid', 'mssql_login'), 'https://github.com/CoreSecurity/impacket', '0.9.12'],
-  'pyopenssl': [('mssql_login',), 'https://pyopenssl.org/', '17.5.0'],
-  'cx_Oracle': [('oracle_login',), 'http://cx-oracle.sourceforge.net/', '5.1.1'],
-  'mysqlclient': [('mysql_login',), 'https://github.com/PyMySQL/mysqlclient-python', '1.3.12'],
+  'libcurl': [('http_fuzz', 'rdp_gateway'), 'https://curl.haxx.se/', '7.58.0'],
+  'ajpy': [('ajp_fuzz',), 'https://github.com/hypn0s/AJPy/', '0.0.4'],
+  'openldap': [('ldap_login',), 'http://www.openldap.org/', '2.4.45'],
+  'impacket': [('smb_login', 'smb_lookupsid', 'mssql_login'), 'https://github.com/CoreSecurity/impacket', '0.9.20'],
+  'pyopenssl': [('mssql_login',), 'https://pyopenssl.org/', '19.1.0'],
+  'cx_Oracle': [('oracle_login',), 'http://cx-oracle.sourceforge.net/', '7.3.0'],
+  'mysqlclient': [('mysql_login',), 'https://github.com/PyMySQL/mysqlclient-python', '1.4.6'],
   'xfreerdp': [('rdp_login',), 'https://github.com/FreeRDP/FreeRDP.git', '1.2.0-beta1'],
-  'psycopg': [('pgsql_login',), 'http://initd.org/psycopg/', '2.4.5'],
+  'psycopg': [('pgsql_login',), 'http://initd.org/psycopg/', '2.8.4'],
   'pycrypto': [('smb_login', 'smb_lookupsid', 'mssql_login', 'vnc_login',), 'http://www.dlitz.net/software/pycrypto/', '2.6.1'],
-  'dnspython': [('dns_reverse', 'dns_forward'), 'http://www.dnspython.org/', '1.10.0'],
-  'IPy': [('dns_reverse', 'dns_forward'), 'https://github.com/haypo/python-ipy', '0.75'],
-  'pysnmp': [('snmp_login',), 'http://pysnmp.sf.net/', '4.2.1'],
-  'pyasn1': [('smb_login', 'smb_lookupsid', 'mssql_login', 'snmp_login'), 'http://sourceforge.net/projects/pyasn1/', '0.1.2'],
+  'dnspython': [('dns_reverse', 'dns_forward'), 'http://www.dnspython.org/', '1.16.0'],
+  'IPy': [('dns_reverse', 'dns_forward'), 'https://github.com/haypo/python-ipy', '1.0'],
+  'pysnmp': [('snmp_login',), 'http://pysnmp.sf.net/', '4.4.12'],
+  'pyasn1': [('smb_login', 'smb_lookupsid', 'mssql_login', 'snmp_login'), 'http://sourceforge.net/projects/pyasn1/', '0.4.8'],
   'ike-scan': [('ike_enum',), 'http://www.nta-monitor.com/tools-resources/security-tools/ike-scan', '1.9'],
   'unzip': [('unzip_pass',), 'http://www.info-zip.org/', '6.0'],
   'java': [('keystore_pass',), 'http://www.oracle.com/technetwork/java/javase/', '6'],
   'pysqlcipher': [('sqlcipher_pass',), 'https://github.com/leapcode/pysqlcipher/', '2.6.10'],
-  'python': [('ftp_login',), 'Patator requires Python 2.7 or above. Some features may be unavailable otherwise, such as TLS support for FTP.'],
+  'python': [('ftp_login',), 'Patator requires Python 3.6 or above and may still work on Python 2.'],
   }
 # }}}
 

From 704dab811ff5020a82e68622ef446f875531148b Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Sun, 22 Mar 2020 12:34:42 +1000
Subject: [PATCH 20/74] Release v0.8

---
 setup.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup.py b/setup.py
index 03bdf17..5a94067 100644
--- a/setup.py
+++ b/setup.py
@@ -13,7 +13,7 @@ def parse_requirements(file):
 
 setup(
     name="patator",
-    version="0.7",
+    version="0.8",
     description="multi-purpose brute-forcer",
     long_description=long_description,
     url="https://github.com/lanjelot/patator",

From 426c2574e56a1ff9764672f85c494e8639f578b6 Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Mon, 23 Mar 2020 15:51:34 +1000
Subject: [PATCH 21/74] Fixes #128

---
 patator.py | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/patator.py b/patator.py
index 78d7691..aaf4bf8 100755
--- a/patator.py
+++ b/patator.py
@@ -927,6 +927,7 @@ def process_logs(queue, indicatorsfmt, argv, log_dir, runtime_file, csv_file, xm
 import glob
 from xml.sax.saxutils import escape as xmlescape, quoteattr as xmlquoteattr
 from ssl import wrap_socket
+from binascii import hexlify, unhexlify
 try:
   # python3+
   from queue import Empty, Full
@@ -1305,8 +1306,8 @@ class Controller:
     )
 
   available_encodings = {
-    'hex': (lambda s: s.encode('hex'), 'encode in hexadecimal'),
-    'unhex': (lambda s: s.decode('hex'), 'decode from hexadecimal'),
+    'hex': (lambda s: B(hexlify(s)), 'encode in hexadecimal'),
+    'unhex': (lambda s: B(unhexlify(s)), 'decode from hexadecimal'),
     'b64': (b64encode, 'encode in base64'),
     'md5': (md5hex, 'hash in md5'),
     'sha1': (sha1hex, 'hash in sha1'),
@@ -4844,13 +4845,13 @@ def execute(self, host, port, data='', timeout='2', ssl='0'):
     fp = socket.create_connection((host, port), int(timeout))
     if ssl != '0':
       fp = wrap_socket(fp)
-    fp.send(data.decode('hex'))
+    fp.send(unhexlify(data))
     with Timing() as timing:
       resp = fp.recv(1024)
     fp.close()
 
     code = 0
-    mesg = resp.encode('hex')
+    mesg = B(hexlify(resp))
 
     return self.Response(code, mesg, timing)
 

From 13033508937d66fe714969042a4fd9863843f2e5 Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Thu, 26 Mar 2020 15:54:45 +1000
Subject: [PATCH 22/74] New --groups option (fixes #124)

---
 README.md  |   2 +-
 patator.py | 204 +++++++++++++++++++++++++++++++++++++----------------
 2 files changed, 146 insertions(+), 60 deletions(-)

diff --git a/README.md b/README.md
index dd253e1..b4d8b97 100644
--- a/README.md
+++ b/README.md
@@ -40,7 +40,7 @@ Currently it supports the following modules:
 * umbraco_crack  : Crack Umbraco HMAC-SHA1 password hashes
 ```
 
-The name "Patator" comes from [this](https://www.youtube.com/watch?v=kU2yPJJdpag).
+The name "Patator" comes from [this](https://www.youtube.com/watch?v=9sF9fTALhVA).
 
 Patator is NOT script-kiddie friendly, please read the full README inside [patator.py](patator.py) before reporting.
 
diff --git a/patator.py b/patator.py
index aaf4bf8..85ebef3 100755
--- a/patator.py
+++ b/patator.py
@@ -18,7 +18,7 @@
 __url__     = 'http://www.hsc.fr/ressources/outils/patator/'
 __git__     = 'https://github.com/lanjelot/patator'
 __twitter__ = 'https://twitter.com/lanjelot'
-__version__ = '0.8'
+__version__ = '0.8-dev'
 __license__ = 'GPLv2'
 __pyver__   = '%d.%d.%d' % sys.version_info[0:3]
 __banner__  = 'Patator %s (%s) with python-%s' % (__version__, __git__, __pyver__)
@@ -76,7 +76,7 @@
 Future modules to be implemented:
   - rdp_login w/no NLA
 
-The name "Patator" comes from http://www.youtube.com/watch?v=xoBkBvnTTjo
+The name "Patator" comes from https://www.youtube.com/watch?v=9sF9fTALhVA
 
 * Why ?
 
@@ -226,6 +226,20 @@
 10.0.0.1 admin 123456
 ...
 
+By default Patator iterates over the cartesian product of all payload sets. Use
+the --groups option to iterate over sets simultaneously instead. For example to
+distribute all payloads among identical servers:
+---------
+$ ./module name=FILE0.FILE1 resolver=FILE2 0=names.txt 1=domains.txt 2=ips.txt --groups 0,1:2
+ftp.abc.fr 8.8.8.8
+ftp.xyz.fr 8.8.4.4
+git.abc.fr 8.8.8.8
+git.xyz.fr 8.8.4.4
+www.abc.fr 8.8.8.8
+www.xyz.fr 8.8.4.4
+
+The numbers of every keyword given on the command line must be specified.
+Use ',' to iterate over the cartesian product of sets and use ':' to iterate over sets simultaneously.
 
 * Keywords
 
@@ -909,8 +923,9 @@ def process_logs(queue, indicatorsfmt, argv, log_dir, runtime_file, csv_file, xm
 from time import localtime, gmtime, strftime, sleep, time
 from platform import system
 from functools import reduce
+from operator import mul, itemgetter
 from select import select
-from itertools import islice
+from itertools import islice, cycle
 import string
 import random
 from decimal import Decimal
@@ -928,6 +943,7 @@ def process_logs(queue, indicatorsfmt, argv, log_dir, runtime_file, csv_file, xm
 from xml.sax.saxutils import escape as xmlescape, quoteattr as xmlquoteattr
 from ssl import wrap_socket
 from binascii import hexlify, unhexlify
+import mmap
 try:
   # python3+
   from queue import Empty, Full
@@ -1091,22 +1107,33 @@ def html_unescape(s):
     h = HTMLParser()
     return h.unescape(s)
 
+def mapcount(filename):
+  lines = 0
+  with open(filename, 'r+') as f:
+    buf = mmap.mmap(f.fileno(), 0)
+    readline = buf.readline
+    while readline():
+      lines += 1
+  return lines
+
 # I rewrote itertools.product to avoid memory over-consumption when using large wordlists
 def product(xs, *rest):
   if len(rest) == 0:
-    for x in xs():
+    for x in xs:
       yield [x]
   else:
-    for head in xs():
+    for head in xs:
       for tail in product(*rest):
         yield [head] + tail
 
-def chain(*iterables):
-  def xs():
-    for iterable in iterables:
+class chain:
+  def __init__(self, *iterables):
+    self.iterables = iterables
+
+  def __iter__(self):
+    for iterable in self.iterables:
       for element in iterable:
         yield element
-  return xs
 
 class FileIter:
   def __init__(self, filename):
@@ -1241,7 +1268,6 @@ def __len__(self):
     return self.size
 
 class ProgIter:
-
   def __init__(self, prog):
     self.prog = prog
 
@@ -1293,6 +1319,21 @@ def _run_server(cls, registry, address, authkey, serializer, writer, initializer
     ignore_ctrlc()
     super(MyManager, cls)._run_server(registry, address, authkey, serializer, writer)
 
+def ppstr(s):
+  if isinstance(s, bytes):
+    s = B(s)
+  if not isinstance(s, str):
+    s = str(s)
+  return s.rstrip('\r\n')
+
+def flatten(l):
+  r = []
+  for x in l:
+    if isinstance(x, (list, tuple)):
+      r.extend(map(ppstr, x))
+    else:
+      r.append(ppstr(x))
+  return r
 # }}}
 
 # Controller {{{
@@ -1407,19 +1448,20 @@ def format_usage(self, usage):
 
     exe_grp = OptionGroup(parser, 'Execution')
     exe_grp.add_option('-x', dest='actions', action='append', default=[], metavar='arg', help='actions and conditions, see Syntax below')
-    exe_grp.add_option('--start', dest='start', type='int', default=0, metavar='N', help='start from offset N in the wordlist product')
+    exe_grp.add_option('--start', dest='start', type='int', default=0, metavar='N', help='start from offset N in the product of all payload sets')
     exe_grp.add_option('--stop', dest='stop', type='int', default=None, metavar='N', help='stop at offset N')
     exe_grp.add_option('--resume', dest='resume', metavar='r1[,rN]*', help='resume previous run')
     exe_grp.add_option('-e', dest='encodings', action='append', default=[], metavar='arg', help='encode everything between two tags, see Syntax below')
     exe_grp.add_option('-C', dest='combo_delim', default=':', metavar='str', help="delimiter string in combo files (default is ':')")
     exe_grp.add_option('-X', dest='condition_delim', default=',', metavar='str', help="delimiter string in conditions (default is ',')")
-    exe_grp.add_option('--allow-ignore-failures', action='store_true', default=False, dest='allow_ignore_failures', help="failures cannot be ignored with -x (this is by design to avoid false negatives) this option overrides this behavior")
+    exe_grp.add_option('--allow-ignore-failures', action='store_true', default=False, dest='allow_ignore_failures', help="failures cannot be ignored with -x (this is by design to avoid false negatives) this option overrides this safeguard")
 
     opt_grp = OptionGroup(parser, 'Optimization')
-    opt_grp.add_option('--rate-limit', dest='rate_limit', type='float', default=0, metavar='N', help='wait N seconds between each test (default is 0)')
+    opt_grp.add_option('--rate-limit', dest='rate_limit', type='float', default=0, metavar='N', help='wait N seconds between each attempt (default is 0)')
     opt_grp.add_option('--timeout', dest='timeout', type='int', default=0, metavar='N', help='wait N seconds for a response before retrying payload (default is 0)')
     opt_grp.add_option('--max-retries', dest='max_retries', type='int', default=4, metavar='N', help='skip payload after N retries (default is 4) (-1 for unlimited)')
     opt_grp.add_option('-t', '--threads', dest='num_threads', type='int', default=10, metavar='N', help='number of threads (default is 10)')
+    opt_grp.add_option('--groups', dest='groups', default='', metavar='', help="default is to iterate over the cartesian product of all payload sets, use this option to iterate over sets simultaneously instead (aka pitchfork), see syntax inside (default is '0,1..n')")
 
     log_grp = OptionGroup(parser, 'Logging')
     log_grp.add_option('-l', dest='log_dir', metavar='DIR', help="save output and response data into DIR ")
@@ -1453,6 +1495,7 @@ def __init__(self, module, argv):
 
     self.payload = {}
     self.iter_keys = {}
+    self.iter_groups = {}
     self.enc_keys = []
 
     self.module = module
@@ -1514,7 +1557,8 @@ def __init__(self, module, argv):
           kargs.append((k, v))
 
     iter_vals = [v for k, v in sorted(wlists.items())]
-    logger.debug('kargs: %s' % kargs) # [('host', 'NET0'), ('user', 'COMBO10'), ('password', 'COMBO11'), ('domain', 'MOD2')]
+
+    logger.debug('kargs: %s' % kargs) # [('host', 'NET0'), ('user', 'COMBO10'), ('password', 'COMBO11'), ('name', 'google.MOD2')]
     logger.debug('iter_vals: %s' % iter_vals) # ['10.0.0.0/24', 'combos.txt', 'TLD']
 
     for k, v in kargs:
@@ -1567,10 +1611,26 @@ def __init__(self, module, argv):
                 else:
                   self.payload[k] = v
 
-    logger.debug('iter_keys: %s' % self.iter_keys) # { 0: ('NET', '10.0.0.0/24', ['host']), 1: ('COMBO', 'combos.txt', [(0, 'user'), (1, 'password')]), 2: ('MOD', 'TLD', ['name'])
+    if self.iter_keys:
+      if not opts.groups:
+        # default is to iterate over the cartesian product of all payload sets
+        opts.groups = ','.join(map(str, self.iter_keys))
+
+      for i, g in enumerate(opts.groups.split(':')):
+        ks = list(map(int, g.split(',')))
+        for k in ks:
+          if k not in self.iter_keys:
+            raise ValueError('Unknown keyword number %r' % k)
+
+        self.iter_groups[i] = sorted(ks)
+
+    logger.debug('iter_groups: %s' % self.iter_groups) # {0: [0, 1], 1: [2]}
+    logger.debug('iter_keys: %s' % self.iter_keys) # [(0, ('NET', '10.0.0.0/24', ['host'])), (1, ('COMBO', 'combos.txt', [(0, 'user'), (1, 'password')])), (2, ('MOD', 'TLD', ['name']))]
     logger.debug('enc_keys: %s' % self.enc_keys) # [('password', 'ENC', hex), ('header', 'B64', b64encode), ...
-    logger.debug('payload: %s' % self.payload)
+    logger.debug('payload: %s' % self.payload) # {'host': 'NET0', 'user': 'COMBO10', 'password': 'COMBO11', 'name': 'google.MOD2'}
 
+    self.iter_groups = sorted(self.iter_groups.items())
+    self.iter_keys = sorted(self.iter_keys.items())
     self.available_actions = [k for k, _ in self.builtin_actions + self.module.available_actions]
     self.module_actions = [k for k, _ in self.module.available_actions]
 
@@ -1722,58 +1782,44 @@ def produce(self, task_queues, log_queue):
     global logger
     logger = Logger(log_queue)
 
-    iterables = []
-    total_size = 1
-
     def abort(msg):
       logger.warn(msg)
       self.ns.quit_now = True
 
-    for _, (t, v, _) in self.iter_keys.items():
+    psets = {}
+    for k, (t, v, _) in self.iter_keys:
 
-      if t in ('FILE', 'COMBO'):
-        size = 0
-        files = []
+      pset= []
+      size = 0
 
+      if t in ('FILE', 'COMBO'):
         for name in v.split(','):
           for fpath in sorted(glob.iglob(expand_path(name))):
             if not os.path.isfile(fpath):
               return abort("No such file '%s'" % fpath)
 
-            with open(fpath) as f:
-              for _ in f:
-                size += 1
-
-            files.append(FileIter(fpath))
-
-        iterable = chain(*files)
+            pset.append(FileIter(fpath))
+            size += mapcount(fpath)
 
       elif t == 'NET':
-        subnets = [IP(n, make_net=True) for n in v.split(',')]
-        size = sum(len(s) for s in subnets)
-        iterable = chain(*subnets)
+        pset = [IP(n, make_net=True) for n in v.split(',')]
+        size = sum(len(subnet) for subnet in pset)
 
       elif t == 'MOD':
         elements, size = self.module.available_keys[v]()
-        iterable = chain(elements)
+        pset = [elements]
 
       elif t == 'RANGE':
-        size = 0
-        ranges = []
-
         for r in v.split(','):
           typ, opt = r.split(':', 1)
 
           try:
-            it = RangeIter(typ, opt)
-            size += len(it)
+            ri = RangeIter(typ, opt)
+            size += len(ri)
+            pset.append(ri)
           except ValueError as e:
             return abort("Invalid range '%s' of type '%s', %s" % (opt, typ, e))
 
-          ranges.append(it)
-
-        iterable = chain(*ranges)
-
       elif t == 'PROG':
         m = re.match(r'(.+),(\d+)$', v)
         if m:
@@ -1783,19 +1829,48 @@ def abort(msg):
 
         logger.debug('prog: %s, size: %s' % (prog, size))
 
-        it = ProgIter(prog)
-        iterable, size = chain(it), int(size)
+        pset = [ProgIter(prog)]
+        size = int(size)
 
       else:
         return abort('Incorrect keyword %r' % t)
 
-      total_size *= size
-      iterables.append(iterable)
+      psets[k] = chain(*pset), size
+
+    logger.debug('payload sets: %r' % psets)
+
+    zipit = []
+    if not psets:
+      total_size = 1
+      zipit.append([''])
+
+    else:
+      group_sizes = {}
+      for i, ks in self.iter_groups:
+        group_sizes[i] = reduce(mul, (size for _, size in [psets[k] for k in ks]))
+
+      logger.debug('group_sizes: %s' % group_sizes)
+
+      total_size = max(group_sizes.values())
+      biggest, _ = max(group_sizes.items(), key=itemgetter(1))
+
+      for i, ks in self.iter_groups:
+        r = []
+
+        for k in ks:
+          pset, _ = psets[k]
+          r.append(pset)
 
-    if not iterables:
-      iterables.append(chain(['']))
+        it = product(*r)
+        if i != biggest:
+          it = cycle(it)
 
-    if self.stop:
+        zipit.append(it)
+
+    logger.debug('zipit: %s' % zipit)
+    logger.debug('total_size: %d' % total_size)
+
+    if self.stop and total_size > self.stop:
       total_size = self.stop - self.start
     else:
       total_size -= self.start
@@ -1809,13 +1884,18 @@ def abort(msg):
     logger.headers()
 
     count = 0
-    for pp in islice(product(*iterables), self.start, self.stop):
+    for pp in islice(zip(*zipit), self.start, self.stop):
 
       if self.ns.quit_now:
         break
 
-      cid = count % self.num_threads
-      prod = [str(p).rstrip('\r\n') for p in pp]
+      pp = flatten(pp)
+      logger.debug('pp: %s' % pp)
+
+      prod = [''] * len(pp)
+      for _, ks in self.iter_groups:
+        for k in ks:
+          prod[k] = pp.pop(0)
 
       if self.resume:
         idx = count % len(self.resume)
@@ -1831,6 +1911,7 @@ def abort(msg):
           break
 
         try:
+          cid = count % self.num_threads
           task_queues[cid].put_nowait(prod)
           break
         except Full:
@@ -1883,7 +1964,7 @@ def shutdown():
 
       payload = self.payload.copy()
 
-      for i, (t, _, keys) in self.iter_keys.items():
+      for i, (t, _, keys) in self.iter_keys:
         if t == 'FILE':
           for k in keys:
             payload[k] = payload[k].replace('FILE%d' % i, prod[i])
@@ -1907,10 +1988,10 @@ def shutdown():
         payload[k] = re.sub(r'{0}(.+?){0}'.format(m), lambda m: e(b(m.group(1))), payload[k])
 
       logger.debug('product: %s' % prod)
-      pp_prod = ':'.join(prod)
+      prod_str = ':'.join(prod)
 
       if self.check_free(payload):
-        report_queue.put(('skip', pp_prod, None, 0))
+        report_queue.put(('skip', prod_str, None, 0))
         continue
 
       try_count = 0
@@ -1959,7 +2040,7 @@ def shutdown():
           actions = {'fail': None}
 
         actions.update(self.lookup_actions(resp))
-        report_queue.put((actions, pp_prod, resp, time() - start_time))
+        report_queue.put((actions, prod_str, resp, time() - start_time))
 
         for name in self.module_actions:
           if name in actions:
@@ -2039,7 +2120,6 @@ def report_progress(self):
 
         p.done_count += 1
 
-
   def monitor_interaction(self):
 
     if on_windows():
@@ -2127,7 +2207,6 @@ def monitor_interaction(self):
             total_count,
             total_size/num_threads,
             p.current))
-
 # }}}
 
 # Response_Base {{{
@@ -4858,6 +4937,9 @@ def execute(self, host, port, data='', timeout='2', ssl='0'):
 # }}}
 
 # Dummy Test {{{
+def generate_tst():
+  return ['prd', 'dev'], 2
+
 class Dummy_test:
   '''Testing module'''
 
@@ -4875,6 +4957,10 @@ class Dummy_test:
     )
   available_actions = ()
 
+  available_keys = {
+    'TST': generate_tst,
+    }
+
   Response = Response_Base
 
   def execute(self, data, data2='', delay='1'):

From 2b78b342fc8d82cc0d6ff7e51ff30c97c0bd69db Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Sat, 28 Mar 2020 07:14:07 +1000
Subject: [PATCH 23/74] Fixes #53 somewhat

---
 patator.py | 70 +++++++++++++++++++++++++++++++-----------------------
 1 file changed, 40 insertions(+), 30 deletions(-)

diff --git a/patator.py b/patator.py
index 85ebef3..8524d99 100755
--- a/patator.py
+++ b/patator.py
@@ -24,7 +24,6 @@
 __banner__  = 'Patator %s (%s) with python-%s' % (__version__, __git__, __pyver__)
 
 # README {{{
-
 '''
 INTRODUCTION
 ------------
@@ -849,7 +848,7 @@ def process_logs(queue, indicatorsfmt, argv, log_dir, runtime_file, csv_file, xm
         f.write('</options>\n')
         f.write('<results>\n')
 
-    else: # remove "</results>...</root>"
+    else:  # remove "</results>...</root>"
       with open(results_xml, 'r+b') as f:
         offset = f.read().find(b'</results>')
         if offset != -1:
@@ -911,7 +910,7 @@ def process_logs(queue, indicatorsfmt, argv, log_dir, runtime_file, csv_file, xm
     elif action == 'setLevel':
       logger.setLevel(args[0])
 
-    else: # 'warn', 'info', 'debug'
+    else:  # 'warn', 'info', 'debug'
       getattr(logger, action)(args[0], extra={'pname': pname})
 
 # }}}
@@ -931,7 +930,6 @@ def process_logs(queue, indicatorsfmt, argv, log_dir, runtime_file, csv_file, xm
 from decimal import Decimal
 from base64 import b64encode
 from datetime import timedelta, datetime
-from struct import unpack
 import socket
 import subprocess
 import hashlib
@@ -959,14 +957,16 @@ def process_logs(queue, indicatorsfmt, argv, log_dir, runtime_file, csv_file, xm
   from sys import maxint
 
 PY3 = sys.version_info >= (3,)
-if PY3: # http://python3porting.com/problems.html
+if PY3:  # http://python3porting.com/problems.html
   def b(x):
     return x.encode('ISO-8859-1', errors='ignore')
+
   def B(x):
     return x.decode(errors='ignore')
 else:
   def b(x):
     return x
+
   def B(x):
     return x
 
@@ -1017,7 +1017,8 @@ def __init__(self, *args, **kw):
   forking.Popen = _Popen
 
 from multiprocessing.managers import SyncManager
-# imports }}}
+
+# }}}
 
 # utils {{{
 def expand_path(s):
@@ -1034,7 +1035,7 @@ def is_exe(fpath):
     return os.path.exists(fpath) and os.access(fpath, os.X_OK)
 
   fpath, fname = os.path.split(program)
-  if on_windows() and fname[-4:] != '.exe' :
+  if on_windows() and fname[-4:] != '.exe':
     fname += '.exe'
 
   if fpath:
@@ -1090,7 +1091,7 @@ def create_time_dir(top_path, desc):
   return time_path
 
 def pprint_seconds(seconds, fmt):
-  return fmt % reduce(lambda x,y: divmod(x[0], y) + x[1:], [(seconds,),60,60])
+  return fmt % reduce(lambda x, y: divmod(x[0], y) + x[1:], [(seconds,), 60, 60])
 
 def md5hex(plain):
   return hashlib.md5(plain).hexdigest()
@@ -1434,7 +1435,7 @@ def format_usage(self, usage):
     encoding   := "%s"
 
 %s''' % ('" | "'.join(k for k in self.available_encodings),
-       '\n'.join('    %-12s: %s' % (k, v) for k, (f, v) in self.available_encodings.items()))
+        '\n'.join('    %-12s: %s' % (k, v) for k, (f, v) in self.available_encodings.items()))
 
     epilog += '''
 
@@ -1789,7 +1790,7 @@ def abort(msg):
     psets = {}
     for k, (t, v, _) in self.iter_keys:
 
-      pset= []
+      pset = []
       size = 0
 
       if t in ('FILE', 'COMBO'):
@@ -1855,8 +1856,8 @@ def abort(msg):
       biggest, _ = max(group_sizes.items(), key=itemgetter(1))
 
       for i, ks in self.iter_groups:
-        r = []
 
+        r = []
         for k in ks:
           pset, _ = psets[k]
           r.append(pset)
@@ -1976,13 +1977,13 @@ def shutdown():
             payload[k] = payload[k].replace('COMBO%d%d' % (i, j), prod[i].split(self.combo_delim)[j])
         elif t == 'MOD':
           for k in keys:
-            payload[k] = payload[k].replace('MOD%d' %i, prod[i])
+            payload[k] = payload[k].replace('MOD%d' % i, prod[i])
         elif t == 'RANGE':
           for k in keys:
-            payload[k] = payload[k].replace('RANGE%d' %i, prod[i])
+            payload[k] = payload[k].replace('RANGE%d' % i, prod[i])
         elif t == 'PROG':
           for k in keys:
-            payload[k] = payload[k].replace('PROG%d' %i, prod[i])
+            payload[k] = payload[k].replace('PROG%d' % i, prod[i])
 
       for k, m, e in self.enc_keys:
         payload[k] = re.sub(r'{0}(.+?){0}'.format(m), lambda m: e(b(m.group(1))), payload[k])
@@ -2134,7 +2135,8 @@ def monitor_interaction(self):
 
     else:
       i, _, _ = select([sys.stdin], [], [], .1)
-      if not i: return
+      if not i:
+        return
       command = i[0].readline().strip()
 
     if command == 'h':
@@ -2501,7 +2503,7 @@ def execute(self, host, port='22', user=None, password=None, auth_type='password
               fp.auth_password(user, password, fallback=False)
 
             elif auth_type == 'keyboard-interactive':
-              fp.auth_interactive(user, lambda a,b,c: [password] if len(c) == 1 else [])
+              fp.auth_interactive(user, lambda a, b, c: [password] if len(c) == 1 else [])
 
             elif auth_type == 'auto':
               fp.auth_password(user, password, fallback=True)
@@ -3018,10 +3020,12 @@ class POP_login(TCP_Cache):
 
   def connect(self, host, port, ssl, timeout):
     if ssl == '0':
-      if not port: port = 110
+      if not port:
+        port = 110
       fp = POP3(host, int(port), timeout=int(timeout))
     else:
-      if not port: port = 995
+      if not port:
+        port = 995
       fp = POP3_SSL(host, int(port)) # timeout=int(timeout)) # no timeout option in python2
 
     return TCP_Connection(fp, fp.welcome)
@@ -3128,10 +3132,12 @@ class IMAP_login:
 
   def execute(self, host, port='', ssl='0', user=None, password=None):
     if ssl == '0':
-      if not port: port = 143
+      if not port:
+        port = 143
       klass = IMAP4
     else:
-      if not port: port = 993
+      if not port:
+        port = 993
       klass = IMAP4_SSL
 
     with Timing() as timing:
@@ -3652,7 +3658,7 @@ def expand_key(self, arg):
       if r.path.startswith('http'):
         opts['url'] = r.path
       else:
-        _, _, opts['path'], opts['params'], opts['query'], opts['fragment'] =  urlparse(r.path)
+        _, _, opts['path'], opts['params'], opts['query'], opts['fragment'] = urlparse(r.path)
         opts['host'] = r.headers['Host']
 
       opts['header'] = str(r.headers)
@@ -4160,7 +4166,6 @@ def login(self, password):
     else:
       raise VNC_Error('Unknown response: %r (code: %s)' % (resp, code))
 
-
   def gen_key(self, key):
     newkey = []
     for ki in range(len(key)):
@@ -4312,7 +4317,8 @@ def distro():
         continue
       for line in open(f):
         match = re.match(r'([a-zA-Z0-9]+)\s', line)
-        if not match: continue
+        if not match:
+          continue
         for w in re.split(r'[^a-z0-9]', match.group(1).strip().lower()):
           ret.extend(['_%s.%s' % (w, i) for i in ('_tcp', '_udp')])
     return ret
@@ -4331,10 +4337,12 @@ def __str__(self):
     if self.name:
       line = ' '.join(self.name)
     if self.ip:
-      if line: line += ' / '
+      if line:
+        line += ' / '
       line += ' '.join(map(str, self.ip))
     if self.alias:
-      if line: line += ' / '
+      if line:
+        line += ' / '
       line += ' '.join(self.alias)
 
     return line
@@ -4434,10 +4442,11 @@ def show_final(self):
         else:
           i = 0
         d = '.'.join(name.split('.')[i:])
-        if d not in domains: domains[d] = 0
+        if d not in domains:
+          domains[d] = 0
         domains[d] += 1
 
-    for domain, count in sorted(domains.items(), key=lambda a:a[0].split('.')[-1::-1]):
+    for domain, count in sorted(domains.items(), key=lambda a: a[0].split('.')[-1::-1]):
       print('%34s %d' % (domain, count))
 
     print('Networks ' + '-'*41)
@@ -4447,7 +4456,8 @@ def show_final(self):
         nets[ip] = [ip]
       else:
         n = ip.make_net('255.255.255.0')
-        if n not in nets: nets[n] = []
+        if n not in nets:
+          nets[n] = []
         nets[n].append(ip)
 
     for net, ips in sorted(nets.items()):
@@ -4615,7 +4625,7 @@ def execute(self, host, port=None, version='2', community='public', user='myuser
       errorIndication, errorStatus, errorIndex, varBinds = cmdgen.CommandGenerator().getCmd(
         security_model,
         cmdgen.UdpTransportTarget((host, int(port or 161)), timeout=int(timeout), retries=int(retries)),
-        (1,3,6,1,2,1,1,1,0)
+        (1, 3, 6, 1, 2, 1, 1, 1, 0)
         )
 
     code = '%d-%d' % (errorStatus, errorIndex)
@@ -4648,7 +4658,7 @@ def execute(self, host, port=None, version='2', community='public', user='myuser
 
 def generate_transforms():
   lists = list(map(lambda l: [i[0] for i in l], [IKE_ENC, IKE_HASH, IKE_AUTH, IKE_GROUP]))
-  return map(lambda p: ','.join(p), product(*[chain(l) for l in lists])), reduce(lambda x,y: x*y, map(len, lists))
+  return map(lambda p: ','.join(p), product(*[chain(l) for l in lists])), reduce(lambda x, y: x*y, map(len, lists))
 
 class Controller_IKE(Controller):
 

From b25e85d0be236ee11c2f314a43e8d83c9d00b868 Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Sat, 28 Mar 2020 08:12:13 +1000
Subject: [PATCH 24/74] Fix file line count function

---
 patator.py | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/patator.py b/patator.py
index 8524d99..e6cc624 100755
--- a/patator.py
+++ b/patator.py
@@ -1108,14 +1108,18 @@ def html_unescape(s):
     h = HTMLParser()
     return h.unescape(s)
 
-def mapcount(filename):
-  lines = 0
-  with open(filename, 'r+') as f:
-    buf = mmap.mmap(f.fileno(), 0)
-    readline = buf.readline
-    while readline():
-      lines += 1
-  return lines
+def count_lines(filename):
+  with open(filename) as f:
+    lines = 0
+    buf_size = 1024 * 1024
+    read_f = f.read
+
+    buf = read_f(buf_size)
+    while buf:
+      lines += buf.count('\n')
+      buf = read_f(buf_size)
+
+    return lines
 
 # I rewrote itertools.product to avoid memory over-consumption when using large wordlists
 def product(xs, *rest):
@@ -1800,7 +1804,7 @@ def abort(msg):
               return abort("No such file '%s'" % fpath)
 
             pset.append(FileIter(fpath))
-            size += mapcount(fpath)
+            size += count_lines(fpath)
 
       elif t == 'NET':
         pset = [IP(n, make_net=True) for n in v.split(',')]

From fd84a310f1c5b06fdd8fc6517cecc3bd9fa5c68d Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Tue, 7 Apr 2020 15:18:06 +1000
Subject: [PATCH 25/74] Fixes #74

---
 patator.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/patator.py b/patator.py
index e6cc624..b27fc55 100755
--- a/patator.py
+++ b/patator.py
@@ -238,7 +238,12 @@
 www.xyz.fr 8.8.4.4
 
 The numbers of every keyword given on the command line must be specified.
-Use ',' to iterate over the cartesian product of sets and use ':' to iterate over sets simultaneously.
+Use ',' to iterate over the cartesian product of sets and use ':' to iterate
+over sets simultaneously.
+
+If the value of a module option starts with the letter @, the rest should be a
+filename. The contents of the file will be loaded into the option:
+./module raw_request=@req.txt 0=vhosts.txt 1=uagents
 
 * Keywords
 

From 13d7bf79812661e9ed42fe4696353615575beecf Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Tue, 7 Apr 2020 15:21:45 +1000
Subject: [PATCH 26/74] Fixes #74 typo

---
 patator.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/patator.py b/patator.py
index b27fc55..9191ce5 100755
--- a/patator.py
+++ b/patator.py
@@ -243,7 +243,7 @@
 
 If the value of a module option starts with the letter @, the rest should be a
 filename. The contents of the file will be loaded into the option:
-./module raw_request=@req.txt 0=vhosts.txt 1=uagents
+./module raw_request=@req.txt 0=vhosts.txt 1=uagents.txt
 
 * Keywords
 

From b6316de22aa54646dae9e1611ae175ab0fdbe35a Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Wed, 29 Apr 2020 12:18:14 +1000
Subject: [PATCH 27/74] Fixes #132

---
 README.md   | 10 +++++-----
 Vagrantfile |  9 +++++----
 patator.py  | 18 ++++++------------
 3 files changed, 16 insertions(+), 21 deletions(-)

diff --git a/README.md b/README.md
index b4d8b97..9f37fdb 100644
--- a/README.md
+++ b/README.md
@@ -52,7 +52,7 @@ Many thanks! [@lanjelot](https://twitter.com/lanjelot)
 
 ## Usage Examples
 
-* FTP : Enumerating users denied login in vsftpd/userlist
+* FTP : Enumerating users denied login in `vsftpd/userlist`
 
 ```
 $ ftp_login host=10.0.0.1 user=FILE0 0=logins.txt password=asdf -x ignore:mesg='Login incorrect.' -x ignore,reset,retry:code=500
@@ -68,7 +68,7 @@ $ ftp_login host=10.0.0.1 user=FILE0 0=logins.txt password=asdf -x ignore:mesg='
 ...
 ```
 
-Tested against `vsftpd-3.0.2-9` on `CentOS 7.0-1406`
+Tested against `vsftpd-3.0.2-9` on `CentOS 7.0-1406`.
 
 * SSH : Time-based user enumeration
 
@@ -84,7 +84,7 @@ $ ssh_login host=10.0.0.1 user=FILE0 0=logins.txt password=$(perl -e "print 'A'x
 ...
 ```
 
-Tested against openssh-server 1:6.0p1-4+deb7u2 on Debian 7.8
+Tested against `openssh-server 1:6.0p1-4+deb7u2` on `Debian 7.8`.
 
 * HTTP : Brute-force phpMyAdmin logon
 
@@ -108,7 +108,7 @@ $ grep AllowNoPassword /tmp/qsdf/72_200\:13215\:0\:0.351.txt
 ... class="icon ic_s_error" /> Login without a password is forbidden by configuration (see AllowNoPassword)</div><noscript>
 ```
 
-Tested against phpMyAdmin 4.2.7.1.
+Tested against `phpMyAdmin 4.2.7.1`.
 
 * IKE : Enumerate transforms supported by VPN peer
 
@@ -223,7 +223,7 @@ Networks -----------------------------------------
 03:18:53 patator    INFO - Hits/Done/Skip/Fail/Size: 11/1000/0/0/1000, Avg: 133 r/s, Time: 0h 0m 7s
 ```
 
-Also notice that test.hsc.fr. is the start of a new zone because we got NOERROR and no IP address.
+Also notice that `test.hsc.fr.` is the start of a new zone because we got NOERROR and no IP address.
 
 * DNS : Reverse lookup two netblocks owned by Google
 
diff --git a/Vagrantfile b/Vagrantfile
index acac447..f571990 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -19,9 +19,10 @@ apt-get install -y libsqlite3-dev libsqlcipher-dev # pysqlcipher
 apt-get install -y libpq-dev # psycopg2
 
 # xfreerdp (see https://github.com/FreeRDP/FreeRDP/wiki/Compilation)
-apt-get install ninja-build build-essential git-core debhelper cdbs dpkg-dev autotools-dev cmake pkg-config xmlto libssl-dev docbook-xsl xsltproc libxkbfile-dev libx11-dev libwayland-dev libxrandr-dev libxi-dev libxrender-dev libxext-dev libxinerama-dev libxfixes-dev libxcursor-dev libxv-dev libxdamage-dev libxtst-dev libcups2-dev libpcsclite-dev libasound2-dev libpulse-dev libjpeg-dev libgsm1-dev libusb-1.0-0-dev libudev-dev libdbus-glib-1-dev uuid-dev libxml2-dev libgstreamer1.0-dev libgstreamer-plugins-base1.0-dev libfaad-dev libfaac-dev
-apt-get install libavutil-dev libavcodec-dev libavresample-dev
-git clone https://github.com/FreeRDP/FreeRDP/ /tmp/FreeRDP && (cd /tmp/FreeRDP && cmake -DCMAKE_BUILD_TYPE=Debug -DWITH_SSE2=ON . && make && sudo make install)
+apt-get install -y ninja-build build-essential git-core debhelper cdbs dpkg-dev autotools-dev cmake pkg-config xmlto libssl-dev docbook-xsl xsltproc libxkbfile-dev libx11-dev libwayland-dev libxrandr-dev libxi-dev libxrender-dev libxext-dev libxinerama-dev libxfixes-dev libxcursor-dev libxv-dev libxdamage-dev libxtst-dev libcups2-dev libpcsclite-dev libasound2-dev libpulse-dev libjpeg-dev libgsm1-dev libusb-1.0-0-dev libudev-dev libdbus-glib-1-dev uuid-dev libxml2-dev libgstreamer1.0-dev libgstreamer-plugins-base1.0-dev libfaad-dev libfaac-dev
+apt-get install -y libavutil-dev libavcodec-dev libavresample-dev
+rm -fr /tmp/FreeRDP
+git clone https://github.com/FreeRDP/FreeRDP/ /tmp/FreeRDP && (cd /tmp/FreeRDP && cmake -DCMAKE_BUILD_TYPE=Debug -DWITH_SSE2=ON . && cmake --build . && sudo cmake --build . --target install)
 
 SCRIPT
 
@@ -29,7 +30,7 @@ $patator = <<SCRIPT
 python3 -m venv patatorenv --without-pip
 source patatorenv/bin/activate
 wget --quiet -O - https://bootstrap.pypa.io/get-pip.py | python3
-pip install patator
+python3 -m pip install patator
 
 SCRIPT
 
diff --git a/patator.py b/patator.py
index 9191ce5..017ca02 100755
--- a/patator.py
+++ b/patator.py
@@ -4062,24 +4062,18 @@ class RDP_login:
 
   def execute(self, host, port='3389', user=None, password=None):
 
-    cmd = ['xfreerdp', '/v:%s:%d' % (host, int(port)), '/u:%s' % user, '/p:%s' % password, '/cert-ignore', '+auth-only', '/sec:nla']
+    cmd = ['xfreerdp', '/v:%s:%d' % (host, int(port)), '/u:%s' % user, '/p:%s' % password, '/cert-ignore', '+auth-only', '/sec:nla', '/log-level:error']
 
     with Timing() as timing:
       p = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
       out, err = map(B, p.communicate())
       code = p.returncode
 
-    err = err.replace('''Authentication only. Don't connect to X.
-credssp_recv() error: -1
-freerdp_set_last_error 0x20009\n''', '')
-    err = err.replace(''', check credentials.
-If credentials are valid, the NTLMSSP implementation may be to blame.
-Error: protocol security negotiation or connection failure
-Authentication only, exit status 1
-Authentication only, exit status 1''', '')
-    err = err.replace('''Authentication only. Don't connect to X.
-Authentication only, exit status 0
-Authentication only, exit status 0''', 'OK')
+    m = re.search(' (ERR.+?) ', err)
+    if m:
+      err = m.group(1)
+    elif 'Authentication only, exit status 0' in err:
+      err = 'OK'
 
     mesg = repr((out + err).strip())[1:-1]
     trace = '[out]\n%s\n[err]\n%s' % (out, err)

From 2a23299f0bb515c3b3e3193fadd5f1cc18381c6a Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Thu, 7 May 2020 15:15:19 +1000
Subject: [PATCH 28/74] Fixes #134

---
 patator.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/patator.py b/patator.py
index 017ca02..83e091f 100755
--- a/patator.py
+++ b/patator.py
@@ -967,7 +967,7 @@ def b(x):
     return x.encode('ISO-8859-1', errors='ignore')
 
   def B(x):
-    return x.decode(errors='ignore')
+    return x.decode('ISO-8859-1', errors='ignore')
 else:
   def b(x):
     return x
@@ -1114,14 +1114,14 @@ def html_unescape(s):
     return h.unescape(s)
 
 def count_lines(filename):
-  with open(filename) as f:
+  with open(filename, 'rb') as f:
     lines = 0
     buf_size = 1024 * 1024
     read_f = f.read
 
     buf = read_f(buf_size)
     while buf:
-      lines += buf.count('\n')
+      lines += buf.count(b'\n')
       buf = read_f(buf_size)
 
     return lines
@@ -1150,7 +1150,7 @@ def __init__(self, filename):
     self.filename = filename
 
   def __iter__(self):
-    return open(self.filename)
+    return open(self.filename, 'rb')
 
 def padhex(d):
   x = '%x' % d

From 2a6744a551cd1857db9bbc6c6b8c0f5ec44389b9 Mon Sep 17 00:00:00 2001
From: haxxinen <32751905+haxxinen@users.noreply.github.com>
Date: Tue, 7 Jul 2020 10:32:14 +0200
Subject: [PATCH 29/74] Python3 support for pysqlcipher.

---
 patator.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/patator.py b/patator.py
index 83e091f..68213c1 100755
--- a/patator.py
+++ b/patator.py
@@ -166,7 +166,7 @@
 --------------------------------------------------------------------------------------------------
 Java             | keystore files | http://www.oracle.com/technetwork/java/javase/     |       6 |
 --------------------------------------------------------------------------------------------------
-pysqlcipher      | SQLCipher      | https://github.com/leapcode/pysqlcipher/           |  2.6.10 |
+pysqlcipher3      | SQLCipher      | https://github.com/rigglemania/pysqlcipher3       |   1.0.3 |
 --------------------------------------------------------------------------------------------------
 python           |                | http://www.python.org/                             |     3.6 |
 --------------------------------------------------------------------------------------------------
@@ -4847,7 +4847,7 @@ def execute(self, keystore, password, storetype='jks'):
 
 # SQLCipher {{{
 try:
-  from pysqlcipher import dbapi2 as sqlcipher
+  from pysqlcipher3 import dbapi2 as sqlcipher
 except ImportError:
   notfound.append('pysqlcipher')
 
@@ -5047,7 +5047,7 @@ def execute(self, data, data2='', delay='1'):
   'ike-scan': [('ike_enum',), 'http://www.nta-monitor.com/tools-resources/security-tools/ike-scan', '1.9'],
   'unzip': [('unzip_pass',), 'http://www.info-zip.org/', '6.0'],
   'java': [('keystore_pass',), 'http://www.oracle.com/technetwork/java/javase/', '6'],
-  'pysqlcipher': [('sqlcipher_pass',), 'https://github.com/leapcode/pysqlcipher/', '2.6.10'],
+  'pysqlcipher3': [('sqlcipher_pass',), 'https://github.com/rigglemania/pysqlcipher3', '1.0.3'],
   'python': [('ftp_login',), 'Patator requires Python 3.6 or above and may still work on Python 2.'],
   }
 # }}}

From 74545283a176aa72b7a43d10c9fe315ee540ec71 Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Tue, 7 Jul 2020 18:59:42 +1000
Subject: [PATCH 30/74] Fixes #140 and #141

---
 patator.py       | 4 ++--
 requirements.txt | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/patator.py b/patator.py
index 68213c1..7018058 100755
--- a/patator.py
+++ b/patator.py
@@ -166,7 +166,7 @@
 --------------------------------------------------------------------------------------------------
 Java             | keystore files | http://www.oracle.com/technetwork/java/javase/     |       6 |
 --------------------------------------------------------------------------------------------------
-pysqlcipher3      | SQLCipher      | https://github.com/rigglemania/pysqlcipher3       |   1.0.3 |
+pysqlcipher3     | SQLCipher      | https://github.com/rigglemania/pysqlcipher3        |   1.0.3 |
 --------------------------------------------------------------------------------------------------
 python           |                | http://www.python.org/                             |     3.6 |
 --------------------------------------------------------------------------------------------------
@@ -5047,7 +5047,7 @@ def execute(self, data, data2='', delay='1'):
   'ike-scan': [('ike_enum',), 'http://www.nta-monitor.com/tools-resources/security-tools/ike-scan', '1.9'],
   'unzip': [('unzip_pass',), 'http://www.info-zip.org/', '6.0'],
   'java': [('keystore_pass',), 'http://www.oracle.com/technetwork/java/javase/', '6'],
-  'pysqlcipher3': [('sqlcipher_pass',), 'https://github.com/rigglemania/pysqlcipher3', '1.0.3'],
+  'pysqlcipher': [('sqlcipher_pass',), 'https://github.com/rigglemania/pysqlcipher3', '1.0.3'],
   'python': [('ftp_login',), 'Patator requires Python 3.6 or above and may still work on Python 2.'],
   }
 # }}}
diff --git a/requirements.txt b/requirements.txt
index 5c93b5a..7e8361d 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -11,4 +11,4 @@ dnspython
 IPy
 pysnmp
 pyasn1
-#pysqlcipher # no python3 compatibility
+pysqlcipher3

From 25fecf113e026e253a62c51f92d7da3fd20133fa Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Tue, 7 Jul 2020 19:05:57 +1000
Subject: [PATCH 31/74] Fixes #106

---
 Dockerfile  | 38 ++++++++++++++++++++++++++++++++++++++
 Vagrantfile | 12 ++++++++++++
 patator.py  |  4 ++--
 3 files changed, 52 insertions(+), 2 deletions(-)
 create mode 100644 Dockerfile

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..2eb02c9
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,38 @@
+FROM ubuntu:18.04
+
+MAINTAINER Sebastien Macke <lanjelot@gmail.com>
+
+ENV DEBIAN_FRONTEND=noninteractive 
+
+RUN apt-get update && apt-get install -y \
+  build-essential \
+  libcurl4-openssl-dev python3-dev libssl-dev \
+  ldap-utils \
+  libmariadbclient-dev \
+  ike-scan unzip default-jdk \
+  libsqlite3-dev libsqlcipher-dev \
+  libpq-dev \
+  python3-pip
+
+# cx_oracle
+RUN apt-get update && apt-get install -y libaio1 wget unzip
+WORKDIR /opt/oracle
+RUN wget https://download.oracle.com/otn_software/linux/instantclient/instantclient-basiclite-linuxx64.zip
+RUN unzip instantclient-basiclite-linuxx64.zip
+RUN rm -f instantclient-basiclite-linuxx64.zip
+RUN cd /opt/oracle/instantclient*
+RUN rm -f *jdbc* *occi* *mysql* *README *jar uidrvci genezi adrci
+RUN echo /opt/oracle/instantclient* > /etc/ld.so.conf.d/oracle-instantclient.conf
+RUN ldconfig
+
+# xfreerdp (see https://github.com/FreeRDP/FreeRDP/wiki/Compilation)
+RUN apt-get update && apt-get install -y ninja-build build-essential git-core debhelper cdbs dpkg-dev autotools-dev cmake pkg-config xmlto libssl-dev docbook-xsl xsltproc libxkbfile-dev libx11-dev libwayland-dev libxrandr-dev libxi-dev libxrender-dev libxext-dev libxinerama-dev libxfixes-dev libxcursor-dev libxv-dev libxdamage-dev libxtst-dev libcups2-dev libpcsclite-dev libasound2-dev libpulse-dev libjpeg-dev libgsm1-dev libusb-1.0-0-dev libudev-dev libdbus-glib-1-dev uuid-dev libxml2-dev libgstreamer1.0-dev libgstreamer-plugins-base1.0-dev libfaad-dev libfaac-dev \
+ && apt-get install -y libavutil-dev libavcodec-dev libavresample-dev
+RUN git clone https://github.com/FreeRDP/FreeRDP/ /tmp/FreeRDP
+WORKDIR /tmp/FreeRDP
+RUN cmake -DCMAKE_BUILD_TYPE=Debug -DWITH_SSE2=ON . && cmake --build . && cmake --build . --target install
+
+WORKDIR /opt/patator
+RUN python3 -m pip install patator
+
+ENTRYPOINT ["patator.py"]
diff --git a/Vagrantfile b/Vagrantfile
index f571990..4f91739 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -18,6 +18,18 @@ apt-get install -y ike-scan unzip default-jdk
 apt-get install -y libsqlite3-dev libsqlcipher-dev # pysqlcipher
 apt-get install -y libpq-dev # psycopg2
 
+# cx_oracle
+apt-get install -y libaio1 wget unzip
+rm -fr /opt/oracle
+mkdir /opt/oracle && cd /opt/oracle
+wget https://download.oracle.com/otn_software/linux/instantclient/instantclient-basiclite-linuxx64.zip
+unzip instantclient-basiclite-linuxx64.zip
+rm -f instantclient-basiclite-linuxx64.zip
+cd /opt/oracle/instantclient*
+rm -f *jdbc* *occi* *mysql* *README *jar uidrvci genezi adrci
+echo /opt/oracle/instantclient* > /etc/ld.so.conf.d/oracle-instantclient.conf
+ldconfig
+
 # xfreerdp (see https://github.com/FreeRDP/FreeRDP/wiki/Compilation)
 apt-get install -y ninja-build build-essential git-core debhelper cdbs dpkg-dev autotools-dev cmake pkg-config xmlto libssl-dev docbook-xsl xsltproc libxkbfile-dev libx11-dev libwayland-dev libxrandr-dev libxi-dev libxrender-dev libxext-dev libxinerama-dev libxfixes-dev libxcursor-dev libxv-dev libxdamage-dev libxtst-dev libcups2-dev libpcsclite-dev libasound2-dev libpulse-dev libjpeg-dev libgsm1-dev libusb-1.0-0-dev libudev-dev libdbus-glib-1-dev uuid-dev libxml2-dev libgstreamer1.0-dev libgstreamer-plugins-base1.0-dev libfaad-dev libfaac-dev
 apt-get install -y libavutil-dev libavcodec-dev libavresample-dev
diff --git a/patator.py b/patator.py
index 7018058..28fc727 100755
--- a/patator.py
+++ b/patator.py
@@ -241,8 +241,8 @@
 Use ',' to iterate over the cartesian product of sets and use ':' to iterate
 over sets simultaneously.
 
-If the value of a module option starts with the letter @, the rest should be a
-filename. The contents of the file will be loaded into the option:
+If the value of a module option starts with the @ character, the rest should be
+a filename. The contents of the file will be loaded into the option:
 ./module raw_request=@req.txt 0=vhosts.txt 1=uagents.txt
 
 * Keywords

From 902c650e049fcd022612433dafe9d1769e5f7852 Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Fri, 10 Jul 2020 16:21:22 +1000
Subject: [PATCH 32/74] Fixes #105

---
 patator.py | 50 ++++++++++++++++++++++++++++++++++++++------------
 1 file changed, 38 insertions(+), 12 deletions(-)

diff --git a/patator.py b/patator.py
index 28fc727..28a29b2 100755
--- a/patator.py
+++ b/patator.py
@@ -1483,6 +1483,7 @@ def format_usage(self, usage):
 
     dbg_grp = OptionGroup(parser, 'Debugging')
     dbg_grp.add_option('-d', '--debug', dest='debug', action='store_true', default=False, help='enable debug messages')
+    dbg_grp.add_option('--auto-progress', dest='auto_progress', type='int', default=0, metavar='N', help='automatically display progress every N seconds')
 
     parser.option_groups.extend([exe_grp, opt_grp, log_grp, dbg_grp])
 
@@ -1520,6 +1521,8 @@ def __init__(self, module, argv):
     self.num_threads = opts.num_threads
     self.start, self.stop = opts.start, opts.stop
     self.allow_ignore_failures = opts.allow_ignore_failures
+    self.auto_progress = opts.auto_progress
+    self.auto_progress_next = None
 
     self.resume = [int(i) for i in opts.resume.split(',')] if opts.resume else None
 
@@ -2132,21 +2135,44 @@ def report_progress(self):
 
   def monitor_interaction(self):
 
-    if on_windows():
-      import msvcrt
-      if not msvcrt.kbhit():
-        sleep(.1)
+    def read_command():
+      if on_windows():
+        import msvcrt
+        if not msvcrt.kbhit():
+          sleep(.1)
+          return None
+
+        command = msvcrt.getche()
+        if command == 'x':
+          command += raw_input()
+
+      else:
+        i, _, _ = select([sys.stdin], [], [], .1)
+        if not i:
+          return None
+        command = i[0].readline().strip()
+
+      return command
+
+    command = read_command()
+
+    if command is None:
+      if self.auto_progress == 0:
         return
 
-      command = msvcrt.getche()
-      if command == 'x':
-        command += raw_input()
+      if self.ns.paused:
+        self.auto_progress_next = None
+        return
 
-    else:
-      i, _, _ = select([sys.stdin], [], [], .1)
-      if not i:
+      if self.auto_progress_next is None:
+        self.auto_progress_next = time() + self.auto_progress
         return
-      command = i[0].readline().strip()
+
+      if time() < self.auto_progress_next:
+        return
+
+      self.auto_progress_next = None
+      command = ''
 
     if command == 'h':
       logger.info('''Available commands:
@@ -2176,7 +2202,7 @@ def monitor_interaction(self):
     elif command == 'a':
       logger.info(repr(self.ns.actions))
 
-    elif command.startswith('x'):
+    elif command.startswith('x') or command.startswith('-x'):
       _, arg = command.split(' ', 1)
       try:
         self.update_actions(arg)

From da3d9751d7046786d8644abcb55f771c6be68e37 Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Sun, 19 Jul 2020 22:50:04 +1000
Subject: [PATCH 33/74] Add docker-compose and fix bugs

---
 Dockerfile              |  42 ++++--
 docker-compose.yml      |  55 ++++++++
 patator.py              | 305 +++++++++++++++++++++++-----------------
 run-tests.sh            | 108 ++++++++++++++
 testing/unix/Dockerfile | 118 ++++++++++++++++
 5 files changed, 487 insertions(+), 141 deletions(-)
 create mode 100644 docker-compose.yml
 create mode 100755 run-tests.sh
 create mode 100644 testing/unix/Dockerfile

diff --git a/Dockerfile b/Dockerfile
index 2eb02c9..7c66bf3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -9,30 +9,44 @@ RUN apt-get update && apt-get install -y \
   libcurl4-openssl-dev python3-dev libssl-dev \
   ldap-utils \
   libmariadbclient-dev \
+  libpq-dev \
   ike-scan unzip default-jdk \
   libsqlite3-dev libsqlcipher-dev \
-  libpq-dev \
-  python3-pip
+  python3-pip python-pip
 
 # cx_oracle
-RUN apt-get update && apt-get install -y libaio1 wget unzip
+RUN apt-get update && apt-get install -y libaio1 wget unzip git
 WORKDIR /opt/oracle
-RUN wget https://download.oracle.com/otn_software/linux/instantclient/instantclient-basiclite-linuxx64.zip
-RUN unzip instantclient-basiclite-linuxx64.zip
-RUN rm -f instantclient-basiclite-linuxx64.zip
-RUN cd /opt/oracle/instantclient*
-RUN rm -f *jdbc* *occi* *mysql* *README *jar uidrvci genezi adrci
-RUN echo /opt/oracle/instantclient* > /etc/ld.so.conf.d/oracle-instantclient.conf
-RUN ldconfig
+RUN wget https://download.oracle.com/otn_software/linux/instantclient/instantclient-basiclite-linuxx64.zip \
+ && wget https://download.oracle.com/otn_software/linux/instantclient/instantclient-sdk-linuxx64.zip \
+ && unzip instantclient-basiclite-linuxx64.zip \
+ && rm -f instantclient-basiclite-linuxx64.zip \
+ && unzip instantclient-sdk-linuxx64.zip \
+ && rm -f instantclient-sdk-linuxx64.zip \
+ && cd /opt/oracle/instantclient* \
+ && rm -f *jdbc* *occi* *mysql* *README *jar uidrvci genezi adrci \
+ && echo /opt/oracle/instantclient* > /etc/ld.so.conf.d/oracle-instantclient.conf \
+ && ldconfig
+
+RUN git clone --branch 5.3 https://github.com/oracle/python-cx_Oracle \
+ && cd python-cx_Oracle && export ORACLE_HOME=/opt/oracle/instantclient_19_6 && python2 setup.py build && python2 setup.py install
 
 # xfreerdp (see https://github.com/FreeRDP/FreeRDP/wiki/Compilation)
 RUN apt-get update && apt-get install -y ninja-build build-essential git-core debhelper cdbs dpkg-dev autotools-dev cmake pkg-config xmlto libssl-dev docbook-xsl xsltproc libxkbfile-dev libx11-dev libwayland-dev libxrandr-dev libxi-dev libxrender-dev libxext-dev libxinerama-dev libxfixes-dev libxcursor-dev libxv-dev libxdamage-dev libxtst-dev libcups2-dev libpcsclite-dev libasound2-dev libpulse-dev libjpeg-dev libgsm1-dev libusb-1.0-0-dev libudev-dev libdbus-glib-1-dev uuid-dev libxml2-dev libgstreamer1.0-dev libgstreamer-plugins-base1.0-dev libfaad-dev libfaac-dev \
  && apt-get install -y libavutil-dev libavcodec-dev libavresample-dev
-RUN git clone https://github.com/FreeRDP/FreeRDP/ /tmp/FreeRDP
-WORKDIR /tmp/FreeRDP
+WORKDIR /opt/FreeRDP
+RUN git clone https://github.com/FreeRDP/FreeRDP/ .
 RUN cmake -DCMAKE_BUILD_TYPE=Debug -DWITH_SSE2=ON . && cmake --build . && cmake --build . --target install
 
 WORKDIR /opt/patator
-RUN python3 -m pip install patator
+COPY ./requirements.txt ./
+RUN python3 -m pip install -r requirements.txt
+
+RUN sed -e '/cx_Oracle/d' -e 's,pysqlcipher3,pysqlcipher,' requirements.txt | python2 -m pip install -r /dev/stdin
+
+# utils
+RUN apt-get update && apt-get install -y ipython3 ipython iputils-ping iproute2 netcat curl rsh-client telnet vim mlocate nmap
+RUN echo 'set bg=dark' > /root/.vimrc
 
-ENTRYPOINT ["patator.py"]
+COPY ./patator.py ./
+ENTRYPOINT ["python3", "./patator.py"]
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..df8a123
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,55 @@
+version: "3"
+services:
+  unix:
+    build: testing/unix
+    image: patator-unix-testing
+#    ports:
+#      - "21:21"
+#      - "22:22"
+#      - "23:23"
+#      - "25:25"
+#      - "79:79"
+#      - "80:80"
+#      - "106:106"
+#      - "110:110"
+#      - "139:139"
+#      - "143:143"
+#      - "389:389"
+#      - "445:445"
+#      - "513:513"
+#      - "636:636"
+#      - "993:993"
+#      - "995:995"
+#      - "3306:3306"
+#      - "4444:4444"
+#      - "5432:5432"
+#      - "5900:5900"
+#      - "8009:8009"
+#      - "8080:8080"
+    volumes:
+      - .:/opt/patator
+
+  oracle:
+    image: oracleinanutshell/oracle-xe-11g
+    environment:
+       - ORACLE_ENABLE_XDB=true
+    ports:
+      - "1521:1521"
+
+  mssql:
+    image: mcr.microsoft.com/mssql/server:2019-latest
+    environment:
+      - ACCEPT_EULA=Y
+      - SA_PASSWORD=Password1
+    ports:
+      - "1433:1433"
+
+  patator:
+    build: .
+    image: patator
+    depends_on:
+      - unix
+      - oracle
+      - mssql
+    volumes:
+      - .:/opt/patator
diff --git a/patator.py b/patator.py
index 28a29b2..ed4eb80 100755
--- a/patator.py
+++ b/patator.py
@@ -714,15 +714,12 @@ class TXTFormatter(logging.Formatter):
   def __init__(self, indicatorsfmt):
     self.resultfmt = '%(asctime)s %(name)-7s %(levelname)7s - ' + ' '.join('%%(%s)%ss' % (k, v) for k, v in indicatorsfmt) + ' | %(candidate)-34s | %(num)5s | %(mesg)s'
 
-    logging.Formatter.__init__(self, datefmt='%H:%M:%S')
+    super(TXTFormatter, self).__init__(datefmt='%H:%M:%S')
 
   def format(self, record):
     if not record.msg or record.msg == 'headers':
       fmt = self.resultfmt
 
-      if not all(True if 0x20 <= ord(c) < 0x7f else False for c in record.candidate):
-        record.candidate = repr(record.candidate)
-
     else:
       if record.levelno == logging.DEBUG:
         fmt = '%(asctime)s %(name)-7s %(levelname)7s [%(pname)s] %(message)s'
@@ -734,18 +731,30 @@ def format(self, record):
     else:
       self._fmt = fmt
 
-    return logging.Formatter.format(self, record)
+    pp = {}
+    for k, v in record.__dict__.items():
+      if k in ['candidate', 'mesg']:
+        pp[k] = repr23(v)
+      else:
+        pp[k] = v
+
+    return super(TXTFormatter, self).format(logging.makeLogRecord(pp))
 
 class CSVFormatter(logging.Formatter):
   def __init__(self, indicatorsfmt):
     fmt = '%(asctime)s,%(levelname)s,'+','.join('%%(%s)s' % name for name, _ in indicatorsfmt)+',%(candidate)s,%(num)s,%(mesg)s'
 
-    logging.Formatter.__init__(self, fmt, datefmt='%H:%M:%S')
+    super(CSVFormatter, self).__init__(fmt=fmt, datefmt='%H:%M:%S')
 
   def format(self, record):
-    for k in ['candidate', 'mesg']:
-      record.__dict__[k] = '"%s"' % record.__dict__[k].replace('"', '""')
-    return logging.Formatter.format(self, record)
+    pp = {}
+    for k, v in record.__dict__.items():
+      if k in ['candidate', 'mesg']:
+        pp[k] = '"%s"' % v.replace('"', '""')
+      else:
+        pp[k] = v
+
+    return super(CSVFormatter, self).format(logging.makeLogRecord(pp))
 
 class XMLFormatter(logging.Formatter):
   def __init__(self, indicatorsfmt):
@@ -757,15 +766,17 @@ def __init__(self, indicatorsfmt):
   <target %(target)s/>
 </result>'''
 
-    logging.Formatter.__init__(self, fmt, datefmt='%H:%M:%S')
+    super(XMLFormatter, self).__init__(fmt=fmt, datefmt='%H:%M:%S')
 
   def format(self, record):
-
+    pp = {}
     for k, v in record.__dict__.items():
       if isinstance(v, str):
-        record.__dict__[k] = xmlescape(v)
+        pp[k] = xmlescape(v)
+      else:
+        pp[k] = v
 
-    return super(XMLFormatter, self).format(record)
+    return super(XMLFormatter, self).format(logging.makeLogRecord(pp))
 
 class MsgFilter(logging.Filter):
 
@@ -779,12 +790,12 @@ def process_logs(queue, indicatorsfmt, argv, log_dir, runtime_file, csv_file, xm
 
   ignore_ctrlc()
 
-  try:
-    # python3
+  if PY3:
     logging._levelToName[logging.ERROR] = 'FAIL'
-  except:
-    # python2
+    encoding = 'latin1'
+  else:
     logging._levelNames[logging.ERROR] = 'FAIL'
+    encoding = None
 
   handler_out = logging.StreamHandler()
   handler_out.setFormatter(TXTFormatter(indicatorsfmt))
@@ -801,7 +812,7 @@ def process_logs(queue, indicatorsfmt, argv, log_dir, runtime_file, csv_file, xm
     with open(runtime_log, 'a') as f:
       f.write('$ %s\n' % ' '.join(argv))
 
-    handler_log = logging.FileHandler(runtime_log)
+    handler_log = logging.FileHandler(runtime_log, encoding=encoding)
     handler_log.setFormatter(TXTFormatter(indicatorsfmt))
 
     logger.addHandler(handler_log)
@@ -813,7 +824,7 @@ def process_logs(queue, indicatorsfmt, argv, log_dir, runtime_file, csv_file, xm
       with open(results_csv, 'w') as f:
         f.write('time,level,%s\n' % ','.join(names))
 
-    handler_csv = logging.FileHandler(results_csv)
+    handler_csv = logging.FileHandler(results_csv, encoding=encoding)
     handler_csv.addFilter(MsgFilter())
     handler_csv.setFormatter(CSVFormatter(indicatorsfmt))
 
@@ -835,7 +846,7 @@ def process_logs(queue, indicatorsfmt, argv, log_dir, runtime_file, csv_file, xm
         while i < len(argv):
           arg = argv[i]
           if arg[0] == '-':
-            if arg in ('-d', '--debug', '--allow-ignore-failures'):
+            if arg in ('-d', '--debug', '--allow-ignore-failures', '-y'):
               f.write('  <option type="global" name=%s/>\n' % xmlquoteattr(arg))
             else:
               if not arg.startswith('--') and len(arg) > 2:
@@ -860,7 +871,7 @@ def process_logs(queue, indicatorsfmt, argv, log_dir, runtime_file, csv_file, xm
           f.seek(offset)
           f.truncate(f.tell())
 
-    handler_xml = logging.FileHandler(results_xml)
+    handler_xml = logging.FileHandler(results_xml, encoding=encoding)
     handler_xml.addFilter(MsgFilter())
     handler_xml.setFormatter(XMLFormatter(indicatorsfmt))
 
@@ -904,13 +915,13 @@ def process_logs(queue, indicatorsfmt, argv, log_dir, runtime_file, csv_file, xm
 
       if log_dir:
         filename = '%d_%s' % (num, '-'.join(map(str, resp.indicators())))
-        with open('%s.txt' % os.path.join(log_dir, filename), 'w') as f:
+        with open('%s.txt' % os.path.join(log_dir, filename), 'wb') as f:
           f.write(resp.dump())
 
     elif action == 'save_hit':
       if hits_file:
-        with open(hits_file, 'a') as f:
-          f.write('%s\n' % ':'.join(args))
+        with open(hits_file, 'ab') as f:
+          f.write(b(args[0] +'\n'))
 
     elif action == 'setLevel':
       logger.setLevel(args[0])
@@ -946,28 +957,33 @@ def process_logs(queue, indicatorsfmt, argv, log_dir, runtime_file, csv_file, xm
 from xml.sax.saxutils import escape as xmlescape, quoteattr as xmlquoteattr
 from ssl import wrap_socket
 from binascii import hexlify, unhexlify
-import mmap
-try:
-  # python3+
+
+PY3 = sys.version_info >= (3,)
+
+if PY3:
   from queue import Empty, Full
   from urllib.parse import quote, urlencode, urlparse, urlunparse, parse_qsl, quote_plus
   from io import StringIO
   from sys import maxsize as maxint
-except ImportError:
-  # python2.6+
+else:
   from Queue import Empty, Full
   from urllib import quote, urlencode, quote_plus
   from urlparse import urlparse, urlunparse, parse_qsl
   from cStringIO import StringIO
   from sys import maxint
 
-PY3 = sys.version_info >= (3,)
 if PY3:  # http://python3porting.com/problems.html
   def b(x):
-    return x.encode('ISO-8859-1', errors='ignore')
+    if isinstance(x, bytes):
+      return x
+    else:
+      return x.encode('ISO-8859-1', errors='ignore')
 
   def B(x):
-    return x.decode('ISO-8859-1', errors='ignore')
+    if isinstance(x, str):
+      return x
+    else:
+      return x.decode('ISO-8859-1', errors='ignore')
 else:
   def b(x):
     return x
@@ -1054,20 +1070,20 @@ def is_exe(fpath):
 
   return None
 
-def build_logdir(opt_dir, opt_auto):
+def build_logdir(opt_dir, opt_auto, assume_yes):
     if opt_auto:
       return create_time_dir(opt_dir or '/tmp/patator', opt_auto)
     elif opt_dir:
-      return create_dir(opt_dir)
+      return create_dir(opt_dir, assume_yes)
     else:
       return None
 
-def create_dir(top_path):
+def create_dir(top_path, assume_yes):
   top_path = os.path.abspath(top_path)
   if os.path.isdir(top_path):
     files = os.listdir(top_path)
     if files:
-      if input("Directory '%s' is not empty, do you want to wipe it ? [Y/n]: " % top_path) != 'n':
+      if assume_yes or input("Directory '%s' is not empty, do you want to wipe it ? [Y/n]: " % top_path) != 'n':
         for root, dirs, files in os.walk(top_path):
           if dirs:
             print("Directory '%s' contains sub-directories, safely aborting..." % root)
@@ -1098,6 +1114,15 @@ def create_time_dir(top_path, desc):
 def pprint_seconds(seconds, fmt):
   return fmt % reduce(lambda x, y: divmod(x[0], y) + x[1:], [(seconds,), 60, 60])
 
+def repr23(s):
+  if all(True if 0x20 <= ord(c) < 0x7f else False for c in s):
+    return s
+
+  if PY3:
+    return repr(s.encode('latin1'))[1:]
+  else:
+    return repr(s)
+
 def md5hex(plain):
   return hashlib.md5(plain).hexdigest()
 
@@ -1344,6 +1369,7 @@ def flatten(l):
     else:
       r.append(ppstr(x))
   return r
+
 # }}}
 
 # Controller {{{
@@ -1464,7 +1490,8 @@ def format_usage(self, usage):
     exe_grp.add_option('-e', dest='encodings', action='append', default=[], metavar='arg', help='encode everything between two tags, see Syntax below')
     exe_grp.add_option('-C', dest='combo_delim', default=':', metavar='str', help="delimiter string in combo files (default is ':')")
     exe_grp.add_option('-X', dest='condition_delim', default=',', metavar='str', help="delimiter string in conditions (default is ',')")
-    exe_grp.add_option('--allow-ignore-failures', action='store_true', default=False, dest='allow_ignore_failures', help="failures cannot be ignored with -x (this is by design to avoid false negatives) this option overrides this safeguard")
+    exe_grp.add_option('--allow-ignore-failures', dest='allow_ignore_failures', action='store_true', help="failures cannot be ignored with -x (this is by design to avoid false negatives) this option overrides this safeguard")
+    exe_grp.add_option('-y', dest='assume_yes', action='store_true', help="automatically answer yes for all questions")
 
     opt_grp = OptionGroup(parser, 'Optimization')
     opt_grp.add_option('--rate-limit', dest='rate_limit', type='float', default=0, metavar='N', help='wait N seconds between each attempt (default is 0)')
@@ -1482,7 +1509,7 @@ def format_usage(self, usage):
     log_grp.add_option('--hits', dest='hits_file', metavar='FILE', help="save found candidates to FILE")
 
     dbg_grp = OptionGroup(parser, 'Debugging')
-    dbg_grp.add_option('-d', '--debug', dest='debug', action='store_true', default=False, help='enable debug messages')
+    dbg_grp.add_option('-d', '--debug', dest='debug', action='store_true', help='enable debug messages')
     dbg_grp.add_option('--auto-progress', dest='auto_progress', type='int', default=0, metavar='N', help='automatically display progress every N seconds')
 
     parser.option_groups.extend([exe_grp, opt_grp, log_grp, dbg_grp])
@@ -1539,7 +1566,7 @@ def __init__(self, module, argv):
 
     log_queue = multiprocessing.Queue()
 
-    logsvc = multiprocessing.Process(name='LogSvc', target=process_logs, args=(log_queue, module.Response.indicatorsfmt, argv, build_logdir(opts.log_dir, opts.auto_log), opts.runtime_file, opts.csv_file, opts.xml_file, opts.hits_file))
+    logsvc = multiprocessing.Process(name='LogSvc', target=process_logs, args=(log_queue, module.Response.indicatorsfmt, argv, build_logdir(opts.log_dir, opts.auto_log, opts.assume_yes), opts.runtime_file, opts.csv_file, opts.xml_file, opts.hits_file))
     logsvc.daemon = True
     logsvc.start()
 
@@ -2244,6 +2271,7 @@ def read_command():
             total_count,
             total_size/num_threads,
             p.current))
+
 # }}}
 
 # Response_Base {{{
@@ -2312,13 +2340,13 @@ def match_mesg(self, val):
     return val == self.mesg
 
   def match_fgrep(self, val):
-    return val in str(self)
+    return val in self.mesg
 
   def match_egrep(self, val):
-    return re.search(val, str(self))
+    return re.search(val, self.mesg)
 
   def dump(self):
-    return self.trace or str(self)
+    return b(self.trace or str(self))
 
   def str_target(self):
     return ''
@@ -2353,7 +2381,7 @@ class TCP_Cache:
     )
 
   def __init__(self):
-    self.cache = {} # {'10.0.0.1:22': ('root', conn1), '10.0.0.2:22': ('admin', conn2),
+    self.cache = {} # '10.0.0.1:22': ('root', conn1), '10.0.0.2:22': ('admin', conn2),
     self.curr = None
 
   def __del__(self):
@@ -2569,8 +2597,8 @@ class Telnet_login(TCP_Cache):
   '''Brute-force Telnet'''
 
   usage_hints = (
-    """%prog host=10.0.0.1 inputs='FILE0\\nFILE1' 0=logins.txt 1=passwords.txt persistent=0"""
-    """ prompt_re='Username:|Password:' -x ignore:egrep='Login incorrect.+Username:'""",
+    """%prog host=10.0.0.1 inputs='FILE0\\nFILE1' 0=logins.txt 1=passwords.txt"""
+    """ prompt_re='login:|Password:' -x ignore:fgrep='Login incorrect'""",
     )
 
   available_options = (
@@ -2590,7 +2618,7 @@ def connect(self, host, port, timeout):
 
     return TCP_Connection(fp)
 
-  def execute(self, host, port='23', inputs=None, prompt_re='\w+:', timeout='20', persistent='1'):
+  def execute(self, host, port='23', inputs=None, prompt_re='\w+:', timeout='20', persistent='0'):
 
     with Timing() as timing:
       fp, _ = self.bind(host, port, timeout=timeout)
@@ -2622,10 +2650,7 @@ def execute(self, host, port='23', inputs=None, prompt_re='\w+:', timeout='20',
     if persistent == '0':
       self.reset()
 
-    raw = B(raw)
-    trace = B(trace)
-
-    mesg = repr(raw)[1:-1] # strip enclosing single quotes
+    mesg = B(raw).strip()
     return self.Response(0, mesg, timing, trace)
 
 # }}}
@@ -2763,10 +2788,6 @@ def execute(self, host, port='', ssl='0', helo='', starttls='0', user=None, pass
       logger.debug('SMTPResponseException: %s' % e)
       resp = e.args
 
-    except SMTPException as e:
-      logger.debug('SMTPException: %s' % e)
-      resp = '1', b(str(e))
-
     if persistent == '0':
       self.reset()
 
@@ -2817,25 +2838,25 @@ def execute(self, host, port='79', user='', timeout='5'):
       s.send(b(user))
     s.send(b'\r\n')
 
-    data = b''
+    raw = b''
     with Timing() as timing:
       while True:
-        raw = s.recv(1024)
-        if not raw:
+        resp = s.recv(1024)
+        if not resp:
           break
-        data += raw
+        raw += resp
 
     s.close()
 
-    logger.debug('recv: %r' % data)
+    logger.debug('recv: %r' % raw)
 
-    data = B(data).strip()
-    mesg = repr(data)
+    mesg = B(raw).strip()
 
-    resp = self.Response(0, mesg, timing, data)
-    resp.lines = [l.strip('\r\n') for l in data.split('\n')]
+    resp = self.Response(0, mesg, timing, raw)
+    resp.lines = [l.strip('\r\n') for l in mesg.split('\n')]
 
     return resp
+
 # }}}
 
 # LDAP {{{
@@ -2869,14 +2890,13 @@ class LDAP_login:
   def execute(self, host, port='389', binddn='', bindpw='', basedn='', ssl='0'):
     uri = 'ldap%s://%s:%s' % ('s' if ssl != '0' else '', host, port)
     cmd = ['ldapsearch', '-H', uri, '-e', 'ppolicy', '-D', binddn, '-w', bindpw, '-b', basedn, '-s', 'one']
-    p = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, env={'LDAPTLS_REQCERT': 'never'})
-    out = p.stdout.read()
-    err = p.stderr.read()
 
     with Timing() as timing:
-      code = p.wait()
+      p = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE, env={'LDAPTLS_REQCERT': 'never'})
+      out, err = map(B, p.communicate())
+      code = p.returncode
 
-    mesg = repr((out + err).strip())[1:-1]
+    mesg = (out + err).strip()
     trace = '[out]\n%s\n[err]\n%s' % (out, err)
 
     return self.Response(code, mesg, timing, trace)
@@ -2888,8 +2908,9 @@ def execute(self, host, port='389', binddn='', bindpw='', basedn='', ssl='0'):
   from impacket.smbconnection import SMBConnection, SessionError
   from impacket import nt_errors
   from impacket.dcerpc.v5 import transport, lsat, lsad
-  from impacket.dcerpc.v5.dtypes import MAXIMUM_ALLOWED
   from impacket.dcerpc.v5.samr import SID_NAME_USE
+  from impacket.dcerpc.v5.dtypes import MAXIMUM_ALLOWED
+  from impacket.dcerpc.v5.rpcrt import DCERPCException
 except ImportError:
   notfound.append('impacket')
 
@@ -2900,6 +2921,17 @@ def close(self):
 class Response_SMB(Response_Base):
   indicatorsfmt = [('code', -8), ('size', -4), ('time', 6)]
 
+def split_ntlm(password_hash):
+    if password_hash:
+      if ':' in password_hash:
+        lmhash, nthash = password_hash.split(':')
+      else:
+        lmhash, nthash = 'aad3b435b51404eeaad3b435b51404ee', password_hash
+    else:
+      lmhash, nthash = '', ''
+
+    return lmhash, nthash
+
 class SMB_login(TCP_Cache):
   '''Brute-force SMB'''
 
@@ -2937,12 +2969,9 @@ def execute(self, host, port='139', user=None, password='', password_hash=None,
       else:
         with Timing() as timing:
           if password_hash:
-            if ':' in password_hash:
-              lmhash, nthash = password_hash.split(':')
-            else:
-              lmhash, nthash = 'aad3b435b51404eeaad3b435b51404ee', password_hash
-            fp.login(user, '', domain, lmhash, nthash)
+            lmhash, nthash = split_ntlm(password_hash)
 
+            fp.login(user, '', domain, lmhash, nthash)
           else:
             fp.login(user, password, domain)
 
@@ -2961,12 +2990,12 @@ def execute(self, host, port='139', user=None, password='', password_hash=None,
     return self.Response(code, mesg, timing)
 
 class DCE_Connection(TCP_Connection):
-  def __init__(self, fp, smbt):
-    self.smbt = smbt
+  def __init__(self, fp, rpct):
+    self.rpct = rpct
     TCP_Connection.__init__(self, fp)
 
   def close(self):
-    self.smbt.get_socket().close()
+    self.rpct.get_socket().close()
 
 # impacket/examples/lookupsid.py is much faster because it queries 1000 SIDs per packet
 class SMB_lookupsid(TCP_Cache):
@@ -2978,24 +3007,32 @@ class SMB_lookupsid(TCP_Cache):
 
   available_options = (
     ('host', 'target host'),
-    ('port', 'target port [139]'),
+    ('port', 'target port [445]'),
     ('sid', 'SID to test'),
     ('rid', 'RID to test'),
     ('user', 'username to use if auth required'),
     ('password', 'password to use if auth required'),
+    ('password_hash', "LM/NT hashes to test, at least one hash must be provided ('lm:nt' or ':nt' or 'lm:')"),
+    ('domain', 'domain to test'),
     )
   available_options += TCP_Cache.available_options
 
   Response = Response_Base
 
-  def connect(self, host, port, user, password, sid):
-    smbt = transport.SMBTransport(host, int(port), r'\lsarpc', user, password)
+  def connect(self, host, port, user, password, domain, password_hash, sid):
+
+    lmhash, nthash = split_ntlm(password_hash)
 
-    dce = smbt.get_dce_rpc()
+    rpctransport = transport.DCERPCTransportFactory(r'ncacn_np:%s[\pipe\lsarpc]' % host) # remoteName
+    rpctransport.set_dport(port)
+    rpctransport.setRemoteHost(host)
+    rpctransport.set_credentials(user, password, domain, lmhash, nthash)
+
+    dce = rpctransport.get_dce_rpc()
     dce.connect()
     dce.bind(lsat.MSRPC_UUID_LSAT)
 
-    op2 = lsat.hLsarOpenPolicy2(dce, MAXIMUM_ALLOWED | lsat.POLICY_LOOKUP_NAMES)
+    op2 = lsad.hLsarOpenPolicy2(dce, MAXIMUM_ALLOWED | lsat.POLICY_LOOKUP_NAMES)
 
     if sid is None:
       res = lsad.hLsarQueryInformationPolicy2(dce, op2['PolicyHandle'], lsad.POLICY_INFORMATION_CLASS.PolicyAccountDomainInformation)
@@ -3004,11 +3041,11 @@ def connect(self, host, port, user, password, sid):
     self.sid = sid
     self.policy_handle = op2['PolicyHandle']
 
-    return DCE_Connection(dce, smbt)
+    return DCE_Connection(dce, rpctransport)
 
-  def execute(self, host, port='139', user='', password='', sid=None, rid=None, persistent='1'):
+  def execute(self, host, port='445', user='', password='', password_hash=None, domain='', sid=None, rid=None, persistent='1'):
 
-    fp, _ = self.bind(host, port, user, password, sid)
+    dce, _ = self.bind(host, port, user, password, domain, password_hash, sid)
 
     if rid:
       sid = '%s-%s' % (self.sid, rid)
@@ -3016,24 +3053,32 @@ def execute(self, host, port='139', user='', password='', sid=None, rid=None, pe
       sid = self.sid
 
     try:
-      res = lsat.hLsarLookupSids(fp, self.policy_handle, [sid], lsat.LSAP_LOOKUP_LEVEL.LsapLookupWksta)
+      res = lsat.hLsarLookupSids(dce, self.policy_handle, [sid], lsat.LSAP_LOOKUP_LEVEL.LsapLookupWksta)
 
       code, names = 0, []
       for n, item in enumerate(res['TranslatedNames']['Names']):
         names.append("%s\\%s (%s)" % (res['ReferencedDomains']['Domains'][item['DomainIndex']]['Name'], item['Name'], SID_NAME_USE.enumItems(item['Use']).name[7:]))
 
-    except lsat.DCERPCSessionError:
+    except DCERPCException:
       code, names = 1, ['unknown'] # STATUS_NONE_MAPPED
 
     if persistent == '0':
       self.reset()
 
     return self.Response(code, ', '.join(names))
+
 # }}}
 
 # POP {{{
 from poplib import POP3, POP3_SSL, error_proto as pop_error
 
+class POP_Connection(TCP_Connection):
+  def close(self):
+    if PY3:
+      self.fp.close()
+    else:
+      self.fp.quit()
+
 class POP_login(TCP_Cache):
   '''Brute-force POP3'''
 
@@ -3063,7 +3108,7 @@ def connect(self, host, port, ssl, timeout):
         port = 995
       fp = POP3_SSL(host, int(port)) # timeout=int(timeout)) # no timeout option in python2
 
-    return TCP_Connection(fp, fp.welcome)
+    return POP_Connection(fp, fp.welcome)
 
   def execute(self, host, port='', ssl='0', user=None, password=None, timeout='10', persistent='1'):
 
@@ -3084,7 +3129,7 @@ def execute(self, host, port='', ssl='0', user=None, password=None, timeout='10'
 
     except pop_error as e:
       logger.debug('pop_error: %s' % e)
-      resp = e.args[0]
+      resp = ', '.join(map(B, e.args))
 
     if persistent == '0':
       self.reset()
@@ -3178,19 +3223,17 @@ def execute(self, host, port='', ssl='0', user=None, password=None):
     with Timing() as timing:
       fp = klass(host, port)
 
-    code, resp = 0, fp.welcome
+    code, resp = 0, B(fp.welcome)
 
     try:
       if user is not None and password is not None:
         with Timing() as timing:
           r = fp.login(user, password)
-        resp = ', '.join(r[1])
-
-      # doesn't it need to self.reset() to test more creds?
+        code, resp = r[0], ', '.join(map(B, r[1]))
 
     except IMAP4.error as e:
       logger.debug('imap_error: %s' % e)
-      code, resp = 1, str(e)
+      code, resp = 1, ', '.join(map(B, e.args))
 
     return self.Response(code, resp, timing)
 
@@ -3202,8 +3245,8 @@ class Rlogin_login(TCP_Cache):
 
   usage_hints = (
     """Please note that rlogin requires to bind a socket to an Internet domain privileged port.""",
-    """%prog host=10.0.0.1 user=root luser=FILE0 0=logins.txt persistent=0 -x ignore:fgrep=Password:""",
-    """%prog host=10.0.0.1 user=john password=FILE0 0=passwords.txt -x 'reset:egrep!=Login incorrect.+login:'""",
+    """%prog host=10.0.0.1 user=root luser=FILE0 0=logins.txt""",
+    """%prog host=10.0.0.1 user=john password=FILE0 0=passwords.txt""",
     )
 
   available_options = (
@@ -3234,7 +3277,7 @@ def connect(self, host, port, timeout):
 
     return TCP_Connection(fp)
 
-  def execute(self, host, port='513', luser='root', user='', password=None, prompt_re='\w+:', timeout='10', persistent='1'):
+  def execute(self, host, port='513', luser='root', user='', password=None, prompt_re='\w+:', timeout='10', persistent='0'):
 
     fp, _ = self.bind(host, port, timeout=int(timeout))
 
@@ -3249,22 +3292,22 @@ def execute(self, host, port='513', luser='root', user='', password=None, prompt
       else:
         fp.write(b('%s\r' % user))
 
-      _, _, resp = fp.expect([prompt_re], timeout=timeout) # expecting the Password: prompt
-      trace += resp
+      _, m, raw = fp.expect([prompt_re], timeout=timeout) # expecting the Password: prompt
+      logger.debug('raw: %r' % raw)
+      trace += raw
 
-      if password is not None:
+      if m and password is not None:
         fp.write(b('%s\r' % password))
-        _, _, resp = fp.expect([prompt_re], timeout=timeout) # expecting the login: prompt
-        trace += resp
+        _, _, raw = fp.expect([prompt_re], timeout=timeout) # expecting the login: prompt
+        logger.debug('raw: %r' % raw)
+        trace += raw
 
     if persistent == '0':
       self.reset()
 
-    resp = B(resp)
-    trace = B(trace)
-
-    mesg = repr(resp.strip())[1:-1]
+    mesg = B(raw).strip()
     return self.Response(0, mesg, timing, trace)
+
 # }}}
 
 # VMauthd {{{
@@ -3439,9 +3482,11 @@ def execute(self, host, port='3306', user='', password='', query='select @@versi
       fp.query(query)
 
     rs = fp.store_result()
-    rows = rs.fetch_row(10, 0)
+    rows = rs.fetch_row(maxrows=0, how=0)
+
+    logger.debug('fetched %d rows: %s' % (len(rows), rows))
 
-    code, mesg = '0', '\n'.join(', '.join(map(str, r)) for r in filter(any, rows))
+    code, mesg = '0', '\n'.join(', '.join(map(B, r)) for r in filter(any, rows))
     return self.Response(code, mesg, timing)
 
 # }}}
@@ -3501,6 +3546,7 @@ def execute(self, host, port='1433', user='', password='', windows_auth='0', dom
     fp.disconnect()
 
     return self.Response(code, mesg, timing)
+
 # }}}
 
 # Oracle {{{
@@ -3589,7 +3635,7 @@ def execute(self, host, port='5432', user=None, password=None, database='postgre
 
     except psycopg2.OperationalError as e:
       logger.debug('OperationalError: %s' % e)
-      code, mesg = '1', str(e)[:-1]
+      code, mesg = '1', str(e).strip()
 
     return self.Response(code, mesg, timing)
 
@@ -3636,9 +3682,6 @@ def __str__(self):
   def match_clen(self, val):
     return match_range(self.content_length, val)
 
-  def match_fgrep(self, val):
-    return val in self.mesg
-
   def match_egrep(self, val):
     return re.search(val, self.mesg, re.M)
 
@@ -4065,7 +4108,7 @@ def execute(self, url=None, host=None, port='8009', path='/', params='', query='
 
 # }}}
 
-# {{{ RDP
+# RDP {{{
 if not which('xfreerdp'):
   notfound.append('xfreerdp')
 
@@ -4101,10 +4144,11 @@ def execute(self, host, port='3389', user=None, password=None):
     elif 'Authentication only, exit status 0' in err:
       err = 'OK'
 
-    mesg = repr((out + err).strip())[1:-1]
+    mesg = (out + err).strip()
     trace = '[out]\n%s\n[err]\n%s' % (out, err)
 
     return self.Response(code, mesg, timing, trace)
+
 # }}}
 
 # VNC {{{
@@ -4340,16 +4384,17 @@ def distro():
     import re
     files = ['/usr/share/nmap/nmap-protocols', '/usr/share/nmap/nmap-services', '/etc/protocols', '/etc/services']
     ret = []
-    for f in files:
-      if not os.path.isfile(f):
-        logger.warn("File '%s' is missing, there will be less records to test" % f)
+    for filepath in files:
+      if not os.path.isfile(filepath):
+        logger.warn("File '%s' is missing, there will be less records to test" % filepath)
         continue
-      for line in open(f):
-        match = re.match(r'([a-zA-Z0-9]+)\s', line)
-        if not match:
-          continue
-        for w in re.split(r'[^a-z0-9]', match.group(1).strip().lower()):
-          ret.extend(['_%s.%s' % (w, i) for i in ('_tcp', '_udp')])
+      with open(filepath, 'rb') as f:
+        for line in f:
+          match = re.match(r'([a-zA-Z0-9]+)\s', B(line))
+          if not match:
+            continue
+          for w in re.split(r'[^a-z0-9]', match.group(1).strip().lower()):
+            ret.extend(['_%s.%s' % (w, i) for i in ('_tcp', '_udp')])
     return ret
 
   srv = set(common + distro())
@@ -4827,7 +4872,7 @@ def execute(self, zipfile, password):
       out, err = map(B, p.communicate())
       code = p.returncode
 
-    mesg = repr(out.strip())[1:-1]
+    mesg = out.strip()
     trace = '%s\n[out]\n%s\n[err]\n%s' % (cmd, out, err)
 
     return self.Response(code, mesg, timing, trace)
@@ -4864,7 +4909,7 @@ def execute(self, keystore, password, storetype='jks'):
       out, err = map(B, p.communicate())
       code = p.returncode
 
-    mesg = repr(out.strip())[1:-1]
+    mesg = out.strip()
     trace = '%s\n[out]\n%s\n[err]\n%s' % (cmd, out, err)
 
     return self.Response(code, mesg, timing, trace)
@@ -4873,7 +4918,10 @@ def execute(self, keystore, password, storetype='jks'):
 
 # SQLCipher {{{
 try:
-  from pysqlcipher3 import dbapi2 as sqlcipher
+  if PY3:
+    from pysqlcipher3 import dbapi2 as sqlcipher
+  else:
+    from pysqlcipher import dbapi2 as sqlcipher
 except ImportError:
   notfound.append('pysqlcipher')
 
@@ -4964,12 +5012,14 @@ def execute(self, host, port, data='', timeout='2', ssl='0'):
     if ssl != '0':
       fp = wrap_socket(fp)
     fp.send(unhexlify(data))
+    #fp.send(b(data))
     with Timing() as timing:
       resp = fp.recv(1024)
     fp.close()
 
     code = 0
-    mesg = B(hexlify(resp))
+    #mesg = B(hexlify(resp))
+    mesg = B(resp)
 
     return self.Response(code, mesg, timing)
 
@@ -5076,6 +5126,7 @@ def execute(self, data, data2='', delay='1'):
   'pysqlcipher': [('sqlcipher_pass',), 'https://github.com/rigglemania/pysqlcipher3', '1.0.3'],
   'python': [('ftp_login',), 'Patator requires Python 3.6 or above and may still work on Python 2.'],
   }
+
 # }}}
 
 # main {{{
diff --git a/run-tests.sh b/run-tests.sh
new file mode 100755
index 0000000..1ba355a
--- /dev/null
+++ b/run-tests.sh
@@ -0,0 +1,108 @@
+#!/bin/bash
+
+case "$1" in
+  python2|python3)
+    PYTHON=$1
+    ;;
+  *)
+    docker-compose up -d --build
+
+    $0 python3
+    $0 python2
+
+    exit 0
+  ;;
+esac
+
+UNIX='unix'
+ORACLE='oracle'
+MSSQL='mssql'
+
+LOGS='-l ./asdf -y --hits ./hits.txt'
+
+run()
+{
+  echo
+  echo "$ $@"
+  docker-compose run --rm --entrypoint "$PYTHON patator.py" patator "$@"
+}
+
+echo
+echo ">>> $PYTHON"
+
+run ftp_login host=$UNIX
+run ftp_login host=$UNIX user=userRANGE0 password=PasswordRANGE0 0=int:0-9
+
+run ssh_login host=$UNIX
+run ssh_login host=$UNIX user=userRANGE0 password=PasswordRANGE0 0=int:0-9
+
+run telnet_login host=$UNIX
+run telnet_login host=$UNIX inputs='userRANGE0\nPasswordRANGE0' 0=int:0-9 prompt_re='login:|Password:' timeout=5
+
+run smtp_vrfy host=$UNIX
+run smtp_vrfy host=$UNIX user=userRANGE0 0=int:1-500 -x ignore:fgrep='User unknown' -x ignore,reset,retry:code=421 --auto-progress 10
+
+run smtp_rcpt host=$UNIX
+run smtp_rcpt host=$UNIX mail_from=root@localhost user=userRANGE0@localhost 0=int:1-200 -x ignore:fgrep='User unknown'
+
+run smtp_login host=$UNIX
+run smtp_login host=$UNIX user=userRANGE0 password=PasswordRANGE0 0=int:0-30 starttls=1 #-x ignore,reset,retry:code=421
+
+run finger_lookup host=$UNIX
+run finger_lookup host=$UNIX user=userRANGE0 0=int:0-20 -x ignore:fgrep='no such user'
+
+run ldap_login host=$UNIX
+run ldap_login host=$UNIX binddn='cn=admin,dc=example,dc=com' bindpw=PasswordRANGE0 0=int:0-9 basedn='dc=example,dc=com'
+
+run smb_login host=$UNIX
+run smb_login host=$UNIX user=userRANGE0 password=PasswordRANGE0 0=int:0-9
+
+run pop_login host=$UNIX
+run pop_login host=$UNIX user=userRANGE0 password=PasswordRANGE0 0=int:0-9
+
+run pop_passd host=$UNIX
+run pop_passd host=$UNIX user=userRANGE0 password=PasswordRANGE0 0=int:0-9
+
+run imap_login host=$UNIX
+run imap_login host=$UNIX user=userRANGE0 password=PasswordRANGE0 0=int:0-9
+
+run rlogin_login host=$UNIX user=userRANGE0 password=PasswordRANGE0 0=int:0-9
+
+run mysql_login host=$UNIX
+run mysql_login host=$UNIX user=root password=PasswordRANGE0 0=int:0-9
+
+run mysql_query host=$UNIX user=root password=Password1 query='select host, user from mysql.user'
+run mysql_query host=$UNIX user=root password=Password1 query='select load_file("/etc/hosts")'
+
+run mssql_login host=$MSSQL user=sa password=PasswordRANGE0 0=int:0-9
+
+run oracle_login host=$ORACLE sid=xRANGE0 0=lower:a-f -t 1
+run oracle_login host=$ORACLE sid=xe user=sys password=oraclRANGE0 0=lower:a-f
+
+run pgsql_login host=$UNIX
+run pgsql_login host=$UNIX user=postgres password=PasswordRANGE0 0=int:0-9
+
+run http_fuzz url="http://$UNIX/RANGE0" 0=lower:a-zzz -x ignore:code=404
+run http_fuzz url=http://$UNIX:8080/manager/html user_pass=tomcat:PasswordRANGE0 0=int:0-9
+
+run ajp_fuzz url=ajp://$UNIX/manager/html user_pass=tomcat:PasswordRANGE0 0=int:0-9
+
+run vnc_login host=$UNIX port=5900 password=PassworRANGE0 0=lower:a-f
+
+run dns_reverse host=NET0 0=216.239.32.0-216.239.32.255,8.8.8.0/24 -x ignore:code=3 -x ignore:fgrep!=google.com -x ignore:fgrep=216-239-
+run dns_forward name=MOD0.microsoft.com 0=SRV qtype=SRV -x ignore:code=3 --auto-progress 15
+
+run unzip_pass zipfile=enc.zip password=PasswordRANGE0 0=int:0-9
+run keystore_pass keystore=keystore.jks password=PasswordRANGE0 0=int:0-9
+run sqlcipher_pass database=enc.db password=PasswordRANGE0 0=int:0-9
+run umbraco_crack hashlist=@umbraco_users.pw password=PasswordRANGE0 0=int:0-9
+
+run tcp_fuzz host=$UNIX port=4444 data=RANGE0 0=hex:0xf0-0xf9 # $LOGS
+
+echo -e '\xde\xad\xbe\xef\nprintable ascii' > dummy.txt
+run dummy_test delay=0 data=FILE0 0=dummy.txt data2=RANGE1 1=lower:a-b
+
+echo -e 'wrong pass\np\x1fssw\x09rd' > user9.pass
+run ssh_login host=unix user=user9 password=FILE0 0=user9.pass
+
+rm -f dummy.txt user9.pass
diff --git a/testing/unix/Dockerfile b/testing/unix/Dockerfile
new file mode 100644
index 0000000..6778ab8
--- /dev/null
+++ b/testing/unix/Dockerfile
@@ -0,0 +1,118 @@
+FROM ubuntu:18.04
+
+MAINTAINER Sebastien Macke <lanjelot@gmail.com>
+
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
+RUN { for i in {3..5}; do useradd -m -s /bin/bash user$i; echo -e "Password$i\nPassword$i" | passwd user$i; done; } \
+ && useradd -m user9 && echo -e 'p\x1fssw\x09rd\np\x1fssw\x09rd' | passwd user9
+
+ENV DEBIAN_FRONTEND=noninteractive 
+
+RUN apt-get update && apt-get install -y vsftpd openssh-server telnetd rsh-redone-server fingerd apache2 socat
+
+RUN { echo "postfix postfix/mailname string ubuntu-bionic"; \
+      echo "postfix postfix/main_mailer_type string 'Internet Site'"; \
+    } | debconf-set-selections \
+  && apt-get update && apt-get install -y postfix mail-stack-delivery \
+  && postconf -e 'smtpd_sasl_exceptions_networks='
+
+RUN echo 'ServerName localhost' >> /etc/apache2/apache2.conf \
+  && mkdir /var/www/html/{wp,pma,bak} && echo secret > /var/www/html/key
+
+RUN LDAPPW=Password1; \
+  { \
+    echo slapd slapd/internal/generated_adminpw password $LDAPPW; \
+    echo slapd slapd/password2 password $LDAPPW; \
+    echo slapd slapd/internal/adminpw password $LDAPPW; \
+    echo slapd slapd/password1 password $LDAPPW; \
+    echo slapd slapd/domain string example.com; \
+    echo slapd shared/organization string example.com;  \
+  } | debconf-set-selections \
+  && apt-get update && apt-get install -y slapd ldap-utils
+
+RUN MYSRP=Password1; \
+  { echo "mysql-server mysql-server/root_password password $MYSRP"; \
+    echo "mysql-server mysql-server/root_password_again password $MYSRP"; \
+  } | debconf-set-selections \
+  && apt-get update && apt-get install -y mysql-server \
+  && sed -i "s/bind-address.*/bind-address = 0.0.0.0/" /etc/mysql/mysql.conf.d/mysqld.cnf \
+  && echo secure_file_priv= >> /etc/mysql/mysql.conf.d/mysqld.cnf \
+  && Q1="GRANT ALL ON *.* TO 'root'@'%' IDENTIFIED BY '$MYSRP' WITH GRANT OPTION;" \
+  && Q2="FLUSH PRIVILEGES;" \
+  && SQL="${Q1}${Q2}" \
+  && rm -f /etc/apparmor.d/usr.sbin.mysqld \
+  && service mysql start \
+  && mysql -uroot -p"$MYSRP" -e "$SQL"
+
+RUN PGPW=Password1 \
+  && apt-get update && apt-get install -y postgresql \
+  && sed -ie 's,127.0.0.1/32,0.0.0.0/0,' /etc/postgresql/10/main/pg_hba.conf \
+  && sed -ie "s,^#listen_addresses = 'localhost',listen_addresses = '*'," /etc/postgresql/10/main/postgresql.conf \
+  && service postgresql start \
+  && su - postgres -c "psql -c \"ALTER USER postgres WITH PASSWORD '$PGPW';\" -c '\\q'" \
+  && su - postgres -c "PGPASSWORD='$PGPW' psql -d postgres -w --no-password -h localhost -p 5432 -t -c 'SELECT version()'"
+
+RUN apt-get update && apt-get install -y tomcat9 tomcat9-admin \
+  && TOMCATPW=Password1 \
+  && echo '<?xml version="1.0" encoding="UTF-8"?><tomcat-users xmlns="http://tomcat.apache.org/xml" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd" version="1.0"><user username="tomcat" password="Password1" roles="manager-gui"/></tomcat-users>' > /etc/tomcat9/tomcat-users.xml \
+  && sed -ie 's,^.*Define an AJP .* Connector on port.*$,<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />,' /etc/tomcat9/server.xml \
+  && sed -ie 's,catalina.realm.LockOutRealm",catalina.realm.LockOutRealm" lockOutTime="0",' /etc/tomcat9/server.xml \
+  && echo -e "#!/bin/bash\n\
+export CATALINA_HOME=/usr/share/tomcat9\n\
+export CATALINA_BASE=/var/lib/tomcat9\n\
+export CATALINA_TMPDIR=/tmp\n\
+export SECURITY_MANAGER=true\n\
+export JAVA_OPTS=-Djava.awt.headless=true\n\
+/usr/libexec/tomcat9/tomcat-update-policy.sh\n\
+/usr/libexec/tomcat9/tomcat-start.sh &\n" > /usr/local/sbin/start-tomcat.sh
+
+RUN apt-get update && apt-get install -y dovecot-imapd dovecot-pop3d poppassd \
+  && sed -ie 's,^#login_trusted_networks = *$,login_trusted_networks = 0.0.0.0/0,' /etc/dovecot/dovecot.conf
+
+RUN apt-get update && apt-get install -y p7zip-full \
+ && 7za a -pPassword1 /root/enc.zip /etc/passwd
+
+RUN apt-get update && apt-get install -y openjdk-11-jre-headless \
+ && keytool -genkey -alias test -storepass Password1 -keypass Password1 -keystore /root/keystore.jks -dname "CN=a,OU=b,O=c,L=d,ST=e,C=f"
+
+RUN apt-get update && apt-get install -y sqlcipher \
+  && sqlcipher /root/enc.db "PRAGMA key = 'Password1';create table a(id int);"
+
+RUN echo -e 'user1:kW+7AlKMnSZQIRluNxwJOMiohAw=\nuser2:oBk37hmkFgZdZ247+g6c0Ay6Vw8=\nuser3:kW+7AlKMnSZQIRluNxwJOMiohAw=' > /root/umbraco_users.pw
+
+RUN apt-get update && apt-get install -y tightvncserver \
+  && useradd -m vncuser && mkdir ~vncuser/.vnc && echo Password | vncpasswd -f > ~vncuser/.vnc/passwd \
+  && chmod 400 ~vncuser/.vnc/passwd && chown -R vncuser:vncuser ~vncuser/.vnc
+
+# utils
+RUN sed -i 's:^path-exclude=/usr/share/man:#path-exclude=/usr/share/man:' /etc/dpkg/dpkg.cfg.d/excludes \
+  && apt-get update && apt-get install -y man manpages-posix iproute2 mlocate lsof sudo vim less \
+telnet finger rsh-client smbclient \
+  && echo 'set bg=dark' > /root/.vimrc \
+  && usermod -aG sudo user3
+
+RUN apt-get update && apt-get install -y samba \
+  && { for i in {3..5}; do echo -e "Password$i\nPassword$i" | smbpasswd -a "user$i"; done; } \
+  && sed -ie 's,map to guest =,#map to guest =,' /etc/samba/smb.conf
+
+RUN echo -e "echo Starting services\n\
+service vsftpd start\n\
+service ssh start\n\
+/usr/sbin/inetd\n\
+service postfix start\n\
+service dovecot start\n\
+service apache2 start\n\
+service slapd start\n\
+service mysql start\n\
+service postgresql start\n\
+bash /usr/local/sbin/start-tomcat.sh\n\
+socat tcp-l:106,fork,reuseaddr exec:/usr/sbin/poppassd &\n\
+socat tcp-l:4444,fork,reuseaddr exec:\"echo -e 'W\xe1\xc0me'\" &\n\
+cp -v /root/enc.zip /root/keystore.jks /root/enc.db /root/umbraco_users.pw /opt/patator/\n\
+su - vncuser -c 'vncserver -rfbport 5900'\n\
+service smbd start\n\
+touch /opt/patator/.all-started\n\
+tail -f /dev/null\n" > /usr/local/sbin/start-all-services.sh
+
+CMD ["bash", "/usr/local/sbin/start-all-services.sh"]

From eb7ac4b4ba78c99bcfd4f537147e826832fc1de8 Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Tue, 21 Jul 2020 20:39:46 +1000
Subject: [PATCH 34/74] Fix #138 to add dcom_login module

---
 patator.py              | 37 ++++++++++++++++++++++++++++++++++++-
 run-tests.sh            |  5 +++++
 testing/unix/Dockerfile |  1 -
 3 files changed, 41 insertions(+), 2 deletions(-)

diff --git a/patator.py b/patator.py
index ed4eb80..18f2abe 100755
--- a/patator.py
+++ b/patator.py
@@ -47,6 +47,7 @@
   + pop_passd      : Brute-force poppassd (http://netwinsite.com/poppassd/)
   + imap_login     : Brute-force IMAP4
   + ldap_login     : Brute-force LDAP
+  + dcom_login     : Brute-force DCOM
   + smb_login      : Brute-force SMB
   + smb_lookupsid  : Brute-force SMB SID-lookup
   + rlogin_login   : Brute-force rlogin
@@ -2856,6 +2857,39 @@ def execute(self, host, port='79', user='', timeout='5'):
     resp.lines = [l.strip('\r\n') for l in mesg.split('\n')]
 
     return resp
+# }}}
+
+# DCOM {{{
+from impacket.dcerpc.v5.dcomrt import DCOMConnection
+from impacket.dcerpc.v5.dcom import wmi
+
+class DCOM_login:
+  '''Brute-force DCOM'''
+
+  usage_hints = (
+    """%prog host=10.0.0.1 user='admin' password=FILE0 0=passwords.txt""",
+    )
+
+  available_options = (
+    ('host', 'target host'),
+    ('user', 'usernames to test'),
+    ('password', 'passwords to test'),
+    ('domain', 'domains to test'),
+    )
+  available_actions = ()
+
+  Response = Response_Base
+
+  def execute(self, host, user='', password='', domain=''):
+    dcom = DCOMConnection(host, user, password, domain)
+    try:
+      with Timing() as timing:
+        iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
+        code, mesg = 0, 'OK'
+    except Exception as e:
+      code, mesg = 1, e.error_string
+    dcom.disconnect()
+    return self.Response(code, mesg, timing)
 
 # }}}
 
@@ -5077,6 +5111,7 @@ def execute(self, data, data2='', delay='1'):
   ('pop_passd', (Controller, POP_passd)),
   ('imap_login', (Controller, IMAP_login)),
   ('ldap_login', (Controller, LDAP_login)),
+  ('dcom_login', (Controller, DCOM_login)),
   ('smb_login', (Controller, SMB_login)),
   ('smb_lookupsid', (Controller, SMB_lookupsid)),
   ('rlogin_login', (Controller, Rlogin_login)),
@@ -5109,7 +5144,7 @@ def execute(self, data, data2='', delay='1'):
   'libcurl': [('http_fuzz', 'rdp_gateway'), 'https://curl.haxx.se/', '7.58.0'],
   'ajpy': [('ajp_fuzz',), 'https://github.com/hypn0s/AJPy/', '0.0.4'],
   'openldap': [('ldap_login',), 'http://www.openldap.org/', '2.4.45'],
-  'impacket': [('smb_login', 'smb_lookupsid', 'mssql_login'), 'https://github.com/CoreSecurity/impacket', '0.9.20'],
+  'impacket': [('smb_login', 'smb_lookupsid', 'dcom_login', 'mssql_login'), 'https://github.com/CoreSecurity/impacket', '0.9.20'],
   'pyopenssl': [('mssql_login',), 'https://pyopenssl.org/', '19.1.0'],
   'cx_Oracle': [('oracle_login',), 'http://cx-oracle.sourceforge.net/', '7.3.0'],
   'mysqlclient': [('mysql_login',), 'https://github.com/PyMySQL/mysqlclient-python', '1.4.6'],
diff --git a/run-tests.sh b/run-tests.sh
index 1ba355a..39f419a 100755
--- a/run-tests.sh
+++ b/run-tests.sh
@@ -1,5 +1,10 @@
 #!/bin/bash
 
+if ! type docker-compose 2>/dev/null; then
+  echo 'docker-compose is required'
+  exit 1
+fi
+
 case "$1" in
   python2|python3)
     PYTHON=$1
diff --git a/testing/unix/Dockerfile b/testing/unix/Dockerfile
index 6778ab8..d4c1d6a 100644
--- a/testing/unix/Dockerfile
+++ b/testing/unix/Dockerfile
@@ -112,7 +112,6 @@ socat tcp-l:4444,fork,reuseaddr exec:\"echo -e 'W\xe1\xc0me'\" &\n\
 cp -v /root/enc.zip /root/keystore.jks /root/enc.db /root/umbraco_users.pw /opt/patator/\n\
 su - vncuser -c 'vncserver -rfbport 5900'\n\
 service smbd start\n\
-touch /opt/patator/.all-started\n\
 tail -f /dev/null\n" > /usr/local/sbin/start-all-services.sh
 
 CMD ["bash", "/usr/local/sbin/start-all-services.sh"]

From 288dac8bf140b3ee56ea25de0582147e472b48ff Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Sun, 26 Jul 2020 09:22:54 +1000
Subject: [PATCH 35/74] Add SNMP tests

---
 Dockerfile              |  6 ++--
 README.md               |  1 +
 docker-compose.yml      |  6 +++-
 patator.py              | 75 ++++++++++++++++++++++++++---------------
 run-tests.sh            | 25 ++++++++++++--
 testing/unix/Dockerfile |  6 ++++
 6 files changed, 86 insertions(+), 33 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 7c66bf3..a55bd37 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -23,13 +23,13 @@ RUN wget https://download.oracle.com/otn_software/linux/instantclient/instantcli
  && rm -f instantclient-basiclite-linuxx64.zip \
  && unzip instantclient-sdk-linuxx64.zip \
  && rm -f instantclient-sdk-linuxx64.zip \
- && cd /opt/oracle/instantclient* \
+ && cd /opt/oracle/instantclient_* \
  && rm -f *jdbc* *occi* *mysql* *README *jar uidrvci genezi adrci \
- && echo /opt/oracle/instantclient* > /etc/ld.so.conf.d/oracle-instantclient.conf \
+ && echo /opt/oracle/instantclient_* > /etc/ld.so.conf.d/oracle-instantclient.conf \
  && ldconfig
 
 RUN git clone --branch 5.3 https://github.com/oracle/python-cx_Oracle \
- && cd python-cx_Oracle && export ORACLE_HOME=/opt/oracle/instantclient_19_6 && python2 setup.py build && python2 setup.py install
+ && cd python-cx_Oracle && export ORACLE_HOME=$(echo /opt/oracle/instantclient_*) && python2 setup.py build && python2 setup.py install
 
 # xfreerdp (see https://github.com/FreeRDP/FreeRDP/wiki/Compilation)
 RUN apt-get update && apt-get install -y ninja-build build-essential git-core debhelper cdbs dpkg-dev autotools-dev cmake pkg-config xmlto libssl-dev docbook-xsl xsltproc libxkbfile-dev libx11-dev libwayland-dev libxrandr-dev libxi-dev libxrender-dev libxext-dev libxinerama-dev libxfixes-dev libxcursor-dev libxv-dev libxdamage-dev libxtst-dev libcups2-dev libpcsclite-dev libasound2-dev libpulse-dev libjpeg-dev libgsm1-dev libusb-1.0-0-dev libudev-dev libdbus-glib-1-dev uuid-dev libxml2-dev libgstreamer1.0-dev libgstreamer-plugins-base1.0-dev libfaad-dev libfaac-dev \
diff --git a/README.md b/README.md
index 9f37fdb..0e15175 100644
--- a/README.md
+++ b/README.md
@@ -19,6 +19,7 @@ Currently it supports the following modules:
 * pop_passd      : Brute-force poppassd (not POP3)
 * imap_login     : Brute-force IMAP
 * ldap_login     : Brute-force LDAP
+* dcom_login     : Brute-force DCOM
 * smb_login      : Brute-force SMB
 * smb_lookupsid  : Brute-force SMB SID-lookup
 * rlogin_login   : Brute-force rlogin
diff --git a/docker-compose.yml b/docker-compose.yml
index df8a123..02763dc 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -3,7 +3,7 @@ services:
   unix:
     build: testing/unix
     image: patator-unix-testing
-#    ports:
+#   ports:
 #      - "21:21"
 #      - "22:22"
 #      - "23:23"
@@ -26,6 +26,7 @@ services:
 #      - "5900:5900"
 #      - "8009:8009"
 #      - "8080:8080"
+#      - "161:161/udp"
     volumes:
       - .:/opt/patator
 
@@ -51,5 +52,8 @@ services:
       - unix
       - oracle
       - mssql
+    environment:
+      - DISPLAY
     volumes:
       - .:/opt/patator
+      - /tmp/.X11-unix:/tmp/.X11-unix
diff --git a/patator.py b/patator.py
index 18f2abe..684c32d 100755
--- a/patator.py
+++ b/patator.py
@@ -2931,7 +2931,7 @@ def execute(self, host, port='389', binddn='', bindpw='', basedn='', ssl='0'):
       code = p.returncode
 
     mesg = (out + err).strip()
-    trace = '[out]\n%s\n[err]\n%s' % (out, err)
+    trace = '%s\n[out]\n%s\n[err]\n%s\n' % (' '.join(cmd), out, err)
 
     return self.Response(code, mesg, timing, trace)
 
@@ -4179,7 +4179,7 @@ def execute(self, host, port='3389', user=None, password=None):
       err = 'OK'
 
     mesg = (out + err).strip()
-    trace = '[out]\n%s\n[err]\n%s' % (out, err)
+    trace = '%s\n[out]\n%s\n[err]\n%s\n' % (' '.join(cmd), out, err)
 
     return self.Response(code, mesg, timing, trace)
 
@@ -4681,7 +4681,13 @@ def execute(self, name, server='8.8.8.8', timeout='5', protocol='udp', qtype='AN
 
 # SNMP {{{
 try:
-  from pysnmp.entity.rfc3413.oneliner import cmdgen
+  from pysnmp.hlapi import getCmd, SnmpEngine, CommunityData, UsmUserData
+  from pysnmp.hlapi import UdpTransportTarget, ContextData, ObjectType, ObjectIdentity
+  from pysnmp.hlapi import usmHMACMD5AuthProtocol, usmHMACSHAAuthProtocol, usmHMAC384SHA512AuthProtocol
+  from pysnmp.hlapi import usmDESPrivProtocol, usmAesCfb128Protocol
+
+  SNMP_AUTHPROTO = {'md5': usmHMACMD5AuthProtocol, 'sha': usmHMACSHAAuthProtocol, 'sha512': usmHMAC384SHA512AuthProtocol}
+  SNMP_PRIVPROTO = {'des': usmDESPrivProtocol, 'aes': usmAesCfb128Protocol}
 except ImportError:
   notfound.append('pysnmp')
 
@@ -4703,13 +4709,12 @@ class SNMP_login:
     ('host', 'target host'),
     ('port', 'target port [161]'),
     ('version', 'SNMP version to use [2|3|1]'),
-    #('security_name', 'SNMP v1/v2 username, for most purposes it can be any arbitrary string [test-agent]'),
     ('community', 'SNMPv1/2c community names to test [public]'),
-    ('user', 'SNMPv3 usernames to test [myuser]'),
-    ('auth_key', 'SNMPv3 pass-phrases to test [my_password]'),
-    #('priv_key', 'SNMP v3 secret key for encryption'), # see http://pysnmp.sourceforge.net/docs/4.x/index.html#UsmUserData
-    #('auth_protocol', ''),
-    #('priv_protocol', ''),
+    ('user', 'SNMPv3 usernames to test [op5user]'),
+    ('auth_key', 'SNMPv3 passwords to test [authPass]'),
+    ('auth_proto', 'SNMPv3 authentication protocol [md5|sha|sha512]'),
+    ('priv_key', 'SNMPv3 encryption key'),
+    ('priv_proto', 'SNMPv3 encryption protocol [des|aes]'),
     ('timeout', 'seconds to wait for a response [1]'),
     ('retries', 'number of successive request retries [2]'),
     )
@@ -4717,32 +4722,48 @@ class SNMP_login:
 
   Response = Response_Base
 
-  def execute(self, host, port=None, version='2', community='public', user='myuser', auth_key='my_password', timeout='1', retries='2'):
-    if version in ('1', '2'):
-      security_model = cmdgen.CommunityData('test-agent', community, 0 if version == '1' else 1)
+  def execute(self, host, port=None, version='2', community='public', user='op5user', auth_key='authPass', auth_proto='md5', priv_key='', priv_proto='des', timeout='1', retries='2'):
+    if version in ('1', '2', '2c'):
+      security_model = CommunityData(community, mpModel=0 if version == '1' else 1)
 
     elif version == '3':
-      security_model = cmdgen.UsmUserData(user, auth_key) # , priv_key)
-      if len(auth_key) < 8:
-        return self.Response('1', 'SNMPv3 requires passphrases to be at least 8 characters long')
+      if auth_proto not in SNMP_AUTHPROTO:
+        raise ValueError('Unsupported SNMPv3 auth protocol %r' % auth_proto)
+      if priv_proto not in SNMP_PRIVPROTO:
+        raise ValueError('Unsupported SNMPv3 priv protocol %r' % priv_proto)
+
+      if len(auth_key) < 8 or priv_key and len(priv_key) < 8:
+        return self.Response('1', 'SNMPv3 requires passwords to be at least 8 characters long')
+
+      kwargs = dict(authKey=auth_key, authProtocol=SNMP_AUTHPROTO[auth_proto])
+      if priv_key:
+        kwargs.update(dict(privKey=priv_key, privProtocol=SNMP_PRIVPROTO[priv_proto]))
+
+      security_model = UsmUserData(user, **kwargs)
 
     else:
       raise ValueError('Incorrect SNMP version %r' % version)
 
     with Timing() as timing:
-      errorIndication, errorStatus, errorIndex, varBinds = cmdgen.CommandGenerator().getCmd(
-        security_model,
-        cmdgen.UdpTransportTarget((host, int(port or 161)), timeout=int(timeout), retries=int(retries)),
-        (1, 3, 6, 1, 2, 1, 1, 1, 0)
+      errorIndication, errorStatus, errorIndex, varBinds = next(
+        getCmd(
+          SnmpEngine(),
+          security_model,
+          UdpTransportTarget((host, int(port or 161)), timeout=int(timeout), retries=int(retries)),
+          ContextData(),
+          ObjectType(ObjectIdentity('SNMPv2-MIB', 'sysDescr', 0))) #(1, 3, 6, 1, 2, 1, 1, 1, 0)
         )
 
-    code = '%d-%d' % (errorStatus, errorIndex)
-    if not errorIndication:
-      mesg = '%s' % varBinds
-    else:
+    if errorIndication:
       mesg = '%s' % errorIndication
+    elif errorStatus:
+      mesg = '%s' % (errorStatus.prettyPrint())
+      if errorIndex > 0:
+        mesg += ' %s' % varBinds[int(errorIndex) - 1][0]
+    else:
+      mesg = ''.join(' = '.join([x.prettyPrint() for x in varBind]) for varBind in varBinds)
 
-    return self.Response(code, mesg, timing)
+    return self.Response(int(errorStatus), mesg, timing)
 
 # }}}
 
@@ -4856,7 +4877,7 @@ def execute(self, host, port='500', transform='5,1,1,2', aggressive='0', groupna
       out, err = map(B, p.communicate())
       code = p.returncode
 
-    trace = '%s\n[out]\n%s\n[err]\n%s' % (cmd, out, err)
+    trace = '%s\n[out]\n%s\n[err]\n%s\n' % (' '.join(cmd), out, err)
     logger.debug('trace: %r' % trace)
 
     has_sa = 'SA=(' in out
@@ -4907,7 +4928,7 @@ def execute(self, zipfile, password):
       code = p.returncode
 
     mesg = out.strip()
-    trace = '%s\n[out]\n%s\n[err]\n%s' % (cmd, out, err)
+    trace = '%s\n[out]\n%s\n[err]\n%s\n' % (' '.join(cmd), out, err)
 
     return self.Response(code, mesg, timing, trace)
 
@@ -4944,7 +4965,7 @@ def execute(self, keystore, password, storetype='jks'):
       code = p.returncode
 
     mesg = out.strip()
-    trace = '%s\n[out]\n%s\n[err]\n%s' % (cmd, out, err)
+    trace = '%s\n[out]\n%s\n[err]\n%s\n' % (' '.join(cmd), out, err)
 
     return self.Response(code, mesg, timing, trace)
 
diff --git a/run-tests.sh b/run-tests.sh
index 39f419a..c4123ad 100755
--- a/run-tests.sh
+++ b/run-tests.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-if ! type docker-compose 2>/dev/null; then
+if ! type docker-compose &>/dev/null; then
   echo 'docker-compose is required'
   exit 1
 fi
@@ -22,6 +22,8 @@ esac
 UNIX='unix'
 ORACLE='oracle'
 MSSQL='mssql'
+WIN10='' # vagrant add senglin/win-7-enterprise
+VPN=''   #
 
 LOGS='-l ./asdf -y --hits ./hits.txt'
 
@@ -29,7 +31,7 @@ run()
 {
   echo
   echo "$ $@"
-  docker-compose run --rm --entrypoint "$PYTHON patator.py" patator "$@"
+  docker-compose run --no-deps --rm --entrypoint "$PYTHON patator.py" patator "$@"
 }
 
 echo
@@ -62,6 +64,16 @@ run ldap_login host=$UNIX binddn='cn=admin,dc=example,dc=com' bindpw=PasswordRAN
 run smb_login host=$UNIX
 run smb_login host=$UNIX user=userRANGE0 password=PasswordRANGE0 0=int:0-9
 
+if [[ ! -z $WIN10 ]]; then
+  run smb_login host=$WIN10 user=vagranRANGE0 password=vagranRANGE0 0=lower:r-v
+  run smb_lookupsid host=$WIN10 user=vagrant password=vagrant rid=RANGE0 0=int:500-2000 -x ignore:code=1
+  run dcom_login host=$WIN10 user=vagranRANGE0 password=vagranRANGE0 0=lower:r-v
+
+  xhost +si:localuser:root
+    run rdp_login host=$WIN10 user=vagranRANGE0 password=vagranRANGE0 0=lower:r-v
+  xhost -si:localuser:root
+fi
+
 run pop_login host=$UNIX
 run pop_login host=$UNIX user=userRANGE0 password=PasswordRANGE0 0=int:0-9
 
@@ -97,6 +109,15 @@ run vnc_login host=$UNIX port=5900 password=PassworRANGE0 0=lower:a-f
 run dns_reverse host=NET0 0=216.239.32.0-216.239.32.255,8.8.8.0/24 -x ignore:code=3 -x ignore:fgrep!=google.com -x ignore:fgrep=216-239-
 run dns_forward name=MOD0.microsoft.com 0=SRV qtype=SRV -x ignore:code=3 --auto-progress 15
 
+run snmp_login host=$UNIX community=publiRANGE0 0=lower:a-f
+run snmp_login host=$UNIX community=public version=3 user=userRANGE0 0=int:0-5 auth_key=whatever
+run snmp_login host=$UNIX community=public version=3 user=user3 auth_proto=sha auth_key=authPasRANGE0 0=lower:q-v
+run snmp_login host=$UNIX community=public version=3 user=user3 auth_proto=sha auth_key=authPass priv_proto=aes priv_key=privPasRANGE0 0=lower:q-v
+
+if [[ ! -z $VPN ]]; then
+  run ike_enum host=$VPN transform=MOD0 0=TRANS aggressive=RANGE1 1=int:0-1 -x ignore:fgrep=NO-PROPOSAL
+fi
+
 run unzip_pass zipfile=enc.zip password=PasswordRANGE0 0=int:0-9
 run keystore_pass keystore=keystore.jks password=PasswordRANGE0 0=int:0-9
 run sqlcipher_pass database=enc.db password=PasswordRANGE0 0=int:0-9
diff --git a/testing/unix/Dockerfile b/testing/unix/Dockerfile
index d4c1d6a..a1a027b 100644
--- a/testing/unix/Dockerfile
+++ b/testing/unix/Dockerfile
@@ -96,6 +96,11 @@ RUN apt-get update && apt-get install -y samba \
   && { for i in {3..5}; do echo -e "Password$i\nPassword$i" | smbpasswd -a "user$i"; done; } \
   && sed -ie 's,map to guest =,#map to guest =,' /etc/samba/smb.conf
 
+RUN apt-get update && apt-get install -y snmpd snmp \
+  && sed -ie 's,agentAddress  udp:127.0.0.1:161,agentAddress  udp:161,' /etc/snmp/snmpd.conf \
+  && echo 'createUser user3 SHA authPass AES privPass' >> /var/lib/snmp/snmpd.conf \
+  && echo 'rouser user3 priv .1' >> /etc/snmp/snmpd.conf
+
 RUN echo -e "echo Starting services\n\
 service vsftpd start\n\
 service ssh start\n\
@@ -112,6 +117,7 @@ socat tcp-l:4444,fork,reuseaddr exec:\"echo -e 'W\xe1\xc0me'\" &\n\
 cp -v /root/enc.zip /root/keystore.jks /root/enc.db /root/umbraco_users.pw /opt/patator/\n\
 su - vncuser -c 'vncserver -rfbport 5900'\n\
 service smbd start\n\
+service snmpd start\n\
 tail -f /dev/null\n" > /usr/local/sbin/start-all-services.sh
 
 CMD ["bash", "/usr/local/sbin/start-all-services.sh"]

From 0d7661bbb5b404c49f69963ca9ec8b1f73358a77 Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Sun, 26 Jul 2020 10:03:38 +1000
Subject: [PATCH 36/74] Release v0.9

---
 Vagrantfile |  2 +-
 patator.py  | 17 +++++++++++++----
 setup.py    |  2 +-
 3 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/Vagrantfile b/Vagrantfile
index 4f91739..8c0381d 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -14,9 +14,9 @@ apt-get install -y tmux git wget build-essential vim
 apt-get install -y libcurl4-openssl-dev python3-dev libssl-dev # pycurl
 apt-get install -y ldap-utils # ldapsearch
 apt-get install -y libmariadbclient-dev # mysqlclient-python
+apt-get install -y libpq-dev # psycopg2
 apt-get install -y ike-scan unzip default-jdk
 apt-get install -y libsqlite3-dev libsqlcipher-dev # pysqlcipher
-apt-get install -y libpq-dev # psycopg2
 
 # cx_oracle
 apt-get install -y libaio1 wget unzip
diff --git a/patator.py b/patator.py
index 684c32d..6322789 100755
--- a/patator.py
+++ b/patator.py
@@ -18,7 +18,7 @@
 __url__     = 'http://www.hsc.fr/ressources/outils/patator/'
 __git__     = 'https://github.com/lanjelot/patator'
 __twitter__ = 'https://twitter.com/lanjelot'
-__version__ = '0.8-dev'
+__version__ = '0.9'
 __license__ = 'GPLv2'
 __pyver__   = '%d.%d.%d' % sys.version_info[0:3]
 __banner__  = 'Patator %s (%s) with python-%s' % (__version__, __git__, __pyver__)
@@ -609,6 +609,13 @@
 CHANGELOG
 ---------
 
+* v0.9 2020/07/26
+  - fixed encoding bugs
+  - new Dockerfile
+  - new --groups and --auto-progress options
+  - fixed various issues reported on Github
+  - new testing env with docker-compose
+
 * v0.8 2020/03/22
   - new switches (-R, --csv, --xml, --hits)
   - new pathasis option for http_fuzz
@@ -669,7 +676,6 @@
 ----
   * new option -e ns like in Medusa (not likely to be implemented due to design)
   * replace dnspython|paramiko|IPy with a better module (scapy|libssh2|netaddr... ?) // https://netaddr.readthedocs.org/en/latest/tutorial_01.html
-  * use impacket/enum_lookupsids to automatically get the sid
 '''
 
 # }}}
@@ -2860,8 +2866,11 @@ def execute(self, host, port='79', user='', timeout='5'):
 # }}}
 
 # DCOM {{{
-from impacket.dcerpc.v5.dcomrt import DCOMConnection
-from impacket.dcerpc.v5.dcom import wmi
+try:
+  from impacket.dcerpc.v5.dcomrt import DCOMConnection
+  from impacket.dcerpc.v5.dcom import wmi
+except ImportError:
+  notfound.append('impacket')
 
 class DCOM_login:
   '''Brute-force DCOM'''
diff --git a/setup.py b/setup.py
index 5a94067..5a05cbb 100644
--- a/setup.py
+++ b/setup.py
@@ -13,7 +13,7 @@ def parse_requirements(file):
 
 setup(
     name="patator",
-    version="0.8",
+    version="0.9",
     description="multi-purpose brute-forcer",
     long_description=long_description,
     url="https://github.com/lanjelot/patator",

From 6cdc51d73fd391b0cbcfb7b2cde6ba52aa15676e Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Tue, 24 Nov 2020 04:45:41 +1000
Subject: [PATCH 37/74] Fix #149

---
 patator.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/patator.py b/patator.py
index 6322789..0b2a5a3 100755
--- a/patator.py
+++ b/patator.py
@@ -2020,7 +2020,7 @@ def shutdown():
             payload[k] = payload[k].replace('NET%d' % i, prod[i])
         elif t == 'COMBO':
           for j, k in keys:
-            payload[k] = payload[k].replace('COMBO%d%d' % (i, j), prod[i].split(self.combo_delim)[j])
+            payload[k] = payload[k].replace('COMBO%d%d' % (i, j), prod[i].split(self.combo_delim, len(keys)-1)[j])
         elif t == 'MOD':
           for k in keys:
             payload[k] = payload[k].replace('MOD%d' % i, prod[i])

From fed68fd3937be5907d32f6353a57a37d85f468bc Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Sun, 29 Nov 2020 22:22:51 +1100
Subject: [PATCH 38/74] Fix http_fuzz auto_urlencode

---
 patator.py | 31 ++++++++++++++++++++++++++-----
 1 file changed, 26 insertions(+), 5 deletions(-)

diff --git a/patator.py b/patator.py
index 6322789..a0e3fc5 100755
--- a/patator.py
+++ b/patator.py
@@ -969,13 +969,13 @@ def process_logs(queue, indicatorsfmt, argv, log_dir, runtime_file, csv_file, xm
 
 if PY3:
   from queue import Empty, Full
-  from urllib.parse import quote, urlencode, urlparse, urlunparse, parse_qsl, quote_plus
+  from urllib.parse import quote, urlencode, urlparse, urlunparse, quote_plus, unquote
   from io import StringIO
   from sys import maxsize as maxint
 else:
   from Queue import Empty, Full
-  from urllib import quote, urlencode, quote_plus
-  from urlparse import urlparse, urlunparse, parse_qsl
+  from urllib import quote, urlencode, quote_plus, unquote
+  from urlparse import urlparse, urlunparse
   from cStringIO import StringIO
   from sys import maxint
 
@@ -1377,6 +1377,27 @@ def flatten(l):
       r.append(ppstr(x))
   return r
 
+def parse_query(qs, keep_blank_values=False, encoding='utf-8', errors='replace'):
+  '''Same as urllib.parse.parse_qsl but without replacing '+' with ' '
+  '''
+  pairs = [s2 for s1 in qs.split('&') for s2 in s1.split(';')]
+  r = []
+
+  for name_value in pairs:
+    if not name_value:
+      continue
+    nv = name_value.split('=', 1)
+    if len(nv) != 2:
+      if keep_blank_values:
+        nv.append('')
+      else:
+        continue
+    if len(nv[1]) or keep_blank_values:
+      name = unquote(nv[0], encoding=encoding, errors=errors)
+      value = unquote(nv[1], encoding=encoding, errors=errors)
+      r.append((name, value))
+  return r
+
 # }}}
 
 # Controller {{{
@@ -3978,8 +3999,8 @@ def debug_func(t, s):
 
     if auto_urlencode == '1':
       path = quote(path)
-      query = urlencode(parse_qsl(query, True))
-      body = urlencode(parse_qsl(body, True))
+      query = urlencode(parse_query(query, True))
+      body = urlencode(parse_query(body, True))
 
     if port:
       host = '%s:%s' % (host, port)

From 2692d6a5c97998538793e0aef465fbb744e1bea4 Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Sun, 29 Nov 2020 22:47:47 +1100
Subject: [PATCH 39/74] Add docker usage to README

---
 README.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/README.md b/README.md
index 0e15175..b9a30af 100644
--- a/README.md
+++ b/README.md
@@ -51,6 +51,15 @@ Please donate if you like this project! :)
 
 Many thanks! [@lanjelot](https://twitter.com/lanjelot)
 
+## Install
+
+```
+git clone https://github.com/lanjelot/patator.git
+docker build -t patator patator/
+git clone https://github.com/danielmiessler/SecLists.git
+docker run -it --rm -v $PWD/SecLists/Passwords:/mnt patator dummy_test data=FILE0 0=/mnt/richelieu-french-top5000.txt
+```
+
 ## Usage Examples
 
 * FTP : Enumerating users denied login in `vsftpd/userlist`

From d96663bc3da45c0386fae7a3e1ddeb008af32143 Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Wed, 23 Dec 2020 21:00:16 +1100
Subject: [PATCH 40/74] New skip action

---
 patator.py | 43 ++++++++++++++++++++++++++++++++++---------
 1 file changed, 34 insertions(+), 9 deletions(-)

diff --git a/patator.py b/patator.py
index b4d4c87..e9679cb 100755
--- a/patator.py
+++ b/patator.py
@@ -1406,7 +1406,8 @@ class Controller:
   builtin_actions = (
     ('ignore', 'do not report'),
     ('retry', 'try payload again'),
-    ('free', 'dismiss future similar payloads'),
+    ('skip', 'skip keyword value'),
+    ('free', 'skip parameter value'),
     ('quit', 'terminate execution now'),
     )
 
@@ -1587,6 +1588,7 @@ def __init__(self, module, argv):
     self.ns = manager.Namespace()
     self.ns.actions = {}
     self.ns.free_list = []
+    self.ns.skip_list = []
     self.ns.paused = False
     self.ns.quit_now = False
     self.ns.start_time = 0
@@ -1745,12 +1747,10 @@ def lookup_actions(self, resp):
           actions[action] = opts
     return actions
 
-  def check_free(self, payload):
-    # free_list: 'host=10.0.0.1', 'user=anonymous', 'host=10.0.0.7,user=test', ...
-    for m in self.ns.free_list:
-      args = m.split(',', 1)
-      for arg in args:
-        k, v = arg.split('=', 1)
+  def should_free(self, payload):
+    # free_list: [[('host', '10.0.0.1')], [('user', 'anonymous')], [('host', '10.0.0.7'),('user','test')], ...
+    for l in self.ns.free_list:
+      for k, v in l:
         if payload[k] != v:
           break
       else:
@@ -1759,9 +1759,24 @@ def check_free(self, payload):
     return False
 
   def register_free(self, payload, opts):
-    self.ns.free_list += [','.join('%s=%s' % (k, payload[k]) for k in opts.split('+'))]
+    self.ns.free_list += [[(k, payload[k]) for k in opts.split('+')]]
     logger.debug('free_list updated: %s' % self.ns.free_list)
 
+  def should_skip(self, prod):
+    # skip_list: [[(0, '10.0.0.1')], [(1, 'anonymous')], [(0, '10.0.0.7'), (1, 'test')], ...
+    for l in self.ns.skip_list:
+      for k, v in l:
+        if prod[k] != v:
+          break
+      else:
+        return True
+
+    return False
+
+  def register_skip(self, prod, opts):
+    self.ns.skip_list += [[(k, prod[k]) for k in map(int, opts.split('+'))]]
+    logger.debug('skip_list updated: %s' % self.ns.skip_list)
+
   def fire(self):
     logger.info('Starting %s at %s' % (__banner__, strftime('%Y-%m-%d %H:%M %Z', localtime())))
 
@@ -2058,7 +2073,13 @@ def shutdown():
       logger.debug('product: %s' % prod)
       prod_str = ':'.join(prod)
 
-      if self.check_free(payload):
+      if self.should_free(payload):
+        logger.debug('skipping')
+        report_queue.put(('skip', prod_str, None, 0))
+        continue
+
+      if self.should_skip(prod):
+        logger.debug('skipping')
         report_queue.put(('skip', prod_str, None, 0))
         continue
 
@@ -2118,6 +2139,10 @@ def shutdown():
           self.register_free(payload, actions['free'])
           break
 
+        if 'skip' in actions:
+          self.register_skip(prod, actions['skip'])
+          break
+
         if 'fail' in actions:
           break
 

From 452819f80710e23041f0e7d019f992e83831f123 Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Wed, 23 Dec 2020 21:28:55 +1100
Subject: [PATCH 41/74] Update documentation

---
 patator.py | 190 +++++++++++++++++++++++++++--------------------------
 1 file changed, 98 insertions(+), 92 deletions(-)

diff --git a/patator.py b/patator.py
index e9679cb..1e6b56a 100755
--- a/patator.py
+++ b/patator.py
@@ -175,15 +175,14 @@
 * Shortcuts (optional)
 ln -s path/to/patator.py /usr/bin/ftp_login
 ln -s path/to/patator.py /usr/bin/http_fuzz
-so on ...
+etc.
 
 
 USAGE
 -----
 
-$ python patator.py <module> -h
-or
-$ <module> -h  (if you created the shortcuts)
+$ python patator.py <module> -h # or
+$ <module> -h                   # if shortcuts were created
 
 There are global options and module options:
   - all global options start with - or --
@@ -193,6 +192,9 @@
 ---------
 ./module host=FILE0 port=FILE1 foobar=FILE2.google.FILE3 0=hosts.txt 1=ports.txt 2=foo.txt 3=bar.txt
 
+If a module option starts with the @ character, data will be loaded from the given filename.
+$ ./http_fuzz raw_request=@req.txt 0=vhosts.txt 1=uagents.txt
+
 The keywords (FILE, COMBO, NET, ...) act as place-holders. They indicate the type of wordlist
 and where to replace themselves with the actual words to test.
 
@@ -214,7 +216,7 @@
 10.0.0.2 root password
 ...
 
-While a smarter way might be:
+While a more effective order might be:
 ---------
 $ ./module host=FILE2 user=FILE1 password=FILE0 2=hosts.txt 1=logins.txt 0=passwords.txt
 10.0.0.1 root password
@@ -242,9 +244,6 @@
 Use ',' to iterate over the cartesian product of sets and use ':' to iterate
 over sets simultaneously.
 
-If the value of a module option starts with the @ character, the rest should be
-a filename. The contents of the file will be loaded into the option:
-./module raw_request=@req.txt 0=vhosts.txt 1=uagents.txt
 
 * Keywords
 
@@ -256,13 +255,13 @@
 ---------
 ./module host=NET0 0=10.0.1.0/24,10.0.2.0/24,10.0.3.128-10.0.3.255
 
-Fuzzing a parameter by iterating over a range of values.
+Fuzz a parameter by iterating over a range of values.
 ---------
 ./module param=RANGE0 0=hex:0x00-0xffff
 ./module param=RANGE0 0=int:0-500
 ./module param=RANGE0 0=lower:a-zzz
 
-Fuzzing a parameter by iterating over the output of an external program.
+Fuzz a parameter by iterating over the output of an external program.
 ---------
 ./module param=PROG0 0='john -stdout -i'
 ./module param=PROG0 0='mp64.bin ?l?l?l',$(mp64.bin --combination ?l?l?l) # http://hashcat.net/wiki/doku.php?id=maskprocessor
@@ -270,13 +269,13 @@
 
 * Actions & Conditions
 
-Use the -x option to do specific actions upon receiving expected results. For example:
+Use the -x option to do specific actions upon receiving specific responses. For example:
 
-To ignore responses with status code 200 *AND* a size within a specific range.
+Ignore responses with status code 200 *AND* a size within a specific range.
 ---------
 ./module host=10.0.0.1 user=FILE0 -x ignore:code=200,size=57-74
 
-To ignore responses with status code 500 *OR* containing "Internal error".
+Ignore responses with status code 500 *OR* containing "Internal error".
 ---------
 ./module host=10.0.0.1 user=FILE0 -x ignore:code=500 -x ignore:fgrep='Internal error'
 
@@ -284,6 +283,16 @@
 specify ORed conditions.
 
 
+* Actions skip and free
+
+Stop testing the same value from keyword #0 after a valid combination is found.
+---------
+./module data=FILE0.FILE1 -x skip=0:fgrep=Success
+
+Stop testing the same combination after a valid match is found.
+---------
+./module data=FILE0.FILE1 data2=RANGE2 -x free=data:fgrep=Success
+
 * Failures
 
 During execution, failures may happen, such as a TCP connect timeout for
@@ -300,7 +309,7 @@
 
 * Brute-force authentication. Do not report wrong passwords.
 ---------
-ftp_login host=10.0.0.1 user=FILE0 password=FILE1 0=logins.txt 1=passwords.txt -x ignore:mesg='Login incorrect.'
+$ ftp_login host=10.0.0.1 user=FILE0 password=FILE1 0=logins.txt 1=passwords.txt -x ignore:mesg='Login incorrect.'
 
 NB0. If you get errors like "500 OOPS: priv_sock_get_cmd", use -x ignore,reset,retry:code=500
      in order to retry the last login/password using a new TCP connection. Odd servers like vsftpd
@@ -311,18 +320,18 @@
 
 * Same as before, but stop testing a user after his password is found.
 ---------
-ftp_login ... -x free=user:code=0
+$ ftp_login ... -x free=user:code=0
 
 
 * Find anonymous FTP servers on a subnet.
 ---------
-ftp_login host=NET0 user=anonymous password=test@example.com 0=10.0.0.0/24
+$ ftp_login host=NET0 user=anonymous password=test@example.com 0=10.0.0.0/24
 
 }}}
 {{{ SSH
 * Brute-force authentication with password same as login (aka single mode). Do not report wrong passwords.
 ---------
-ssh_login host=10.0.0.1 user=FILE0 password=FILE0 0=logins.txt -x ignore:mesg='Authentication failed.'
+$ ssh_login host=10.0.0.1 user=FILE0 password=FILE0 0=logins.txt -x ignore:mesg='Authentication failed.'
 
 NB. If you get errors like "Error reading SSH protocol banner ... Connection reset by peer",
     try decreasing the number of threads, the server may be enforcing a maximum
@@ -331,12 +340,12 @@
 
 * Brute-force several hosts and stop testing a host after a valid password is found.
 ---------
-ssh_login host=FILE0 user=FILE1 password=FILE2 0=hosts.txt 1=logins.txt 2=passwords.txt -x free=host:code=0
+$ ssh_login host=FILE0 user=FILE1 password=FILE2 0=hosts.txt 1=logins.txt 2=passwords.txt -x free=host:code=0
 
 
 * Same as previous, but stop testing a user on a host after his password is found.
 ---------
-ssh_login host=FILE0 user=FILE1 password=FILE2 0=hosts.txt 1=logins.txt 2=passwords.txt -x free=host+user:code=0
+$ ssh_login host=FILE0 user=FILE1 password=FILE2 0=hosts.txt 1=logins.txt 2=passwords.txt -x free=host+user:code=0
 
 }}}
 {{{ Telnet
@@ -345,10 +354,10 @@
   (a) Enter login after first prompt is detected, enter password after second prompt.
   (b) The regex to detect the login and password prompts.
   (c) Reconnect when we get no login prompt back (max number of tries reached or successful login).
-------------                    (a)
-telnet_login host=10.0.0.1 inputs='FILE0\nFILE1' 0=logins.txt 1=passwords.txt
- prompt_re='tux login:|Password:' -x reset:egrep!='Login incorrect.+tux login:'
- (b)                             (c)
+------------                 (a)
+$ telnet_login host=10.0.0.1 inputs='FILE0\nFILE1' 0=logins.txt 1=passwords.txt \
+    prompt_re='tux login:|Password:' -x reset:egrep!='Login incorrect.+tux login:'
+    (b)                              (c)
 
 NB. If you get errors like "telnet connection closed", try decreasing the number of threads,
     the server may be enforcing a maximum number of concurrent connections.
@@ -358,22 +367,21 @@
 
 * Enumerate valid users using the VRFY command.
   (a) Do not report invalid recipients.
-  (b) Do not report when the server shuts us down with "421 too many errors",
-      reconnect and resume testing.
----------                                               (a)
-smtp_vrfy host=10.0.0.1 user=FILE0 0=logins.txt -x ignore:fgrep='User unknown in local
- recipient table' -x ignore,reset,retry:code=421
-                             (b)
+  (b) Do not report when the server shuts us down with "421 too many errors", reconnect and resume testing.
+---------                                         (a)
+$ smtp_vrfy host=10.0.0.1 user=FILE0 0=logins.txt -x ignore:fgrep='User unknown in local recipient table' \
+    -x ignore,reset,retry:code=421
+    (b)
 
 * Use the RCPT TO command in case the VRFY command is not available.
 ---------
-smtp_rcpt host=10.0.0.1 user=FILE0@localhost 0=logins.txt helo='ehlo mx.fb.com' mail_from=root
+$ smtp_rcpt host=10.0.0.1 user=FILE0@localhost 0=logins.txt helo='ehlo mx.fb.com' mail_from=root
 
 
 * Brute-force authentication.
   (a) Send a fake hostname (by default your host fqdn is sent)
-------------             (a)
-smtp_login host=10.0.0.1 helo='ehlo its.me.com' user=FILE0@dom.com password=FILE1 0=logins.txt 1=passwords.txt
+---------                  (a)
+$ smtp_login host=10.0.0.1 helo='ehlo its.me.com' user=FILE0@dom.com password=FILE1 0=logins.txt 1=passwords.txt
 
 }}}
 {{{ HTTP
@@ -383,10 +391,10 @@
   (b) Follow redirects.
   (c) Do not report 404 errors.
   (d) Retry on 500 errors.
----------                                             (a)
-http_fuzz url=http://localhost/FILE0 0=words.txt header='Cookie: SESSID=A2FD8B2DA4'
- follow=1 -x ignore:code=404 -x ignore,retry:code=500
- (b)            (c)                  (d)
+---------                                          (a)
+$ http_fuzz url=http://localhost/FILE0 0=words.txt header='Cookie: SESSID=A2FD8B2DA4' \
+    follow=1 -x ignore:code=404 -x ignore,retry:code=500
+    (b)      (c)                (d)
 
 NB. You may be able to go 10 times faster using webef (http://www.hsc.fr/ressources/outils/webef/).
     It is the fastest HTTP brute-forcer I know, yet at the moment it still lacks useful features
@@ -396,60 +404,61 @@
   (a) Use POST requests.
   (b) Follow redirects using cookies sent by server.
   (c) Ignore failed authentications.
----------                                             (a)         (b)        (b)
-http_fuzz url=http://10.0.0.1/phpmyadmin/index.php method=POST follow=1 accept_cookie=1
- body='pma_username=root&pma_password=FILE0&server=1&lang=en' 0=passwords.txt
- -x ignore:fgrep='Cannot log in to the MySQL server'
-             (c)
+---------                                            (a)         (b)      (b)
+$ http_fuzz url=http://10.0.0.1/phpmyadmin/index.php method=POST follow=1 accept_cookie=1 \
+    body='pma_username=root&pma_password=FILE0&server=1&lang=en' 0=passwords.txt \
+    -x ignore:fgrep='Cannot log in to the MySQL server'
+    (c)
 
 * Scan subnet for directory listings.
   (a) Ignore not matching reponses.
   (b) Save matching responses into directory.
 ---------
-http_fuzz url=http://NET0/FILE1 0=10.0.0.0/24 1=dirs.txt -x ignore:fgrep!='Index of'
- -l /tmp/directory_listings                                             (a)
-      (b)
+$ http_fuzz url=http://NET0/FILE1 0=10.0.0.0/24 1=dirs.txt -x ignore:fgrep!='Index of' \
+    -l /tmp/directory-listings                             (a)
+    (b)
 
 * Brute-force Basic authentication.
   (a) Single mode (login == password).
   (b) Do not report failed login attempts.
 ---------
-http_fuzz url=http://10.0.0.1/manager/html user_pass=FILE0:FILE0 0=logins.txt -x ignore:code=401
-                                                   (a)                                (b)
+$ http_fuzz url=http://10.0.0.1/manager/html user_pass=FILE0:FILE0 0=logins.txt -x ignore:code=401
+                                             (a)                                (b)
 
 * Find hidden virtual hosts.
   (a) Read template from file.
   (b) Fuzz both the Host and User-Agent headers.
+  (c) Stop testing a virtual host name after a valid one is found.
 ---------
-echo -e 'Host: FILE0\nUser-Agent: FILE1' > headers.txt
-http_fuzz url=http://10.0.0.1/ header=@headers.txt 0=vhosts.txt 1=agents.txt
-                                    (a)                       (b)
+$ echo -e 'Host: FILE0\nUser-Agent: FILE1' > headers.txt
+$ http_fuzz url=http://10.0.0.1/ header=@headers.txt 0=vhosts.txt 1=agents.txt -x skip=0:code!=404
+                                 (a)                (b)                           (c)
 
 * Brute-force logon using GET requests.
   (a) Encode everything surrounded by the two tags _@@_ in hexadecimal.
   (b) Ignore HTTP 200 responses with a content size (header+body) within given range
       and that also contain the given string.
   (c) Use a different delimiter string because the comma cannot be escaped.
----------                                                         (a)             (a)
-http_fuzz url='http://10.0.0.1/login?username=admin&password=_@@_FILE0_@@_' -e _@@_:hex
- 0=words.txt -x ignore:'code=200|size=1500-|fgrep=Welcome, unauthenticated user' -X '|'
-                (b)                                                              (c)
+---------                                                                     (a)
+$ http_fuzz url='http://10.0.0.1/login?username=admin&password=_@@_FILE0_@@_' -e _@@_:hex \
+    0=words.txt -x ignore:'code=200|size=1500-|fgrep=Welcome, unauthenticated user' -X '|'
+                (b)                                                                 (c)
 
 * Brute-force logon that enforces two random nonces to be submitted along every POST.
   (a) First, request the page that provides the nonces as hidden input fields.
   (b) Use regular expressions to extract the nonces that are to be submitted along the main request.
 ---------
-http_fuzz url=http://10.0.0.1/login method=POST body='user=admin&pass=FILE0&nonce1=_N1_&nonce2=_N2_' 0=passwords.txt accept_cookie=1
+$ http_fuzz url=http://10.0.0.1/login method=POST body='user=admin&pass=FILE0&nonce1=_N1_&nonce2=_N2_' 0=passwords.txt accept_cookie=1 \
  before_urls=http://10.0.0.1/index before_egrep='_N1_:<input type="hidden" name="nonce1" value="(\w+)"|_N2_:name="nonce2" value="(\w+)"'
-           (a)                                (b)
+ (a)                               (b)
 
 * Test the OPTIONS method against a list of URLs.
   (a) Ignore URLs that only allow the HEAD and GET methods.
   (b) Header end of line is '\r\n'.
   (c) Use a different delimiter string because the comma cannot be escaped.
 ---------
-http_fuzz url=FILE0 0=urls.txt method=OPTIONS -x ignore:egrep='^Allow: HEAD, GET\r$' -X '|'
-                                                            (a)                 (b)  (c)
+$ http_fuzz url=FILE0 0=urls.txt method=OPTIONS -x ignore:egrep='^Allow: HEAD, GET\r$' -X '|'
+                                                (a)                               (b)  (c)
 }}}
 {{{ LDAP
 
@@ -457,42 +466,40 @@
   (a) Do not report wrong passwords.
   (b) Talk SSL/TLS to port 636.
 ---------
-ldap_login host=10.0.0.1 binddn='cn=FILE0,dc=example,dc=com' 0=logins.txt bindpw=FILE1 1=passwords.txt
- -x ignore:mesg='ldap_bind: Invalid credentials (49)' ssl=1 port=636
-         (a)                                              (b)
+$ ldap_login host=10.0.0.1 binddn='cn=FILE0,dc=example,dc=com' 0=logins.txt bindpw=FILE1 1=passwords.txt \
+    -x ignore:mesg='ldap_bind: Invalid credentials (49)' ssl=1 port=636
+    (a)                                                  (b)
 }}}
 {{{ SMB
 
 * Brute-force authentication.
 ---------
-smb_login host=10.0.0.1 user=FILE0 password=FILE1 0=logins.txt 1=passwords.txt -x ignore:fgrep=STATUS_LOGON_FAILURE
-
-NB. If you suddenly get STATUS_ACCOUNT_LOCKED_OUT errors for an account
-    although it is not the first password you test on this account, then you must
-    have locked it.
+$ smb_login host=10.0.0.1 user=FILE0 password=FILE1 0=logins.txt 1=passwords.txt -x ignore:fgrep=STATUS_LOGON_FAILURE
 
+NB. If you suddenly get STATUS_ACCOUNT_LOCKED_OUT errors for an account although 
+    it is not the first password you test on this account, then you must have locked it.
 
 * Pass-the-hash.
   (a) Test a list of hosts.
   (b) Test every user (each line := login:rid:LM hash:NT hash).
 ---------
-smb_login host=FILE0 0=hosts.txt user=COMBO10 password_hash=COMBO12:COMBO13 1=pwdump.txt -x ...
-             (a)                                         (b)
+$ smb_login host=FILE0 0=hosts.txt user=COMBO10 password_hash=COMBO12:COMBO13 1=pwdump.txt -x ...
+            (a)                                 (b)
 }}}
 {{{ rlogin
 
 * Brute-force usernames that root might be allowed to login as with no password (eg. a ~/.rhosts file with the line "+ root").
-rlogin_login host=10.0.0.1 luser=root user=FILE0 0=logins.txt persistent=0 -x ignore:fgrep=Password:
+$ rlogin_login host=10.0.0.1 luser=root user=FILE0 0=logins.txt persistent=0 -x ignore:fgrep=Password:
 
 * Brute-force usernames that might be allowed to login as root with no password (eg. a /root/.rhosts file with the line "+ john").
-rlogin_login host=10.0.0.1 user=root luser=FILE0 0=logins.txt persistent=0 -x ignore:fgrep=Password:
+$ rlogin_login host=10.0.0.1 user=root luser=FILE0 0=logins.txt persistent=0 -x ignore:fgrep=Password:
 
 }}}
 {{{ MSSQL
 
 * Brute-force authentication.
 -----------
-mssql_login host=10.0.0.1 user=sa password=FILE0 0=passwords.txt -x ignore:fgrep='Login failed for user'
+$ mssql_login host=10.0.0.1 user=sa password=FILE0 0=passwords.txt -x ignore:fgrep='Login failed for user'
 
 }}}
 {{{ Oracle
@@ -501,7 +508,7 @@
 
 * Brute-force authentication.
 ------------
-oracle_login host=10.0.0.1 user=SYS password=FILE0 0=passwords.txt sid=ORCL -x ignore:code=ORA-01017
+$ oracle_login host=10.0.0.1 user=SYS password=FILE0 0=passwords.txt sid=ORCL -x ignore:code=ORA-01017
 
 NB0. With Oracle 10g XE (Express Edition), you do not need to pass a SID.
 
@@ -510,10 +517,9 @@
      more polite. Also you can run "alter system set processes=150 scope=spfile;"
      and restart your database to get rid of this.
 
-
 * Brute-force SID.
 ------------
-oracle_login host=10.0.0.1 sid=FILE0 0=sids.txt -x ignore:code=ORA-12505
+$ oracle_login host=10.0.0.1 sid=FILE0 0=sids.txt -x ignore:code=ORA-12505
 
 NB. Against Oracle9, it may crash (Segmentation fault) as soon as a valid SID is
     found (cx_Oracle bug). Sometimes, the SID gets printed out before the crash,
@@ -524,14 +530,14 @@
 
 * Brute-force authentication.
 -----------
-mysql_login host=10.0.0.1 user=FILE0 password=FILE0 0=logins.txt -x ignore:fgrep='Access denied for user'
+$ mysql_login host=10.0.0.1 user=FILE0 password=FILE0 0=logins.txt -x ignore:fgrep='Access denied for user'
 
 }}}
 {{{ PostgresSQL
 
 * Brute-force authentication.
 -----------
-pgsql_login host=10.0.0.1 user=postgres password=FILE0 0=passwords.txt -x ignore:fgrep='password authentication failed'
+$ pgsql_login host=10.0.0.1 user=postgres password=FILE0 0=passwords.txt -x ignore:fgrep='password authentication failed'
 
 }}}
 {{{ VNC
@@ -547,52 +553,52 @@
   (a) No need to use more than one thread.
   (b) Keep retrying the same password when we are blacklisted by the server.
   (c) Exit execution as soon as a valid password is found.
----------                                               (a)
-vnc_login host=10.0.0.1 password=FILE0 0=passwords.txt --threads 1
- -x retry:fgrep!='Authentication failure' --max-retries -1 -x quit:code=0
-        (b)                                 (b)                 (c)
+---------                                                (a)
+$ vnc_login host=10.0.0.1 password=FILE0 0=passwords.txt --threads 1 \
+    -x retry:fgrep!='Authentication failure' --max-retries -1 -x quit:code=0
+    (b)                                      (b)              (c)
 }}}
 {{{ DNS
 
 * Brute-force subdomains.
   (a) Ignore NXDOMAIN responses (rcode 3).
 -----------
-dns_forward name=FILE0.google.com 0=names.txt -x ignore:code=3
-                                              (a)
+$ dns_forward name=FILE0.google.com 0=names.txt -x ignore:code=3
+                                                (a)
 * Brute-force domain with every possible TLDs.
 -----------
-dns_forward name=google.MOD0 0=TLD -x ignore:code=3
+$ dns_forward name=google.MOD0 0=TLD -x ignore:code=3
 
 * Brute-force SRV records.
 -----------
-dns_forward name=MOD0.microsoft.com 0=SRV qtype=SRV -x ignore:code=3
+$ dns_forward name=MOD0.microsoft.com 0=SRV qtype=SRV -x ignore:code=3
 
 * Grab the version of several hosts.
 -----------
-dns_forward server=FILE0 0=hosts.txt name=version.bind qtype=txt qclass=ch
+$ dns_forward server=FILE0 0=hosts.txt name=version.bind qtype=txt qclass=ch
 
 * Reverse lookup several networks.
   (a) Ignore names that do not contain 'google.com'.
   (b) Ignore generic PTR records.
 -----------
-dns_reverse host=NET0 0=216.239.32.0-216.239.47.255,8.8.8.0/24 -x ignore:code=3 -x ignore:fgrep!=google.com -x ignore:fgrep=216-239-
-                                                                                (a)                         (b)
+$ dns_reverse host=NET0 0=216.239.32.0-216.239.47.255,8.8.8.0/24 -x ignore:code=3 -x ignore:fgrep!=google.com -x ignore:fgrep=216-239-
+                                                                                  (a)                         (b)
 }}}
 {{{ SNMP
 
 * SNMPv1/2 : Find valid community names.
 ----------
-snmp_login host=10.0.0.1 community=FILE0 0=names.txt -x ignore:mesg='No SNMP response received before timeout'
+$ snmp_login host=10.0.0.1 community=FILE0 0=names.txt -x ignore:mesg='No SNMP response received before timeout'
 
 
 * SNMPv3 : Find valid usernames.
 ----------
-snmp_login host=10.0.0.1 version=3 user=FILE0 0=logins.txt -x ignore:mesg=unknownUserName
+$ snmp_login host=10.0.0.1 version=3 user=FILE0 0=logins.txt -x ignore:mesg=unknownUserName
 
 
 * SNMPv3 : Find valid passwords.
 ----------
-snmp_login host=10.0.0.1 version=3 user=myuser auth_key=FILE0 0=passwords.txt -x ignore:mesg=wrongDigest
+$ snmp_login host=10.0.0.1 version=3 user=myuser auth_key=FILE0 0=passwords.txt -x ignore:mesg=wrongDigest
 
 NB0. If you get "notInTimeWindow" error messages, increase the retries option.
 NB1. SNMPv3 requires passphrases to be at least 8 characters long.
@@ -602,7 +608,7 @@
 
 * Brute-force the ZIP file password (cracking older pkzip encryption used to be not supported in JtR).
 ----------
-unzip_pass zipfile=file.zip password=FILE0 0=passwords.txt -x ignore:code!=0
+$ unzip_pass zipfile=file.zip password=FILE0 0=passwords.txt -x ignore:code!=0
 
 }}}
 
@@ -1406,8 +1412,8 @@ class Controller:
   builtin_actions = (
     ('ignore', 'do not report'),
     ('retry', 'try payload again'),
-    ('skip', 'skip keyword value'),
-    ('free', 'skip parameter value'),
+    ('skip', 'stop testing the same keyword value'),
+    ('free', 'stop testing the same option value'),
     ('quit', 'terminate execution now'),
     )
 

From f3983f33aba6b52c4b4d3a5770fc21ef2e457d98 Mon Sep 17 00:00:00 2001
From: Francisco Vilmar Cardoso Ruviaro <francisco.ruviaro@riseup.net>
Date: Mon, 11 Jan 2021 19:29:03 +0000
Subject: [PATCH 42/74] Switched from pycrypto to pycryptodomex

---
 patator.py       | 2 +-
 requirements.txt | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/patator.py b/patator.py
index 1e6b56a..d33845e 100755
--- a/patator.py
+++ b/patator.py
@@ -4248,7 +4248,7 @@ def execute(self, host, port='3389', user=None, password=None):
 
 # VNC {{{
 try:
-  from Crypto.Cipher import DES
+  from Cryptodome.Cipher import DES
 except ImportError:
   notfound.append('pycrypto')
 
diff --git a/requirements.txt b/requirements.txt
index 7e8361d..2d4b3c9 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -6,7 +6,7 @@ pyopenssl
 cx_Oracle
 mysqlclient
 psycopg2-binary
-pycrypto
+pycryptodomex
 dnspython
 IPy
 pysnmp

From 642a6f4c7c837aac41d3840a1401a27ada435557 Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Fri, 29 Jan 2021 21:41:19 +1100
Subject: [PATCH 43/74] Add script to build and push docker image to dockerhub

---
 README.md  |  2 +-
 release.sh | 16 ++++++++++++++++
 2 files changed, 17 insertions(+), 1 deletion(-)
 create mode 100755 release.sh

diff --git a/README.md b/README.md
index b9a30af..d6d6a09 100644
--- a/README.md
+++ b/README.md
@@ -55,8 +55,8 @@ Many thanks! [@lanjelot](https://twitter.com/lanjelot)
 
 ```
 git clone https://github.com/lanjelot/patator.git
-docker build -t patator patator/
 git clone https://github.com/danielmiessler/SecLists.git
+docker build -t patator patator/
 docker run -it --rm -v $PWD/SecLists/Passwords:/mnt patator dummy_test data=FILE0 0=/mnt/richelieu-french-top5000.txt
 ```
 
diff --git a/release.sh b/release.sh
new file mode 100755
index 0000000..ee007bc
--- /dev/null
+++ b/release.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+set -ex
+
+DOCKER_IMAGE='lanjelot/patator'
+GIT_REPO='https://github.com/lanjelot/patator'
+TMP_COPY=$(mktemp -d)
+
+git clone -b master $GIT_REPO  $TMP_COPY
+cd $TMP_COPY
+VERSION=$(echo `git tag|sort -V|tail -1`-`git rev-parse --verify HEAD|cut -b -7`)
+sed -i -e "s,^__version__.*$,__version__ = '$VERSION'," patator.py
+docker build . -t $DOCKER_IMAGE:$VERSION -t $DOCKER_IMAGE:latest 
+
+docker login
+docker push $DOCKER_IMAGE

From c4c8a065d672a1ab45ed69d6eed8f21ca1427c9d Mon Sep 17 00:00:00 2001
From: zamanry <lucashennessy@gmail.com>
Date: Mon, 1 Mar 2021 09:57:15 -0500
Subject: [PATCH 44/74] Corrected & added IKEv1 transforms

---
 README.md  | 34 +++++++++++++++++-----------------
 patator.py | 24 +++++++++++++-----------
 2 files changed, 30 insertions(+), 28 deletions(-)

diff --git a/README.md b/README.md
index d6d6a09..146db80 100644
--- a/README.md
+++ b/README.md
@@ -120,7 +120,7 @@ $ grep AllowNoPassword /tmp/qsdf/72_200\:13215\:0\:0.351.txt
 
 Tested against `phpMyAdmin 4.2.7.1`.
 
-* IKE : Enumerate transforms supported by VPN peer
+* IKEv1 : Enumerate transforms supported by VPN peer
 
 ```
 # ike_enum host=10.0.0.1 transform=MOD0 0=TRANS aggressive=RANGE1 1=int:0-1 -x ignore:fgrep='NO-PROPOSAL'
@@ -129,29 +129,29 @@ Tested against `phpMyAdmin 4.2.7.1`.
 16:52:58 patator    INFO - code  size    time | candidate                          |   num | mesg
 16:52:58 patator    INFO - -----------------------------------------------------------------------------
 16:53:03 patator    INFO - 0     70     0.034 | 5,1,1,2:0                          |  1539 | Handshake returned: Enc=3DES Hash=MD5 Group=2:modp1024 Auth=PSK (Main)
-16:53:03 patator    INFO - 0     72     0.031 | 5,1,65001,2:0                      |  1579 | Handshake returned: Enc=3DES Hash=MD5 Group=2:modp1024 Auth=XAUTH (Main)
+16:53:03 patator    INFO - 0     72     0.031 | 5,1,65001,2:0                      |  1579 | Handshake returned: Enc=3DES Hash=MD5 Group=2:modp1024 Auth=XAUTH&PSK (Main)
 16:53:03 patator    INFO - 0     76     0.033 | 5,1,1,2:1                          |  1540 | Handshake returned: Enc=3DES Hash=MD5 Group=2:modp1024 Auth=PSK (Aggressive)
-16:53:03 patator    INFO - 0     78     0.034 | 5,1,65001,2:1                      |  1580 | Handshake returned: Enc=3DES Hash=MD5 Group=2:modp1024 Auth=XAUTH (Aggressive)
+16:53:03 patator    INFO - 0     78     0.034 | 5,1,65001,2:1                      |  1580 | Handshake returned: Enc=3DES Hash=MD5 Group=2:modp1024 Auth=XAUTH&PSK (Aggressive)
 16:53:06 patator    INFO - 0     84     0.034 | 7/128,2,1,2:0                      |  2371 | Handshake returned: Enc=AES KeyLength=128 Hash=SHA1 Group=2:modp1024 Auth=PSK (Main)
 16:53:06 patator    INFO - 0     90     0.033 | 7/128,2,1,2:1                      |  2372 | Handshake returned: Enc=AES KeyLength=128 Hash=SHA1 Group=2:modp1024 Auth=PSK (Aggressive)
-16:53:06 patator    INFO - 0     86     0.034 | 7/128,2,65001,2:0                  |  2411 | Handshake returned: Enc=AES KeyLength=128 Hash=SHA1 Group=2:modp1024 Auth=XAUTH (Main)
-16:53:06 patator    INFO - 0     92     0.035 | 7/128,2,65001,2:1                  |  2412 | Handshake returned: Enc=AES KeyLength=128 Hash=SHA1 Group=2:modp1024 Auth=XAUTH (Aggressive)
+16:53:06 patator    INFO - 0     86     0.034 | 7/128,2,65001,2:0                  |  2411 | Handshake returned: Enc=AES KeyLength=128 Hash=SHA1 Group=2:modp1024 Auth=XAUTH&PSK (Main)
+16:53:06 patator    INFO - 0     92     0.035 | 7/128,2,65001,2:1                  |  2412 | Handshake returned: Enc=AES KeyLength=128 Hash=SHA1 Group=2:modp1024 Auth=XAUTH&PSK (Aggressive)
 
 + 10.0.0.1:500 (Main Mode)
-    Encryption       Hash         Auth      Group
-    ---------- ----------   ---------- ----------
-          3DES        MD5          PSK   modp1024
-          3DES        MD5        XAUTH   modp1024
-        AES128       SHA1          PSK   modp1024
-        AES128       SHA1        XAUTH   modp1024
+    Encryption       Hash             Auth       Group
+    ---------- ----------       ----------	----------
+          3DES        MD5              PSK    modp1024
+          3DES        MD5        XAUTH&PSK	  modp1024
+        AES128       SHA1              PSK 	  modp1024
+        AES128       SHA1        XAUTH&PSK	  modp1024
 
 + 10.0.0.1:500 (Aggressive Mode)
-    Encryption       Hash         Auth      Group
-    ---------- ----------   ---------- ----------
-          3DES        MD5          PSK   modp1024
-          3DES        MD5        XAUTH   modp1024
-        AES128       SHA1          PSK   modp1024
-        AES128       SHA1        XAUTH   modp1024
+    Encryption       Hash             Auth       Group
+    ---------- ----------       ----------  ----------
+          3DES        MD5              PSK    modp1024
+          3DES        MD5        XAUTH&PSK    modp1024
+        AES128       SHA1              PSK    modp1024
+        AES128       SHA1        XAUTH&PSK	  modp1024
 16:53:11 patator    INFO - Hits/Done/Skip/Fail/Size: 8/3840/0/0/3840, Avg: 284 r/s, Time: 0h 0m 13s
 ```
 
diff --git a/patator.py b/patator.py
index d33845e..969dbf6 100755
--- a/patator.py
+++ b/patator.py
@@ -476,7 +476,7 @@
 ---------
 $ smb_login host=10.0.0.1 user=FILE0 password=FILE1 0=logins.txt 1=passwords.txt -x ignore:fgrep=STATUS_LOGON_FAILURE
 
-NB. If you suddenly get STATUS_ACCOUNT_LOCKED_OUT errors for an account although 
+NB. If you suddenly get STATUS_ACCOUNT_LOCKED_OUT errors for an account although
     it is not the first password you test on this account, then you must have locked it.
 
 * Pass-the-hash.
@@ -4832,19 +4832,21 @@ def execute(self, host, port=None, version='2', community='public', user='op5use
 if not which('ike-scan'):
   notfound.append('ike-scan')
 
-# http://www.iana.org/assignments/ipsec-registry/ipsec-registry.xhtml
+# http://www.iana.org/assignments/ipsec-registry/ipsec-registry.xhtml (except for vendor specifics.) These transforms below are IKEv1 only. IKEv2 is not assessed.
 IKE_ENC   = [('1', 'DES'), ('2', 'IDEA'), ('3', 'BLOWFISH'), ('4', 'RC5'), ('5', '3DES'), ('6', 'CAST'), ('7/128', 'AES128'), ('7/192', 'AES192'), ('7/256', 'AES256'), ('8', 'Camellia')]
+            #('65001', 'Mars'), ('65002', 'RC6'), ('65004', 'Serpent'), ('65005', 'Twofish')]
 IKE_HASH  = [('1', 'MD5'), ('2', 'SHA1'), ('3', 'Tiger'), ('4', 'SHA2-256'), ('5', 'SHA2-384'), ('6', 'SHA2-512')]
-IKE_AUTH  = [('1', 'PSK'), ('2', 'DSS Sig'), ('3', 'RSA Sig'), ('4', 'RSA Enc'), ('5', 'Revised RSA Enc'),
-            #('6', 'EIGAMEL Enc'), ('7', 'Revised EIGAMEL Enc'), ('8', 'ECDSA Sig'), # Reserved
-            #('9', 'ECDSA SHA-256'), ('10', 'ECDSA SHA-384'), ('11', 'ECDSA SHA-512'), # RFC4754
-             ('65001', 'XAUTH'), ('64221', 'Hybrid'), ('64222', 'Hybrid 64222')] #, ('64223', 'Hybrid 64223'), ... ('65002', 'Hybrid 65002') ...
+IKE_AUTH  = [('1', 'PSK'), ('2', 'DSS-Sig'), ('3', 'RSA-Sig'), ('4', 'RSA-Enc'), ('5', 'Revised-RSA-Enc'),
+            ('6', 'EIGAMEL-Enc'), ('7', 'Revised-EIGAMEL-Enc'), #('8', 'ECDSA-Sig'), # Reserved
+            #('9', 'ECDSA-SHA-256'), ('10', 'ECDSA-SHA-384'), ('11', 'ECDSA-SHA-512'), # RFC4754
+            ('128', 'Harkins-CRACK'), # https://tools.ietf.org/html/draft-harkins-ipsec-ike-crack-00.txt
+            ('64221', 'Hybrid-RSA-Sig'), ('64223', 'Hybrid-DSS-Sig'), ('65001', 'XAUTH&PSK')] #, ('65003', 'XAUTH&DSS-Sig'), ('65005', 'XAUTH&RSA-Sig'), ('65007', 'XAUTH&RSA-Enc'), ('65009', 'XAUTH&Revised-RSA-Enc')]
 IKE_GROUP = [('1', 'modp768'), ('2', 'modp1024'), ('5', 'modp1536'),
-            #('3', 'ecc3'), ('4', 'ecc4'), # any implementations?
-            # '6', '7', '8', '9', '10', '11', '12', '13', # only in draft, not RFC
-             ('14', 'modp2048')] #, ('15', 'modp3072'), ('16', 'modp4096'), ('17', 'modp6144'), ('18', 'modp8192')] # RFC3526
-            # '19', '20', '21', '22', '23', '24', '25', '26', # RFC5903
-            # '27', '28', '29', '30', # RFC6932
+            #('3', 'ec2n155'), ('4', 'ec2n185'),
+            # ('6', 'ec2n163'), ('7', 'ec2n163'), ('8', 'ec2n283'), ('9', 'ec2n283'), ('10', 'ec2n409'), ('11', 'ec2n409'), ('12', 'ec2n571'), ('13', 'ec2n571'), # only in draft, not RFC
+            ('14', 'modp2048')] #, ('15', 'modp3072'), ('16', 'modp4096'), ('17', 'modp6144'), ('18', 'modp8192')] # RFC3526
+            # ('19', 'ecp256'), ('20', 'ecp384'), ('21', 'ecp521'), ('22', 'modp1024s160'), ('23', 'modp2048s224'), ('24', 'modp2048s256'), ('25', 'ecp192'), ('26', 'ecp224'), # RFC5903
+            # ('27', 'brainpoolP224r1'), ('28', 'brainpoolP256r1'), ('29', 'brainpoolP384r1'), ('30', 'brainpoolP512r1')] # RFC6932
 
 def generate_transforms():
   lists = list(map(lambda l: [i[0] for i in l], [IKE_ENC, IKE_HASH, IKE_AUTH, IKE_GROUP]))

From 59eb8fa6ff37bb08f13eb4cce61dc25a9caf8f1e Mon Sep 17 00:00:00 2001
From: Lucas Hennessy <lucashennessy@gmail.com>
Date: Sun, 28 Mar 2021 22:24:33 -0400
Subject: [PATCH 45/74] Fixed IKEv1 port variable and enabled enc. ciphers

---
 patator.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/patator.py b/patator.py
index 969dbf6..cf350bf 100755
--- a/patator.py
+++ b/patator.py
@@ -4834,7 +4834,7 @@ def execute(self, host, port=None, version='2', community='public', user='op5use
 
 # http://www.iana.org/assignments/ipsec-registry/ipsec-registry.xhtml (except for vendor specifics.) These transforms below are IKEv1 only. IKEv2 is not assessed.
 IKE_ENC   = [('1', 'DES'), ('2', 'IDEA'), ('3', 'BLOWFISH'), ('4', 'RC5'), ('5', '3DES'), ('6', 'CAST'), ('7/128', 'AES128'), ('7/192', 'AES192'), ('7/256', 'AES256'), ('8', 'Camellia')]
-            #('65001', 'Mars'), ('65002', 'RC6'), ('65004', 'Serpent'), ('65005', 'Twofish')]
+            ('65001', 'Mars'), ('65002', 'RC6'), ('65004', 'Serpent'), ('65005', 'Twofish')]
 IKE_HASH  = [('1', 'MD5'), ('2', 'SHA1'), ('3', 'Tiger'), ('4', 'SHA2-256'), ('5', 'SHA2-384'), ('6', 'SHA2-512')]
 IKE_AUTH  = [('1', 'PSK'), ('2', 'DSS-Sig'), ('3', 'RSA-Sig'), ('4', 'RSA-Enc'), ('5', 'Revised-RSA-Enc'),
             ('6', 'EIGAMEL-Enc'), ('7', 'Revised-EIGAMEL-Enc'), #('8', 'ECDSA-Sig'), # Reserved
@@ -4907,7 +4907,7 @@ class IKE_enum:
 
   available_options = (
     ('host', 'target host'),
-    ('host', 'target port [500]'),
+    ('port', 'target port [500]'),
     ('transform', 'transform to test [5,1,1,2]'),
     ('aggressive', 'use aggressive mode [0|1]'),
     ('groupname', 'identification value for aggressive mode [foo]'),

From 54e09bc5bb2919d0bcf2124fda54a298bd03c903 Mon Sep 17 00:00:00 2001
From: Lucas Hennessy <lucashennessy@gmail.com>
Date: Tue, 13 Apr 2021 11:58:33 -0400
Subject: [PATCH 46/74] Fixed comma/bracket in IKE encryption

---
 patator.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/patator.py b/patator.py
index cf350bf..c5d1bc4 100755
--- a/patator.py
+++ b/patator.py
@@ -4833,7 +4833,7 @@ def execute(self, host, port=None, version='2', community='public', user='op5use
   notfound.append('ike-scan')
 
 # http://www.iana.org/assignments/ipsec-registry/ipsec-registry.xhtml (except for vendor specifics.) These transforms below are IKEv1 only. IKEv2 is not assessed.
-IKE_ENC   = [('1', 'DES'), ('2', 'IDEA'), ('3', 'BLOWFISH'), ('4', 'RC5'), ('5', '3DES'), ('6', 'CAST'), ('7/128', 'AES128'), ('7/192', 'AES192'), ('7/256', 'AES256'), ('8', 'Camellia')]
+IKE_ENC   = [('1', 'DES'), ('2', 'IDEA'), ('3', 'BLOWFISH'), ('4', 'RC5'), ('5', '3DES'), ('6', 'CAST'), ('7/128', 'AES128'), ('7/192', 'AES192'), ('7/256', 'AES256'), ('8', 'Camellia'),
             ('65001', 'Mars'), ('65002', 'RC6'), ('65004', 'Serpent'), ('65005', 'Twofish')]
 IKE_HASH  = [('1', 'MD5'), ('2', 'SHA1'), ('3', 'Tiger'), ('4', 'SHA2-256'), ('5', 'SHA2-384'), ('6', 'SHA2-512')]
 IKE_AUTH  = [('1', 'PSK'), ('2', 'DSS-Sig'), ('3', 'RSA-Sig'), ('4', 'RSA-Enc'), ('5', 'Revised-RSA-Enc'),

From 487109a4ce61d70d9cabc156416c5c7efc788ab6 Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Thu, 17 Jun 2021 19:24:56 +1000
Subject: [PATCH 47/74] Fix Dockerfile

---
 Dockerfile | 31 +++++++++++++++++++------------
 patator.py |  2 +-
 release.sh |  2 +-
 3 files changed, 21 insertions(+), 14 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index a55bd37..3d62408 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,18 +4,23 @@ MAINTAINER Sebastien Macke <lanjelot@gmail.com>
 
 ENV DEBIAN_FRONTEND=noninteractive 
 
-RUN apt-get update && apt-get install -y \
-  build-essential \
-  libcurl4-openssl-dev python3-dev libssl-dev \
-  ldap-utils \
-  libmariadbclient-dev \
-  libpq-dev \
-  ike-scan unzip default-jdk \
-  libsqlite3-dev libsqlcipher-dev \
-  python3-pip python-pip
+RUN apt-get update \
+  && apt-get install -y \
+    build-essential python3-setuptools \
+    libcurl4-openssl-dev python3-dev libssl-dev \
+    ldap-utils \
+    libmariadbclient-dev \
+    libpq-dev \
+    ike-scan unzip default-jdk \
+    libsqlite3-dev libsqlcipher-dev \
+    python3-pip python-pip \
+  && rm -rf /var/lib/apt/lists/*
 
 # cx_oracle
-RUN apt-get update && apt-get install -y libaio1 wget unzip git
+RUN apt-get update \
+  && apt-get install -y libaio1 wget unzip git \
+  && rm -rf /var/lib/apt/lists/*
+
 WORKDIR /opt/oracle
 RUN wget https://download.oracle.com/otn_software/linux/instantclient/instantclient-basiclite-linuxx64.zip \
  && wget https://download.oracle.com/otn_software/linux/instantclient/instantclient-sdk-linuxx64.zip \
@@ -33,7 +38,8 @@ RUN git clone --branch 5.3 https://github.com/oracle/python-cx_Oracle \
 
 # xfreerdp (see https://github.com/FreeRDP/FreeRDP/wiki/Compilation)
 RUN apt-get update && apt-get install -y ninja-build build-essential git-core debhelper cdbs dpkg-dev autotools-dev cmake pkg-config xmlto libssl-dev docbook-xsl xsltproc libxkbfile-dev libx11-dev libwayland-dev libxrandr-dev libxi-dev libxrender-dev libxext-dev libxinerama-dev libxfixes-dev libxcursor-dev libxv-dev libxdamage-dev libxtst-dev libcups2-dev libpcsclite-dev libasound2-dev libpulse-dev libjpeg-dev libgsm1-dev libusb-1.0-0-dev libudev-dev libdbus-glib-1-dev uuid-dev libxml2-dev libgstreamer1.0-dev libgstreamer-plugins-base1.0-dev libfaad-dev libfaac-dev \
- && apt-get install -y libavutil-dev libavcodec-dev libavresample-dev
+ && apt-get install -y libavutil-dev libavcodec-dev libavresample-dev \
+ && rm -rf /var/lib/apt/lists/*
 WORKDIR /opt/FreeRDP
 RUN git clone https://github.com/FreeRDP/FreeRDP/ .
 RUN cmake -DCMAKE_BUILD_TYPE=Debug -DWITH_SSE2=ON . && cmake --build . && cmake --build . --target install
@@ -45,7 +51,8 @@ RUN python3 -m pip install -r requirements.txt
 RUN sed -e '/cx_Oracle/d' -e 's,pysqlcipher3,pysqlcipher,' requirements.txt | python2 -m pip install -r /dev/stdin
 
 # utils
-RUN apt-get update && apt-get install -y ipython3 ipython iputils-ping iproute2 netcat curl rsh-client telnet vim mlocate nmap
+RUN apt-get update && apt-get install -y ipython3 ipython iputils-ping iproute2 netcat curl rsh-client telnet vim mlocate nmap \
+  && rm -rf /var/lib/apt/lists/*
 RUN echo 'set bg=dark' > /root/.vimrc
 
 COPY ./patator.py ./
diff --git a/patator.py b/patator.py
index d33845e..f39bffb 100755
--- a/patator.py
+++ b/patator.py
@@ -714,7 +714,7 @@ def setLevel(self, level):
     self.send('setLevel', level)
 
   def warn(self, msg):
-    self.send('warn', msg)
+    self.send('warning', msg)
 
   def info(self, msg):
     self.send('info', msg)
diff --git a/release.sh b/release.sh
index ee007bc..e9dd072 100755
--- a/release.sh
+++ b/release.sh
@@ -6,7 +6,7 @@ DOCKER_IMAGE='lanjelot/patator'
 GIT_REPO='https://github.com/lanjelot/patator'
 TMP_COPY=$(mktemp -d)
 
-git clone -b master $GIT_REPO  $TMP_COPY
+git clone -b master $GIT_REPO $TMP_COPY
 cd $TMP_COPY
 VERSION=$(echo `git tag|sort -V|tail -1`-`git rev-parse --verify HEAD|cut -b -7`)
 sed -i -e "s,^__version__.*$,__version__ = '$VERSION'," patator.py

From 23d0cfe7d24fbfefd1e4c3fe257d0b5f13771bff Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Wed, 7 Jul 2021 01:49:38 +1000
Subject: [PATCH 48/74] Fix #158

---
 patator.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/patator.py b/patator.py
index f39bffb..65ca0b3 100755
--- a/patator.py
+++ b/patator.py
@@ -2062,7 +2062,7 @@ def shutdown():
             payload[k] = payload[k].replace('NET%d' % i, prod[i])
         elif t == 'COMBO':
           for j, k in keys:
-            payload[k] = payload[k].replace('COMBO%d%d' % (i, j), prod[i].split(self.combo_delim, len(keys)-1)[j])
+            payload[k] = payload[k].replace('COMBO%d%d' % (i, j), prod[i].split(self.combo_delim, max(j for j, _ in keys))[j])
         elif t == 'MOD':
           for k in keys:
             payload[k] = payload[k].replace('MOD%d' % i, prod[i])

From 29511c911a8d1af803c9e2d71c685808ab0e1213 Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Wed, 7 Jul 2021 01:57:26 +1000
Subject: [PATCH 49/74] Fix tabs in README

---
 README.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 146db80..b0af923 100644
--- a/README.md
+++ b/README.md
@@ -139,11 +139,11 @@ Tested against `phpMyAdmin 4.2.7.1`.
 
 + 10.0.0.1:500 (Main Mode)
     Encryption       Hash             Auth       Group
-    ---------- ----------       ----------	----------
+    ---------- ----------       ----------  ----------
           3DES        MD5              PSK    modp1024
-          3DES        MD5        XAUTH&PSK	  modp1024
-        AES128       SHA1              PSK 	  modp1024
-        AES128       SHA1        XAUTH&PSK	  modp1024
+          3DES        MD5        XAUTH&PSK    modp1024
+        AES128       SHA1              PSK    modp1024
+        AES128       SHA1        XAUTH&PSK    modp1024
 
 + 10.0.0.1:500 (Aggressive Mode)
     Encryption       Hash             Auth       Group
@@ -151,7 +151,7 @@ Tested against `phpMyAdmin 4.2.7.1`.
           3DES        MD5              PSK    modp1024
           3DES        MD5        XAUTH&PSK    modp1024
         AES128       SHA1              PSK    modp1024
-        AES128       SHA1        XAUTH&PSK	  modp1024
+        AES128       SHA1        XAUTH&PSK    modp1024
 16:53:11 patator    INFO - Hits/Done/Skip/Fail/Size: 8/3840/0/0/3840, Avg: 284 r/s, Time: 0h 0m 13s
 ```
 

From e48316728feee534e688adbd42b6b9bf9282eb2f Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Wed, 7 Jul 2021 02:01:36 +1000
Subject: [PATCH 50/74] Fix #162

---
 Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 3d62408..0a03221 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -46,7 +46,8 @@ RUN cmake -DCMAKE_BUILD_TYPE=Debug -DWITH_SSE2=ON . && cmake --build . && cmake
 
 WORKDIR /opt/patator
 COPY ./requirements.txt ./
-RUN python3 -m pip install -r requirements.txt
+RUN python3 -m pip install --upgrade pip \
+  && python3 -m pip install -r requirements.txt
 
 RUN sed -e '/cx_Oracle/d' -e 's,pysqlcipher3,pysqlcipher,' requirements.txt | python2 -m pip install -r /dev/stdin
 

From 72efc0b10190bd7ea74fafe2e7c81f76b02dc988 Mon Sep 17 00:00:00 2001
From: Christian Clauss <cclauss@me.com>
Date: Thu, 5 Aug 2021 00:26:36 +0200
Subject: [PATCH 51/74] raw_input() was removed from Python on 1/1/2020

---
 patator.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/patator.py b/patator.py
index 6c67b9a..bb1b003 100755
--- a/patator.py
+++ b/patator.py
@@ -2230,7 +2230,7 @@ def read_command():
 
         command = msvcrt.getche()
         if command == 'x':
-          command += raw_input()
+          command += input()
 
       else:
         i, _, _ = select([sys.stdin], [], [], .1)

From c112a2aa1dd33b08afb0e6c4aad6ee93511cc2da Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Fri, 7 Jan 2022 14:35:10 +1000
Subject: [PATCH 52/74] Fix #156

---
 patator.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/patator.py b/patator.py
index 6c67b9a..06bc120 100755
--- a/patator.py
+++ b/patator.py
@@ -1627,8 +1627,8 @@ def __init__(self, module, argv):
         else:
           if v.startswith('@'):
             p = expand_path(v[1:])
-            with open(p) as f:
-              v = f.read()
+            with open(p, 'rb') as f:
+              v = B(f.read())
 
           kargs.append((k, v))
 

From a93ae7a2529035c9f801dcc350c92e6045cd0c34 Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Fri, 7 Jan 2022 14:49:42 +1000
Subject: [PATCH 53/74] Fix #172

---
 patator.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/patator.py b/patator.py
index 06bc120..f37de96 100755
--- a/patator.py
+++ b/patator.py
@@ -3535,7 +3535,10 @@ def execute(self, host, port='3306', user='anony', password='', timeout='10'):
 
     try:
       with Timing() as timing:
-        fp = _mysql.connect(host=host, port=int(port), user=user, passwd=password, connect_timeout=int(timeout))
+        if PY3:
+          fp = _mysql.connect(host=host, port=int(port), user=user, password=password, connect_timeout=int(timeout))
+        else:
+          fp = _mysql.connect(host=host, port=int(port), user=user, passwd=password, connect_timeout=int(timeout))
 
       resp = '0', fp.get_server_info()
 

From b5ed210b21f1b5a7f3570003981f2244be7a8482 Mon Sep 17 00:00:00 2001
From: Christian Clauss <cclauss@me.com>
Date: Fri, 7 Jan 2022 09:45:10 +0100
Subject: [PATCH 54/74] Fix typos discovered by codespell

---
 patator.py | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/patator.py b/patator.py
index f719a25..13726b8 100755
--- a/patator.py
+++ b/patator.py
@@ -119,7 +119,7 @@
 
     - Iteration over the joined wordlists can be done in any order
 
-  * Save every response (along with request) to seperate log files for later reviewing
+  * Save every response (along with request) to separate log files for later reviewing
 
 
 INSTALL
@@ -411,7 +411,7 @@
     (c)
 
 * Scan subnet for directory listings.
-  (a) Ignore not matching reponses.
+  (a) Ignore not matching responses.
   (b) Save matching responses into directory.
 ---------
 $ http_fuzz url=http://NET0/FILE1 0=10.0.0.0/24 1=dirs.txt -x ignore:fgrep!='Index of' \
@@ -533,7 +533,7 @@
 $ mysql_login host=10.0.0.1 user=FILE0 password=FILE0 0=logins.txt -x ignore:fgrep='Access denied for user'
 
 }}}
-{{{ PostgresSQL
+{{{ PostgreSQL
 
 * Brute-force authentication.
 -----------
@@ -541,7 +541,7 @@
 
 }}}
 {{{ VNC
-Some VNC servers have built-in anti-bruteforce functionnality that temporarily
+Some VNC servers have built-in anti-bruteforce functionality that temporarily
 blacklists the attacker IP address after too many wrong passwords.
  - RealVNC-4.1.3 or TightVNC-1.3.10 for example, allow 5 failed attempts and
    then enforce a 10 second delay. For each subsequent failed attempt that
@@ -656,7 +656,7 @@
 * v0.4 2012/11/02
   - new modules: smb_lookupsid, finger_lookup, pop_login, imap_login, vmauthd_login
   - improved connection cache
-  - improved usage, user can now act upon specific reponses (eg. stop brute-forcing host if down, or stop testing login if password found)
+  - improved usage, user can now act upon specific responses (eg. stop brute-forcing host if down, or stop testing login if password found)
   - improved dns brute-forcing presentation
   - switched to dnspython which is not limited to the IN class (eg. can now scan for {hostname,version}.bind)
   - rewrote itertools.product to avoid memory over-consumption when using large wordlists

From 5072a565f08da19154309fe9ee19a5849f901c69 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Carlos=20Ib=C3=A1=C3=B1ez?= <caribpa@outlook.com>
Date: Sun, 27 Feb 2022 23:34:12 +0100
Subject: [PATCH 55/74] Only set pycurl RESOLVE opt if resolve flag is set and
 not empty

---
 patator.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/patator.py b/patator.py
index 13726b8..7950a43 100755
--- a/patator.py
+++ b/patator.py
@@ -3962,7 +3962,9 @@ def execute(self, url=None, host=None, port='', scheme='http', path='/', params=
     fp.setopt(pycurl.TIMEOUT, int(timeout))
     fp.setopt(pycurl.PROXY, proxy)
     fp.setopt(pycurl.PROXYTYPE, proxy_type)
-    fp.setopt(pycurl.RESOLVE, [resolve])
+
+    if resolve:
+      fp.setopt(pycurl.RESOLVE, [resolve])
 
     def noop(buf): pass
     fp.setopt(pycurl.WRITEFUNCTION, noop)

From 46908228cc85fbc032426a12d048fa372e213da4 Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Thu, 23 Jun 2022 09:15:43 +1000
Subject: [PATCH 56/74] Fix #183

---
 patator.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/patator.py b/patator.py
index 7950a43..02e653e 100755
--- a/patator.py
+++ b/patator.py
@@ -1420,7 +1420,7 @@ class Controller:
   available_encodings = {
     'hex': (lambda s: B(hexlify(s)), 'encode in hexadecimal'),
     'unhex': (lambda s: B(unhexlify(s)), 'decode from hexadecimal'),
-    'b64': (b64encode, 'encode in base64'),
+    'b64': (lambda s: B(b64encode(b(s))), 'encode in base64'),
     'md5': (md5hex, 'hash in md5'),
     'sha1': (sha1hex, 'hash in sha1'),
     'url': (quote_plus, 'url encode'),

From 5adfad0eb9470c3671e7d78a42a35d59b9ead026 Mon Sep 17 00:00:00 2001
From: Gustaf Blomqvist <gustaf.blomqvist98@gmail.com>
Date: Mon, 27 Jun 2022 17:33:53 +0200
Subject: [PATCH 57/74] Write XML ending to correct file when using --xml

Previously when using --xml=FILE the beginning of the XML file would be
written to FILE, while its ending would either (1) not be written at all
(no -l/-L option), or (2) be written to RESULTS.xml in the directory
specified using -l/-L. This patch ensures that the ending of the XML
file is always written to the correct file.
---
 patator.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/patator.py b/patator.py
index 02e653e..0f06c73 100755
--- a/patator.py
+++ b/patator.py
@@ -899,8 +899,8 @@ def process_logs(queue, indicatorsfmt, argv, log_dir, runtime_file, csv_file, xm
     pname, action, args = queue.get()
 
     if action == 'quit':
-      if log_dir:
-        with open(os.path.join(log_dir, 'RESULTS.xml'), 'a') as f:
+      if xml_file or log_dir:
+        with open(results_xml, 'a') as f:
           f.write('</results>\n<stop utc=%s local=%s/>\n</root>\n' % (xmlquoteattr(strfutctime()), xmlquoteattr(strflocaltime())))
       break
 

From c783c8b63f5a6be003bf876713c4014a6f5c9afc Mon Sep 17 00:00:00 2001
From: laxa <laxa@ddracepro.net>
Date: Fri, 1 Sep 2023 09:14:06 +0200
Subject: [PATCH 58/74] Add ed25519 ssh support

---
 patator.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/patator.py b/patator.py
index 02e653e..73d00f0 100755
--- a/patator.py
+++ b/patator.py
@@ -2571,7 +2571,7 @@ def emit(self, record):
   notfound.append('paramiko')
 
 def load_keyfile(keyfile):
-  for cls in (paramiko.RSAKey, paramiko.DSSKey, paramiko.ECDSAKey):
+  for cls in (paramiko.RSAKey, paramiko.DSSKey, paramiko.ECDSAKey, paramiko.Ed25519Key):
     try:
       return cls.from_private_key_file(keyfile)
     except paramiko.SSHException:
@@ -2592,7 +2592,7 @@ class SSH_login(TCP_Cache):
     ('user', 'usernames to test'),
     ('password', 'passwords to test'),
     ('auth_type', 'type of password authentication to use [password|keyboard-interactive|auto]'),
-    ('keyfile', 'file with RSA, DSA or ECDSA private key to test'),
+    ('keyfile', 'file with RSA, DSA, ECDSA or ED25519 private key to test'),
     )
   available_options += TCP_Cache.available_options
 

From e6140a172caa115c87a5f7b8092f7f67bd7bd93d Mon Sep 17 00:00:00 2001
From: Adam Chovanec <chovanec@tutanota.com>
Date: Sat, 7 Oct 2023 20:02:58 +0200
Subject: [PATCH 59/74] fix: progress display is shown when it should not

---
 patator.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/patator.py b/patator.py
index 028d3cf..485a163 100755
--- a/patator.py
+++ b/patator.py
@@ -2234,7 +2234,7 @@ def read_command():
 
       else:
         i, _, _ = select([sys.stdin], [], [], .1)
-        if not i:
+        if not i or not sys.stdin.isatty():
           return None
         command = i[0].readline().strip()
 

From 85fc30104e8aba3653df5c3fc2ea3f2649f640af Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Mon, 9 Oct 2023 16:30:29 +1100
Subject: [PATCH 60/74] Fix #192 #196

---
 Dockerfile              |  70 +++++++++++++++------------
 patator.py              |  31 ++++++++----
 release.sh              |   2 +-
 requirements.txt        |   4 +-
 run-tests.sh            |  19 ++++----
 testing/unix/Dockerfile | 102 +++++++++++++++++++++++++---------------
 6 files changed, 136 insertions(+), 92 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 0a03221..df53652 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,25 +1,25 @@
-FROM ubuntu:18.04
-
-MAINTAINER Sebastien Macke <lanjelot@gmail.com>
+FROM ubuntu:22.04
 
 ENV DEBIAN_FRONTEND=noninteractive 
 
+# dependencies
 RUN apt-get update \
-  && apt-get install -y \
-    build-essential python3-setuptools \
-    libcurl4-openssl-dev python3-dev libssl-dev \
-    ldap-utils \
-    libmariadbclient-dev \
-    libpq-dev \
-    ike-scan unzip default-jdk \
-    libsqlite3-dev libsqlcipher-dev \
-    python3-pip python-pip \
-  && rm -rf /var/lib/apt/lists/*
-
-# cx_oracle
+ && apt-get install -y --no-install-recommends \
+  build-essential python3-setuptools \
+  libcurl4-openssl-dev python3-dev libssl-dev \
+  ldap-utils \
+  libmysqlclient-dev \
+  libpq-dev \
+  ike-scan unzip default-jdk \
+  libsqlite3-dev \
+  libsqlcipher-dev \
+  python3-pip \
+ && rm -rf /var/lib/apt/lists/*
+
+## cx_oracle
 RUN apt-get update \
-  && apt-get install -y libaio1 wget unzip git \
-  && rm -rf /var/lib/apt/lists/*
+ && apt-get install -y --no-install-recommends libaio1 wget unzip git \
+ && rm -rf /var/lib/apt/lists/*
 
 WORKDIR /opt/oracle
 RUN wget https://download.oracle.com/otn_software/linux/instantclient/instantclient-basiclite-linuxx64.zip \
@@ -33,28 +33,38 @@ RUN wget https://download.oracle.com/otn_software/linux/instantclient/instantcli
  && echo /opt/oracle/instantclient_* > /etc/ld.so.conf.d/oracle-instantclient.conf \
  && ldconfig
 
-RUN git clone --branch 5.3 https://github.com/oracle/python-cx_Oracle \
- && cd python-cx_Oracle && export ORACLE_HOME=$(echo /opt/oracle/instantclient_*) && python2 setup.py build && python2 setup.py install
-
-# xfreerdp (see https://github.com/FreeRDP/FreeRDP/wiki/Compilation)
-RUN apt-get update && apt-get install -y ninja-build build-essential git-core debhelper cdbs dpkg-dev autotools-dev cmake pkg-config xmlto libssl-dev docbook-xsl xsltproc libxkbfile-dev libx11-dev libwayland-dev libxrandr-dev libxi-dev libxrender-dev libxext-dev libxinerama-dev libxfixes-dev libxcursor-dev libxv-dev libxdamage-dev libxtst-dev libcups2-dev libpcsclite-dev libasound2-dev libpulse-dev libjpeg-dev libgsm1-dev libusb-1.0-0-dev libudev-dev libdbus-glib-1-dev uuid-dev libxml2-dev libgstreamer1.0-dev libgstreamer-plugins-base1.0-dev libfaad-dev libfaac-dev \
- && apt-get install -y libavutil-dev libavcodec-dev libavresample-dev \
- && rm -rf /var/lib/apt/lists/*
+## xfreerdp (see https://github.com/FreeRDP/FreeRDP/wiki/Compilation)
 WORKDIR /opt/FreeRDP
-RUN git clone https://github.com/FreeRDP/FreeRDP/ .
-RUN cmake -DCMAKE_BUILD_TYPE=Debug -DWITH_SSE2=ON . && cmake --build . && cmake --build . --target install
+RUN apt-get update \
+ && apt-get install -y --no-install-recommends ninja-build build-essential git-core debhelper cdbs dpkg-dev autotools-dev cmake pkg-config xmlto libssl-dev docbook-xsl xsltproc libxkbfile-dev libx11-dev libwayland-dev libxrandr-dev libxi-dev libxrender-dev libxext-dev libxinerama-dev libxfixes-dev libxcursor-dev libxv-dev libxdamage-dev libxtst-dev libcups2-dev libpcsclite-dev libasound2-dev libpulse-dev libjpeg-dev libgsm1-dev libusb-1.0-0-dev libudev-dev libdbus-glib-1-dev uuid-dev libxml2-dev libgstreamer1.0-dev libgstreamer-plugins-base1.0-dev libfaad-dev libfaac-dev libsdl2-dev libcjson-dev libpkcs11-helper1-dev \
+ && apt-get install -y --no-install-recommends libavutil-dev libavcodec-dev libswresample-dev \
+ && rm -rf /var/lib/apt/lists/* \
+ && git clone https://github.com/FreeRDP/FreeRDP/ . \
+ && cmake -DCMAKE_BUILD_TYPE=Debug  -DWITH_CLIENT_SDL=OFF -DWITH_KRB5=OFF -DWITH_SWSCALE=OFF -DWITTH_SSE2=ON -DWITH_FUSE=OFF . \
+ && cmake --build . \
+ && cmake --build . --target install \
+ && cmake --build . --target clean \
+ && rm -rf /opt/FreeRDP
 
+# patator
 WORKDIR /opt/patator
 COPY ./requirements.txt ./
 RUN python3 -m pip install --upgrade pip \
   && python3 -m pip install -r requirements.txt
 
-RUN sed -e '/cx_Oracle/d' -e 's,pysqlcipher3,pysqlcipher,' requirements.txt | python2 -m pip install -r /dev/stdin
+# uncomment for python2
+# RUN apt-get update \
+#  && apt-get install -y --no-install-recommends python-pip ipython \
+#  && rm -rf /var/lib/apt/lists/* \
+#  && sed -e '/cx_Oracle/d' -e 's,pysqlcipher3,pysqlcipher,' requirements.txt | python2 -m pip install -r /dev/stdin \
+#  && git clone --branch 5.3 https://github.com/oracle/python-cx_Oracle \
+#  && cd python-cx_Oracle && export ORACLE_HOME=$(echo /opt/oracle/instantclient_*) && python2 setup.py build && python2 setup.py install
 
 # utils
-RUN apt-get update && apt-get install -y ipython3 ipython iputils-ping iproute2 netcat curl rsh-client telnet vim mlocate nmap \
-  && rm -rf /var/lib/apt/lists/*
-RUN echo 'set bg=dark' > /root/.vimrc
+RUN apt-get update \
+ && apt-get install -y --no-install-recommends ipython3 iputils-ping iproute2 netcat curl rsh-client telnet vim mlocate nmap \
+ && rm -rf /var/lib/apt/lists/* \
+ && echo 'set bg=dark' > /root/.vimrc
 
 COPY ./patator.py ./
 ENTRYPOINT ["python3", "./patator.py"]
diff --git a/patator.py b/patator.py
index 028d3cf..42c88e4 100755
--- a/patator.py
+++ b/patator.py
@@ -2754,6 +2754,7 @@ def connect(self, host, port, ssl, helo, starttls, timeout):
         resp = fp.helo(name)
 
     if not starttls == '0':
+      fp._host = host
       resp = fp.starttls()
 
     return TCP_Connection(fp, resp)
@@ -3569,7 +3570,11 @@ class MySQL_query(TCP_Cache):
   Response = Response_Base
 
   def connect(self, host, port, user, password):
-    fp = _mysql.connect(host=host, port=int(port), user=user, passwd=password) # db=db
+    if PY3:
+      fp = _mysql.connect(host=host, port=int(port), user=user, password=password) # db=db
+    else:
+      fp = _mysql.connect(host=host, port=int(port), user=user, passwd=password)
+
     return TCP_Connection(fp)
 
   def execute(self, host, port='3306', user='', password='', query='select @@version'):
@@ -4231,20 +4236,22 @@ class RDP_login:
 
   def execute(self, host, port='3389', user=None, password=None):
 
-    cmd = ['xfreerdp', '/v:%s:%d' % (host, int(port)), '/u:%s' % user, '/p:%s' % password, '/cert-ignore', '+auth-only', '/sec:nla', '/log-level:error']
+    cmd = ['xfreerdp', '/v:%s:%d' % (host, int(port)), '/u:%s' % user, '/p:%s' % password, '/cert:ignore', '/tls:seclevel:0', '+auth-only', '/sec:nla', '/log-level:error']
 
     with Timing() as timing:
       p = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
       out, err = map(B, p.communicate())
       code = p.returncode
 
+    mesg = []
+    m = re.search(' Authentication only, exit status (\d+)', err)
+    if m:
+      mesg.append(('exit', m.group(1)))
     m = re.search(' (ERR.+?) ', err)
     if m:
-      err = m.group(1)
-    elif 'Authentication only, exit status 0' in err:
-      err = 'OK'
+      mesg.append(('err', m.group(1)))
 
-    mesg = (out + err).strip()
+    mesg = ', '.join([f'{k}: {v}' for k, v in mesg])
     trace = '%s\n[out]\n%s\n[err]\n%s\n' % (' '.join(cmd), out, err)
 
     return self.Response(code, mesg, timing, trace)
@@ -4690,8 +4697,10 @@ def execute(self, host, server='8.8.8.8', timeout='5', protocol='udp'):
     with Timing() as timing:
       response = dns_query(server, int(timeout), protocol, dns.reversename.from_address(host), qtype='PTR', qclass='IN')
 
-    code = response.rcode()
-    status = dns.rcode.to_text(code)
+    rcode = response.rcode()
+    code = int(rcode)
+    status = dns.rcode.to_text(rcode)
+
     rrs = [[host, c, t, d] for _, _, c, t, d in [rr.to_text().split(' ', 4) for rr in response.answer]]
 
     mesg = '%s %s' % (status, ''.join('[%s]' % ' '.join(rr) for rr in rrs))
@@ -4732,8 +4741,10 @@ def execute(self, name, server='8.8.8.8', timeout='5', protocol='udp', qtype='AN
     with Timing() as timing:
       response = dns_query(server, int(timeout), protocol, name, qtype=qtype, qclass=qclass)
 
-    code = response.rcode()
-    status = dns.rcode.to_text(code)
+    rcode = response.rcode()
+    code = int(rcode)
+    status = dns.rcode.to_text(rcode)
+
     rrs = [[n, c, t, d] for n, _, c, t, d in [rr.to_text().split(' ', 4) for rr in response.answer + response.additional + response.authority]]
 
     mesg = '%s %s' % (status, ''.join('[%s]' % ' '.join(rr) for rr in rrs))
diff --git a/release.sh b/release.sh
index e9dd072..5f8e252 100755
--- a/release.sh
+++ b/release.sh
@@ -10,7 +10,7 @@ git clone -b master $GIT_REPO $TMP_COPY
 cd $TMP_COPY
 VERSION=$(echo `git tag|sort -V|tail -1`-`git rev-parse --verify HEAD|cut -b -7`)
 sed -i -e "s,^__version__.*$,__version__ = '$VERSION'," patator.py
-docker build . -t $DOCKER_IMAGE:$VERSION -t $DOCKER_IMAGE:latest 
+docker build . -t $DOCKER_IMAGE:$VERSION -t $DOCKER_IMAGE:latest
 
 docker login
 docker push $DOCKER_IMAGE
diff --git a/requirements.txt b/requirements.txt
index 2d4b3c9..f7da511 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -9,6 +9,6 @@ psycopg2-binary
 pycryptodomex
 dnspython
 IPy
-pysnmp
-pyasn1
+pysnmp==4.4.12
+pyasn1==0.4.8
 pysqlcipher3
diff --git a/run-tests.sh b/run-tests.sh
index c4123ad..aa630a8 100755
--- a/run-tests.sh
+++ b/run-tests.sh
@@ -1,28 +1,25 @@
 #!/bin/bash
 
-if ! type docker-compose &>/dev/null; then
-  echo 'docker-compose is required'
+if ! docker compose version &>/dev/null; then
+  echo 'docker compose is required'
   exit 1
 fi
 
+docker compose up -d --build
+
 case "$1" in
   python2|python3)
     PYTHON=$1
     ;;
   *)
-    docker-compose up -d --build
-
-    $0 python3
-    $0 python2
-
-    exit 0
+    PYTHON='python3'
   ;;
 esac
 
 UNIX='unix'
 ORACLE='oracle'
 MSSQL='mssql'
-WIN10='' # vagrant add senglin/win-7-enterprise
+WIN10='' # 192.168.1.5 # vagrant add senglin/win-7-enterprise
 VPN=''   #
 
 LOGS='-l ./asdf -y --hits ./hits.txt'
@@ -31,7 +28,7 @@ run()
 {
   echo
   echo "$ $@"
-  docker-compose run --no-deps --rm --entrypoint "$PYTHON patator.py" patator "$@"
+  docker compose run --no-deps --rm --entrypoint "$PYTHON patator.py" patator "$@"
 }
 
 echo
@@ -70,7 +67,7 @@ if [[ ! -z $WIN10 ]]; then
   run dcom_login host=$WIN10 user=vagranRANGE0 password=vagranRANGE0 0=lower:r-v
 
   xhost +si:localuser:root
-    run rdp_login host=$WIN10 user=vagranRANGE0 password=vagranRANGE0 0=lower:r-v
+  run rdp_login host=$WIN10 user=vagranRANGE0 password=vagranRANGE0 0=lower:r-v
   xhost -si:localuser:root
 fi
 
diff --git a/testing/unix/Dockerfile b/testing/unix/Dockerfile
index a1a027b..e833909 100644
--- a/testing/unix/Dockerfile
+++ b/testing/unix/Dockerfile
@@ -1,21 +1,41 @@
-FROM ubuntu:18.04
+FROM ubuntu:22.04
 
-MAINTAINER Sebastien Macke <lanjelot@gmail.com>
+ENV DEBIAN_FRONTEND=noninteractive
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
 RUN { for i in {3..5}; do useradd -m -s /bin/bash user$i; echo -e "Password$i\nPassword$i" | passwd user$i; done; } \
  && useradd -m user9 && echo -e 'p\x1fssw\x09rd\np\x1fssw\x09rd' | passwd user9
 
-ENV DEBIAN_FRONTEND=noninteractive 
+# utils
+RUN sed -i 's:^path-exclude=/usr/share/man:#path-exclude=/usr/share/man:' /etc/dpkg/dpkg.cfg.d/excludes \
+  && apt-get update \
+  && apt-get install -y --no-install-recommends man manpages-posix iproute2 mlocate lsof sudo vim less telnet finger rsh-client smbclient \
+  && rm -rf /var/lib/apt/lists/* \
+  && echo 'set bg=dark' > /root/.vimrc \
+  && usermod -aG sudo user3
 
-RUN apt-get update && apt-get install -y vsftpd openssh-server telnetd rsh-redone-server fingerd apache2 socat
+# services
+RUN apt-get update \
+  && apt-get install -y --no-install-recommends vsftpd openssh-server telnetd rsh-redone-server fingerd apache2 socat \
+  && rm -rf /var/lib/apt/lists/* \
+  && echo 'background=YES' >> /etc/vsftpd.conf \
+  && sed -i -e 's,start-stop-daemon --start --background,start-stop-daemon --start,' /etc/init.d/vsftpd
 
-RUN { echo "postfix postfix/mailname string ubuntu-bionic"; \
+RUN { echo "postfix postfix/mailname string ubuntu-blah"; \
       echo "postfix postfix/main_mailer_type string 'Internet Site'"; \
     } | debconf-set-selections \
-  && apt-get update && apt-get install -y postfix mail-stack-delivery \
-  && postconf -e 'smtpd_sasl_exceptions_networks='
+  && apt-get update && apt-get install -y --no-install-recommends postfix dovecot-pop3d dovecot-imapd \
+  && rm -rf /var/lib/apt/lists/* \
+  && postconf 'smtpd_sasl_exceptions_networks=' 'smtpd_sasl_auth_enable=yes' 'smtpd_sasl_type=dovecot' 'smtpd_sasl_path=private/dovecot-auth' \
+  && echo -e 'auth_mechanisms = plain login\n\
+service auth {\n\
+  unix_listener /var/spool/postfix/private/dovecot-auth {\n\
+    mode = 0660\n\
+    user = postfix\n\
+    group = postfix\n\
+  }\n\
+}\n' > /etc/dovecot/conf.d/99-blah.conf
 
 RUN echo 'ServerName localhost' >> /etc/apache2/apache2.conf \
   && mkdir /var/www/html/{wp,pma,bak} && echo secret > /var/www/html/key
@@ -29,36 +49,40 @@ RUN LDAPPW=Password1; \
     echo slapd slapd/domain string example.com; \
     echo slapd shared/organization string example.com;  \
   } | debconf-set-selections \
-  && apt-get update && apt-get install -y slapd ldap-utils
+  && apt-get update && apt-get install -y --no-install-recommends slapd ldap-utils \
+  && rm -rf /var/lib/apt/lists/*
 
 RUN MYSRP=Password1; \
   { echo "mysql-server mysql-server/root_password password $MYSRP"; \
     echo "mysql-server mysql-server/root_password_again password $MYSRP"; \
   } | debconf-set-selections \
-  && apt-get update && apt-get install -y mysql-server \
+  && apt-get update && apt-get install -y --no-install-recommends mysql-server \
+  && rm -rf /var/lib/apt/lists/* \
   && sed -i "s/bind-address.*/bind-address = 0.0.0.0/" /etc/mysql/mysql.conf.d/mysqld.cnf \
   && echo secure_file_priv= >> /etc/mysql/mysql.conf.d/mysqld.cnf \
-  && Q1="GRANT ALL ON *.* TO 'root'@'%' IDENTIFIED BY '$MYSRP' WITH GRANT OPTION;" \
-  && Q2="FLUSH PRIVILEGES;" \
-  && SQL="${Q1}${Q2}" \
   && rm -f /etc/apparmor.d/usr.sbin.mysqld \
   && service mysql start \
+  && Q1="CREATE USER 'root'@'%' identified by 'Password1';" \
+  && Q2="GRANT ALL PRIVILEGES ON *.* TO 'root'@'%';" \
+  && Q3="FLUSH PRIVILEGES;" \
+  && SQL="${Q1}${Q2}${Q3}" \
   && mysql -uroot -p"$MYSRP" -e "$SQL"
 
 RUN PGPW=Password1 \
-  && apt-get update && apt-get install -y postgresql \
-  && sed -ie 's,127.0.0.1/32,0.0.0.0/0,' /etc/postgresql/10/main/pg_hba.conf \
-  && sed -ie "s,^#listen_addresses = 'localhost',listen_addresses = '*'," /etc/postgresql/10/main/postgresql.conf \
+  && apt-get update && apt-get install -y --no-install-recommends postgresql \
+  && rm -rf /var/lib/apt/lists/* \
+  && sed -ie 's,127.0.0.1/32,0.0.0.0/0,' /etc/postgresql/14/main/pg_hba.conf \
+  && sed -ie "s,^#listen_addresses = 'localhost',listen_addresses = '*'," /etc/postgresql/14/main/postgresql.conf \
   && service postgresql start \
   && su - postgres -c "psql -c \"ALTER USER postgres WITH PASSWORD '$PGPW';\" -c '\\q'" \
   && su - postgres -c "PGPASSWORD='$PGPW' psql -d postgres -w --no-password -h localhost -p 5432 -t -c 'SELECT version()'"
 
-RUN apt-get update && apt-get install -y tomcat9 tomcat9-admin \
-  && TOMCATPW=Password1 \
+RUN apt-get update && apt-get install -y --no-install-recommends tomcat9 tomcat9-admin \
+  && rm -rf /var/lib/apt/lists/* \
   && echo '<?xml version="1.0" encoding="UTF-8"?><tomcat-users xmlns="http://tomcat.apache.org/xml" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd" version="1.0"><user username="tomcat" password="Password1" roles="manager-gui"/></tomcat-users>' > /etc/tomcat9/tomcat-users.xml \
-  && sed -ie 's,^.*Define an AJP .* Connector on port.*$,<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />,' /etc/tomcat9/server.xml \
+  && sed -ie 's,^.*Define an AJP .* Connector on port.*$,<Connector protocol="AJP/1.3" address="0.0.0.0" port="8009" redirectPort="8443" secretRequired="false"/>,' /etc/tomcat9/server.xml \
   && sed -ie 's,catalina.realm.LockOutRealm",catalina.realm.LockOutRealm" lockOutTime="0",' /etc/tomcat9/server.xml \
-  && echo -e "#!/bin/bash\n\
+  && echo -e "#!/bin/sh\n\
 export CATALINA_HOME=/usr/share/tomcat9\n\
 export CATALINA_BASE=/var/lib/tomcat9\n\
 export CATALINA_TMPDIR=/tmp\n\
@@ -67,37 +91,39 @@ export JAVA_OPTS=-Djava.awt.headless=true\n\
 /usr/libexec/tomcat9/tomcat-update-policy.sh\n\
 /usr/libexec/tomcat9/tomcat-start.sh &\n" > /usr/local/sbin/start-tomcat.sh
 
-RUN apt-get update && apt-get install -y dovecot-imapd dovecot-pop3d poppassd \
+RUN apt-get update && apt-get install -y --no-install-recommends dovecot-imapd dovecot-pop3d poppassd \
+  && rm -rf /var/lib/apt/lists/* \
   && sed -ie 's,^#login_trusted_networks = *$,login_trusted_networks = 0.0.0.0/0,' /etc/dovecot/dovecot.conf
 
-RUN apt-get update && apt-get install -y p7zip-full \
+RUN apt-get update && apt-get install -y --no-install-recommends p7zip-full \
+  && rm -rf /var/lib/apt/lists/* \
  && 7za a -pPassword1 /root/enc.zip /etc/passwd
 
-RUN apt-get update && apt-get install -y openjdk-11-jre-headless \
- && keytool -genkey -alias test -storepass Password1 -keypass Password1 -keystore /root/keystore.jks -dname "CN=a,OU=b,O=c,L=d,ST=e,C=f"
+RUN apt-get update && apt-get install -y --no-install-recommends openjdk-18-jre-headless \
+  && rm -rf /var/lib/apt/lists/* \
+  && keytool -genkey -alias test -storepass Password1 -keypass Password1 -keystore /root/keystore.jks -dname "CN=a,OU=b,O=c,L=d,ST=e,C=f" -keyalg RSA
 
-RUN apt-get update && apt-get install -y sqlcipher \
+RUN apt-get update && apt-get install -y --no-install-recommends sqlcipher \
+  && rm -rf /var/lib/apt/lists/* \
   && sqlcipher /root/enc.db "PRAGMA key = 'Password1';create table a(id int);"
 
 RUN echo -e 'user1:kW+7AlKMnSZQIRluNxwJOMiohAw=\nuser2:oBk37hmkFgZdZ247+g6c0Ay6Vw8=\nuser3:kW+7AlKMnSZQIRluNxwJOMiohAw=' > /root/umbraco_users.pw
 
-RUN apt-get update && apt-get install -y tightvncserver \
+RUN apt-get update && apt-get install -y --no-install-recommends tightvncserver xfonts-base \
+  && rm -rf /var/lib/apt/lists/* \
   && useradd -m vncuser && mkdir ~vncuser/.vnc && echo Password | vncpasswd -f > ~vncuser/.vnc/passwd \
   && chmod 400 ~vncuser/.vnc/passwd && chown -R vncuser:vncuser ~vncuser/.vnc
 
-# utils
-RUN sed -i 's:^path-exclude=/usr/share/man:#path-exclude=/usr/share/man:' /etc/dpkg/dpkg.cfg.d/excludes \
-  && apt-get update && apt-get install -y man manpages-posix iproute2 mlocate lsof sudo vim less \
-telnet finger rsh-client smbclient \
-  && echo 'set bg=dark' > /root/.vimrc \
-  && usermod -aG sudo user3
-
-RUN apt-get update && apt-get install -y samba \
+RUN apt-get update \
+  && apt-get install -y --no-install-recommends samba \
+  && rm -rf /var/lib/apt/lists/* \
   && { for i in {3..5}; do echo -e "Password$i\nPassword$i" | smbpasswd -a "user$i"; done; } \
   && sed -ie 's,map to guest =,#map to guest =,' /etc/samba/smb.conf
 
-RUN apt-get update && apt-get install -y snmpd snmp \
-  && sed -ie 's,agentAddress  udp:127.0.0.1:161,agentAddress  udp:161,' /etc/snmp/snmpd.conf \
+RUN apt-get update \
+  && apt-get install -y --no-install-recommends snmpd snmp \
+  && rm -rf /var/lib/apt/lists/* \
+  && sed -ie 's,^agentaddress .*$,agentaddress udp:161,' /etc/snmp/snmpd.conf \
   && echo 'createUser user3 SHA authPass AES privPass' >> /var/lib/snmp/snmpd.conf \
   && echo 'rouser user3 priv .1' >> /etc/snmp/snmpd.conf
 
@@ -108,10 +134,10 @@ service ssh start\n\
 service postfix start\n\
 service dovecot start\n\
 service apache2 start\n\
-service slapd start\n\
+ulimit -n 1024; service slapd start\n\
 service mysql start\n\
 service postgresql start\n\
-bash /usr/local/sbin/start-tomcat.sh\n\
+sh /usr/local/sbin/start-tomcat.sh\n\
 socat tcp-l:106,fork,reuseaddr exec:/usr/sbin/poppassd &\n\
 socat tcp-l:4444,fork,reuseaddr exec:\"echo -e 'W\xe1\xc0me'\" &\n\
 cp -v /root/enc.zip /root/keystore.jks /root/enc.db /root/umbraco_users.pw /opt/patator/\n\
@@ -120,4 +146,4 @@ service smbd start\n\
 service snmpd start\n\
 tail -f /dev/null\n" > /usr/local/sbin/start-all-services.sh
 
-CMD ["bash", "/usr/local/sbin/start-all-services.sh"]
+CMD ["sh", "/usr/local/sbin/start-all-services.sh"]
\ No newline at end of file

From f5d660f614590ea754f2ec86cc55b0f231b68080 Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Mon, 9 Oct 2023 16:43:45 +1100
Subject: [PATCH 61/74] Fix #198

---
 patator.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/patator.py b/patator.py
index 42c88e4..8dde965 100755
--- a/patator.py
+++ b/patator.py
@@ -2650,7 +2650,10 @@ def execute(self, host, port='22', user=None, password=None, auth_type='password
 # }}}
 
 # Telnet {{{
-from telnetlib import Telnet
+try:
+  from telnetlib import Telnet
+except ImportError:
+  notfound.append('telnetlib')
 
 class Telnet_login(TCP_Cache):
   '''Brute-force Telnet'''
@@ -5240,6 +5243,7 @@ def execute(self, data, data2='', delay='1'):
 
 dependencies = {
   'paramiko': [('ssh_login',), 'http://www.paramiko.org/', '2.7.1'],
+  'telnetlib': [('telnet_login',), 'telnetlib was removed in Python 3.13', '<= 3.12'],
   'pycurl': [('http_fuzz', 'rdp_gateway'), 'http://pycurl.io/', '7.43.0'],
   'libcurl': [('http_fuzz', 'rdp_gateway'), 'https://curl.haxx.se/', '7.58.0'],
   'ajpy': [('ajp_fuzz',), 'https://github.com/hypn0s/AJPy/', '0.0.4'],

From 204a12a7892ea60c199b5438cda3e2ca1f0cf4ec Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Mon, 9 Oct 2023 17:11:13 +1100
Subject: [PATCH 62/74] Release v1.0

---
 patator.py | 6 +++++-
 setup.py   | 2 +-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/patator.py b/patator.py
index 8dde965..7cb27f5 100755
--- a/patator.py
+++ b/patator.py
@@ -18,7 +18,7 @@
 __url__     = 'http://www.hsc.fr/ressources/outils/patator/'
 __git__     = 'https://github.com/lanjelot/patator'
 __twitter__ = 'https://twitter.com/lanjelot'
-__version__ = '0.9'
+__version__ = '1.0'
 __license__ = 'GPLv2'
 __pyver__   = '%d.%d.%d' % sys.version_info[0:3]
 __banner__  = 'Patator %s (%s) with python-%s' % (__version__, __git__, __pyver__)
@@ -615,6 +615,10 @@
 CHANGELOG
 ---------
 
+* v1.0 2023/10/09
+  - updated Dockerfile to ubuntu-22.04
+  - fixed bugs
+
 * v0.9 2020/07/26
   - fixed encoding bugs
   - new Dockerfile
diff --git a/setup.py b/setup.py
index 5a05cbb..fcf0f86 100644
--- a/setup.py
+++ b/setup.py
@@ -13,7 +13,7 @@ def parse_requirements(file):
 
 setup(
     name="patator",
-    version="0.9",
+    version="1.0",
     description="multi-purpose brute-forcer",
     long_description=long_description,
     url="https://github.com/lanjelot/patator",

From 20e800adb4153695ab0a1be466de2e8a6922cc18 Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Fri, 5 Jan 2024 11:45:32 +1100
Subject: [PATCH 63/74] Fix #205: pin FreeRDP version 2.9.0

---
 Dockerfile | 9 ++++-----
 patator.py | 4 ++--
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index df53652..31e9971 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -39,11 +39,10 @@ RUN apt-get update \
  && apt-get install -y --no-install-recommends ninja-build build-essential git-core debhelper cdbs dpkg-dev autotools-dev cmake pkg-config xmlto libssl-dev docbook-xsl xsltproc libxkbfile-dev libx11-dev libwayland-dev libxrandr-dev libxi-dev libxrender-dev libxext-dev libxinerama-dev libxfixes-dev libxcursor-dev libxv-dev libxdamage-dev libxtst-dev libcups2-dev libpcsclite-dev libasound2-dev libpulse-dev libjpeg-dev libgsm1-dev libusb-1.0-0-dev libudev-dev libdbus-glib-1-dev uuid-dev libxml2-dev libgstreamer1.0-dev libgstreamer-plugins-base1.0-dev libfaad-dev libfaac-dev libsdl2-dev libcjson-dev libpkcs11-helper1-dev \
  && apt-get install -y --no-install-recommends libavutil-dev libavcodec-dev libswresample-dev \
  && rm -rf /var/lib/apt/lists/* \
- && git clone https://github.com/FreeRDP/FreeRDP/ . \
- && cmake -DCMAKE_BUILD_TYPE=Debug  -DWITH_CLIENT_SDL=OFF -DWITH_KRB5=OFF -DWITH_SWSCALE=OFF -DWITTH_SSE2=ON -DWITH_FUSE=OFF . \
- && cmake --build . \
- && cmake --build . --target install \
- && cmake --build . --target clean \
+ && git clone --depth 1 --branch 2.9.0 https://github.com/freerdp/freerdp.git \
+ && cmake -B freerdp-build -S freerdp -DCMAKE_BUILD_TYPE=Debug -DWITH_CLIENT_SDL=OFF -DWITH_KRB5=OFF -DWITH_SWSCALE=OFF -DWITTH_SSE2=ON -DWITH_FUSE=OFF \
+ && cmake --build freerdp-build \
+ && cmake --install freerdp-build \
  && rm -rf /opt/FreeRDP
 
 # patator
diff --git a/patator.py b/patator.py
index 7cb27f5..606bbe1 100755
--- a/patator.py
+++ b/patator.py
@@ -18,7 +18,7 @@
 __url__     = 'http://www.hsc.fr/ressources/outils/patator/'
 __git__     = 'https://github.com/lanjelot/patator'
 __twitter__ = 'https://twitter.com/lanjelot'
-__version__ = '1.0'
+__version__ = '1.1-dev'
 __license__ = 'GPLv2'
 __pyver__   = '%d.%d.%d' % sys.version_info[0:3]
 __banner__  = 'Patator %s (%s) with python-%s' % (__version__, __git__, __pyver__)
@@ -4243,7 +4243,7 @@ class RDP_login:
 
   def execute(self, host, port='3389', user=None, password=None):
 
-    cmd = ['xfreerdp', '/v:%s:%d' % (host, int(port)), '/u:%s' % user, '/p:%s' % password, '/cert:ignore', '/tls:seclevel:0', '+auth-only', '/sec:nla', '/log-level:error']
+    cmd = ['xfreerdp', '/v:%s:%d' % (host, int(port)), '/u:%s' % user, '/p:%s' % password, '/cert:ignore', '/tls-seclevel:0', '+auth-only', '/sec:nla', '/log-level:error']
 
     with Timing() as timing:
       p = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)

From 41fd71b8bd7d2168909aef6d4741aab9ada7371c Mon Sep 17 00:00:00 2001
From: s0i37 <s0i37@work>
Date: Wed, 9 Oct 2024 02:19:56 +0500
Subject: [PATCH 64/74] added DCERPC enum/bruteforce/fuzzing

---
 patator.py | 49 ++++++++++++++++++++++++++++++++++++++-----------
 1 file changed, 38 insertions(+), 11 deletions(-)

diff --git a/patator.py b/patator.py
index 606bbe1..0981efa 100755
--- a/patator.py
+++ b/patator.py
@@ -2927,8 +2927,10 @@ def execute(self, host, port='79', user='', timeout='5'):
 
 # DCOM {{{
 try:
-  from impacket.dcerpc.v5.dcomrt import DCOMConnection
-  from impacket.dcerpc.v5.dcom import wmi
+  from impacket.dcerpc.v5 import transport
+  from impacket.uuid import uuidtup_to_bin
+  from impacket.dcerpc.v5.rpcrt import RPC_C_AUTHN_LEVEL_PKT_PRIVACY, RPC_C_AUTHN_LEVEL_NONE, RPC_C_AUTHN_WINNT, DCERPCException, rpc_status_codes
+  from impacket.dcerpc.v5.ndr import NDRCALL
 except ImportError:
   notfound.append('impacket')
 
@@ -2936,28 +2938,53 @@ class DCOM_login:
   '''Brute-force DCOM'''
 
   usage_hints = (
-    """%prog host=10.0.0.1 user='admin' password=FILE0 0=passwords.txt""",
+    """%prog host=10.0.0.1 port=49667 uuid=12345678-1234-ABCD-EF00-0123456789AB ver=1.0 user='admin' password=FILE0 0=passwords.txt (authtype=0/9/10/14/16/68/255 authlevel=1/2/3/4/5/6)""",
     )
 
   available_options = (
     ('host', 'target host'),
+    ('port', 'target port'),
+    ('uuid', 'UUID of RPC interface'),
+    ('ver', 'version of RPC interface'),
+    ('opnum', 'opnum of RPC interface'),
+    ('syntax', 'transfer syntax of RPC interface'),
+    ('domain', 'domains to test'),
     ('user', 'usernames to test'),
     ('password', 'passwords to test'),
-    ('domain', 'domains to test'),
+    ('lmhash', 'LM-hash to test'),
+    ('nthash', 'NT-hash to test'),
+    ('aeskey', 'AES-hash to test'),
+    ('tgt', 'TGT-ticket to test'),
+    ('tgs', 'TGS-ticket to test'),
+    ('authtype', 'auth type (security provider)'),
+    ('authlevel', 'auth level'),
     )
   available_actions = ()
 
   Response = Response_Base
 
-  def execute(self, host, user='', password='', domain=''):
-    dcom = DCOMConnection(host, user, password, domain)
+  def execute(self, host, port, uuid, ver, opnum='0', syntax='8a885d04-1ceb-11c9-9fe8-08002b104860:2.0', domain='', user='', password='', lmhash='', nthash='', aeskey=None, tgt=None, tgs=None, authtype=RPC_C_AUTHN_WINNT, authlevel=RPC_C_AUTHN_LEVEL_PKT_PRIVACY):
+    stringBinding = r'ncacn_ip_tcp:%s[%s]' % (host,port)
+    rpctransport = transport.DCERPCTransportFactory(stringBinding)
+    dce = rpctransport.get_dce_rpc()
+    dce.set_auth_type(int(authtype))
+    if user or password or lmhash or nthash or aeskey or tgt or tgs:
+      dce.set_credentials(user, password, domain, lmhash, nthash, aeskey, tgt, tgs)
+      dce.set_auth_level(int(authlevel))
+    else:
+      dce.set_auth_level(RPC_C_AUTHN_LEVEL_NONE)
+    timing = 0
     try:
+      dce.connect()
       with Timing() as timing:
-        iInterface = dcom.CoCreateInstanceEx(wmi.CLSID_WbemLevel1Login,wmi.IID_IWbemLevel1Login)
-        code, mesg = 0, 'OK'
-    except Exception as e:
-      code, mesg = 1, e.error_string
-    dcom.disconnect()
+        dce.bind(uuidtup_to_bin((uuid,ver)), transfer_syntax=syntax.split(":"))
+        dce.call(int(opnum), NDRCALL())
+        res = dce.recv()
+        code, mesg = 0, 'none'
+    except DCERPCException as e:
+      mesg = e.error_string
+      code = [key for key, val in rpc_status_codes.items() if val == mesg][0] if [key for key, val in rpc_status_codes.items() if val == mesg] else -1
+    dce.disconnect()
     return self.Response(code, mesg, timing)
 
 # }}}

From 72a06dac86f8c2a40083d9207512897d53f9a831 Mon Sep 17 00:00:00 2001
From: Gildasio Junior <gildasiojunior@riseup.net>
Date: Wed, 9 Oct 2024 21:22:29 -0300
Subject: [PATCH 65/74] Fix #214: update wrap_socket() usage

ssl.wrap_socket() does not exist anymore. The correct use is through
ssl.SSLContext().wrap_socket() since python 3.12.

https://docs.python.org/3/whatsnew/3.12.html#ssl
---
 patator.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/patator.py b/patator.py
index 606bbe1..95b88cd 100755
--- a/patator.py
+++ b/patator.py
@@ -972,7 +972,7 @@ def process_logs(queue, indicatorsfmt, argv, log_dir, runtime_file, csv_file, xm
 import ctypes
 import glob
 from xml.sax.saxutils import escape as xmlescape, quoteattr as xmlquoteattr
-from ssl import wrap_socket
+from ssl import SSLContext
 from binascii import hexlify, unhexlify
 
 PY3 = sys.version_info >= (3,)
@@ -3424,7 +3424,7 @@ def connect(self, host, port, timeout, ssl=False):
     banner = self.getresp()
 
     if ssl:
-      self.sock = wrap_socket(self.sock)
+      self.sock = SSLContext().wrap_socket(sock=self.sock)
 
     return banner # welcome banner
 
@@ -5151,7 +5151,7 @@ class TCP_fuzz:
   def execute(self, host, port, data='', timeout='2', ssl='0'):
     fp = socket.create_connection((host, port), int(timeout))
     if ssl != '0':
-      fp = wrap_socket(fp)
+      fp = SSLContext().wrap_socket(sock=fp)
     fp.send(unhexlify(data))
     #fp.send(b(data))
     with Timing() as timing:

From fa2b15844e6b436702bdcad6aa3a41288dca102c Mon Sep 17 00:00:00 2001
From: fuggles-5555 <chris20ish@hotmail.com>
Date: Fri, 8 Nov 2024 14:12:15 +0000
Subject: [PATCH 66/74] fixed errors and suppressed deprecation warning

---
 patator.py | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/patator.py b/patator.py
index a49a419..32ba6f7 100755
--- a/patator.py
+++ b/patator.py
@@ -449,7 +449,7 @@
   (b) Use regular expressions to extract the nonces that are to be submitted along the main request.
 ---------
 $ http_fuzz url=http://10.0.0.1/login method=POST body='user=admin&pass=FILE0&nonce1=_N1_&nonce2=_N2_' 0=passwords.txt accept_cookie=1 \
- before_urls=http://10.0.0.1/index before_egrep='_N1_:<input type="hidden" name="nonce1" value="(\w+)"|_N2_:name="nonce2" value="(\w+)"'
+ before_urls=http://10.0.0.1/index before_egrep='_N1_:<input type="hidden" name="nonce1" value="(\\w+)"|_N2_:name="nonce2" value="(\\w+)"'
  (a)                               (b)
 
 * Test the OPTIONS method against a list of URLs.
@@ -2655,7 +2655,11 @@ def execute(self, host, port='22', user=None, password=None, auth_type='password
 
 # Telnet {{{
 try:
-  from telnetlib import Telnet
+  # the following three lines suppress deprecation warnings for telnetlib in python3.13
+  import warnings
+  with warnings.catch_warnings():
+    warnings.simplefilter("ignore", DeprecationWarning)
+    from telnetlib import Telnet
 except ImportError:
   notfound.append('telnetlib')
 
@@ -2671,7 +2675,7 @@ class Telnet_login(TCP_Cache):
     ('host', 'target host'),
     ('port', 'target port [23]'),
     ('inputs', 'list of values to input'),
-    ('prompt_re', 'regular expression to match prompts [\w+:]'),
+    ('prompt_re', 'regular expression to match prompts [\\w+:]'),
     ('timeout', 'seconds to wait for a response and for prompt_re to match received data [20]'),
     )
   available_options += TCP_Cache.available_options
@@ -2684,7 +2688,7 @@ def connect(self, host, port, timeout):
 
     return TCP_Connection(fp)
 
-  def execute(self, host, port='23', inputs=None, prompt_re='\w+:', timeout='20', persistent='0'):
+  def execute(self, host, port='23', inputs=None, prompt_re='\\w+:', timeout='20', persistent='0'):
 
     with Timing() as timing:
       fp, _ = self.bind(host, port, timeout=timeout)
@@ -3385,7 +3389,7 @@ class Rlogin_login(TCP_Cache):
     ('luser', 'client username [root]'),
     ('user', 'usernames to test'),
     ('password', 'passwords to test'),
-    ('prompt_re', 'regular expression to match prompts [\w+:]'),
+    ('prompt_re', 'regular expression to match prompts [\\w+:]'),
     ('timeout', 'seconds to wait for a response and for prompt_re to match received data [10]'),
     )
   available_options += TCP_Cache.available_options
@@ -3407,7 +3411,7 @@ def connect(self, host, port, timeout):
 
     return TCP_Connection(fp)
 
-  def execute(self, host, port='513', luser='root', user='', password=None, prompt_re='\w+:', timeout='10', persistent='0'):
+  def execute(self, host, port='513', luser='root', user='', password=None, prompt_re='\\w+:', timeout='10', persistent='0'):
 
     fp, _ = self.bind(host, port, timeout=int(timeout))
 
@@ -4278,7 +4282,7 @@ def execute(self, host, port='3389', user=None, password=None):
       code = p.returncode
 
     mesg = []
-    m = re.search(' Authentication only, exit status (\d+)', err)
+    m = re.search(' Authentication only, exit status (\\d+)', err)
     if m:
       mesg.append(('exit', m.group(1)))
     m = re.search(' (ERR.+?) ', err)
@@ -4995,7 +4999,7 @@ def execute(self, host, port='500', transform='5,1,1,2', aggressive='0', groupna
 
     has_sa = 'SA=(' in out
     if has_sa:
-      mesg = 'Handshake returned: %s (%s)' % (re.search('SA=\((.+) LifeType', out).group(1), re.search('\t(.+) Mode Handshake returned', out).group(1))
+      mesg = 'Handshake returned: %s (%s)' % (re.search('SA=\\((.+) LifeType', out).group(1), re.search('\t(.+) Mode Handshake returned', out).group(1))
     else:
       try:
         mesg = out.strip().split('\n')[1].split('\t')[-1]

From 3f544cc4afd2e050382bb5d29c39c30546298be4 Mon Sep 17 00:00:00 2001
From: Gildasio Junior <gildasiojunior@riseup.net>
Date: Fri, 10 Jan 2025 09:00:01 -0300
Subject: [PATCH 67/74] Fix unzip problem

Some files are similar on both zip files, this way there is a prompt to
choose whether it must be extracted or not. Using `-n` unzip will not
overwrite existing files without any prompt, so docker build will
finally works.
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 31e9971..7b02ebd 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -26,7 +26,7 @@ RUN wget https://download.oracle.com/otn_software/linux/instantclient/instantcli
  && wget https://download.oracle.com/otn_software/linux/instantclient/instantclient-sdk-linuxx64.zip \
  && unzip instantclient-basiclite-linuxx64.zip \
  && rm -f instantclient-basiclite-linuxx64.zip \
- && unzip instantclient-sdk-linuxx64.zip \
+ && unzip -n instantclient-sdk-linuxx64.zip \
  && rm -f instantclient-sdk-linuxx64.zip \
  && cd /opt/oracle/instantclient_* \
  && rm -f *jdbc* *occi* *mysql* *README *jar uidrvci genezi adrci \

From 20e09ff8815cccc5973efd0fd92d85b9ff81fe66 Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Sun, 16 Feb 2025 15:50:13 +1100
Subject: [PATCH 68/74] Bump deps and support Python-3.13

---
 Dockerfile                     |  35 +-
 docker-compose.yml             |   7 +-
 Vagrantfile => old/Vagrantfile |   0
 patator.py                     | 925 ++++-----------------------------
 requirements.txt               |  27 +-
 run-tests.sh                   |  23 +-
 testing/unix/Dockerfile        |   1 -
 7 files changed, 133 insertions(+), 885 deletions(-)
 rename Vagrantfile => old/Vagrantfile (100%)

diff --git a/Dockerfile b/Dockerfile
index 7b02ebd..40f32da 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,4 @@
-FROM ubuntu:22.04
-
-ENV DEBIAN_FRONTEND=noninteractive 
+FROM python:3.13
 
 # dependencies
 RUN apt-get update \
@@ -8,12 +6,13 @@ RUN apt-get update \
   build-essential python3-setuptools \
   libcurl4-openssl-dev python3-dev libssl-dev \
   ldap-utils \
-  libmysqlclient-dev \
+  libmariadb-dev \
   libpq-dev \
   ike-scan unzip default-jdk \
   libsqlite3-dev \
   libsqlcipher-dev \
   python3-pip \
+  pkg-config \
  && rm -rf /var/lib/apt/lists/*
 
 ## cx_oracle
@@ -25,8 +24,8 @@ WORKDIR /opt/oracle
 RUN wget https://download.oracle.com/otn_software/linux/instantclient/instantclient-basiclite-linuxx64.zip \
  && wget https://download.oracle.com/otn_software/linux/instantclient/instantclient-sdk-linuxx64.zip \
  && unzip instantclient-basiclite-linuxx64.zip \
- && rm -f instantclient-basiclite-linuxx64.zip \
  && unzip -n instantclient-sdk-linuxx64.zip \
+ && rm -f instantclient-basiclite-linuxx64.zip \
  && rm -f instantclient-sdk-linuxx64.zip \
  && cd /opt/oracle/instantclient_* \
  && rm -f *jdbc* *occi* *mysql* *README *jar uidrvci genezi adrci \
@@ -36,14 +35,13 @@ RUN wget https://download.oracle.com/otn_software/linux/instantclient/instantcli
 ## xfreerdp (see https://github.com/FreeRDP/FreeRDP/wiki/Compilation)
 WORKDIR /opt/FreeRDP
 RUN apt-get update \
- && apt-get install -y --no-install-recommends ninja-build build-essential git-core debhelper cdbs dpkg-dev autotools-dev cmake pkg-config xmlto libssl-dev docbook-xsl xsltproc libxkbfile-dev libx11-dev libwayland-dev libxrandr-dev libxi-dev libxrender-dev libxext-dev libxinerama-dev libxfixes-dev libxcursor-dev libxv-dev libxdamage-dev libxtst-dev libcups2-dev libpcsclite-dev libasound2-dev libpulse-dev libjpeg-dev libgsm1-dev libusb-1.0-0-dev libudev-dev libdbus-glib-1-dev uuid-dev libxml2-dev libgstreamer1.0-dev libgstreamer-plugins-base1.0-dev libfaad-dev libfaac-dev libsdl2-dev libcjson-dev libpkcs11-helper1-dev \
- && apt-get install -y --no-install-recommends libavutil-dev libavcodec-dev libswresample-dev \
- && rm -rf /var/lib/apt/lists/* \
- && git clone --depth 1 --branch 2.9.0 https://github.com/freerdp/freerdp.git \
- && cmake -B freerdp-build -S freerdp -DCMAKE_BUILD_TYPE=Debug -DWITH_CLIENT_SDL=OFF -DWITH_KRB5=OFF -DWITH_SWSCALE=OFF -DWITTH_SSE2=ON -DWITH_FUSE=OFF \
- && cmake --build freerdp-build \
- && cmake --install freerdp-build \
- && rm -rf /opt/FreeRDP
+  && apt-get install -y --no-install-recommends ninja-build build-essential git-core debhelper cdbs dpkg-dev cmake cmake-curses-gui clang-format ccache opencl-c-headers ocl-icd-opencl-dev libmp3lame-dev libopus-dev libsoxr-dev libpam0g-dev pkg-config xmlto libssl-dev docbook-xsl xsltproc libxkbfile-dev libx11-dev libwayland-dev libxrandr-dev libxi-dev libxrender-dev libxext-dev libxinerama-dev libxfixes-dev libxcursor-dev libxv-dev libxdamage-dev libxtst-dev libcups2-dev libpcsclite-dev libasound2-dev libpulse-dev libgsm1-dev libusb-1.0-0-dev uuid-dev libxml2-dev libfaad-dev libsdl2-dev libsdl2-ttf-dev libcjson-dev libpkcs11-helper-dev liburiparser-dev libkrb5-dev libsystemd-dev libfuse3-dev libswscale-dev libcairo2-dev libavutil-dev libavcodec-dev libswresample-dev libwebkit2gtk-4.0-dev libpkcs11-helper1-dev \
+  && rm -rf /var/lib/apt/lists/* \
+  && git clone --depth 1 --branch 3.12.0 https://github.com/freerdp/freerdp.git \
+  && cmake -GNinja -B freerdp-build -S freerdp -DCMAKE_BUILD_TYPE=Debug -DCMAKE_SKIP_INSTALL_ALL_DEPENDENCY=ON -DWITH_SERVER=OFF -DWITH_SAMPLE=OFF -DWITH_PLATFORM_SERVER=OFF -DUSE_UNWIND=OFF -DWITH_SWSCALE=OFF -DWITH_FFMPEG=OFF -DWITH_WEBVIEW=OFF \
+  && cmake --build freerdp-build \
+  && cmake --install freerdp-build \
+  && rm -rf /opt/FreeRDP
 
 # patator
 WORKDIR /opt/patator
@@ -51,18 +49,11 @@ COPY ./requirements.txt ./
 RUN python3 -m pip install --upgrade pip \
   && python3 -m pip install -r requirements.txt
 
-# uncomment for python2
-# RUN apt-get update \
-#  && apt-get install -y --no-install-recommends python-pip ipython \
-#  && rm -rf /var/lib/apt/lists/* \
-#  && sed -e '/cx_Oracle/d' -e 's,pysqlcipher3,pysqlcipher,' requirements.txt | python2 -m pip install -r /dev/stdin \
-#  && git clone --branch 5.3 https://github.com/oracle/python-cx_Oracle \
-#  && cd python-cx_Oracle && export ORACLE_HOME=$(echo /opt/oracle/instantclient_*) && python2 setup.py build && python2 setup.py install
-
 # utils
 RUN apt-get update \
- && apt-get install -y --no-install-recommends ipython3 iputils-ping iproute2 netcat curl rsh-client telnet vim mlocate nmap \
+ && apt-get install -y --no-install-recommends iputils-ping iproute2 netcat-openbsd curl rsh-client telnet vim mlocate nmap \
  && rm -rf /var/lib/apt/lists/* \
+ && pip install -U IPython \
  && echo 'set bg=dark' > /root/.vimrc
 
 COPY ./patator.py ./
diff --git a/docker-compose.yml b/docker-compose.yml
index 02763dc..343916f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,9 +1,8 @@
-version: "3"
 services:
   unix:
     build: testing/unix
     image: patator-unix-testing
-#   ports:
+#    ports:
 #      - "21:21"
 #      - "22:22"
 #      - "23:23"
@@ -27,8 +26,8 @@ services:
 #      - "8009:8009"
 #      - "8080:8080"
 #      - "161:161/udp"
-    volumes:
-      - .:/opt/patator
+    # volumes:
+    #   - .:/opt/patator
 
   oracle:
     image: oracleinanutshell/oracle-xe-11g
diff --git a/Vagrantfile b/old/Vagrantfile
similarity index 100%
rename from Vagrantfile
rename to old/Vagrantfile
diff --git a/patator.py b/patator.py
index 32ba6f7..422b104 100755
--- a/patator.py
+++ b/patator.py
@@ -1,7 +1,5 @@
 #!/usr/bin/env python3
 
-# Copyright (C) 2012 Sebastien MACKE
-#
 # This program is free software; you can redistribute it and/or modify it under
 # the terms of the GNU General Public License version 2, as published by the
 # Free Software Foundation
@@ -14,682 +12,13 @@
 import sys
 
 __author__  = 'Sebastien Macke'
-__email__   = 'patator@hsc.fr'
-__url__     = 'http://www.hsc.fr/ressources/outils/patator/'
+__url__     = 'http://web.archive.org/web/20240120232843/http://www.hsc.fr/ressources/outils/patator/'
 __git__     = 'https://github.com/lanjelot/patator'
-__twitter__ = 'https://twitter.com/lanjelot'
 __version__ = '1.1-dev'
 __license__ = 'GPLv2'
 __pyver__   = '%d.%d.%d' % sys.version_info[0:3]
 __banner__  = 'Patator %s (%s) with python-%s' % (__version__, __git__, __pyver__)
 
-# README {{{
-'''
-INTRODUCTION
-------------
-
-* What ?
-
-Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.
-
-Currently it supports the following modules:
-  + ftp_login      : Brute-force FTP
-  + ssh_login      : Brute-force SSH
-  + telnet_login   : Brute-force Telnet
-  + smtp_login     : Brute-force SMTP
-  + smtp_vrfy      : Enumerate valid users using SMTP VRFY
-  + smtp_rcpt      : Enumerate valid users using SMTP RCPT TO
-  + finger_lookup  : Enumerate valid users using Finger
-  + http_fuzz      : Brute-force HTTP
-  + rdp_gateway    : Brute-force RDP Gateway
-  + ajp_fuzz       : Brute-force AJP
-  + pop_login      : Brute-force POP3
-  + pop_passd      : Brute-force poppassd (http://netwinsite.com/poppassd/)
-  + imap_login     : Brute-force IMAP4
-  + ldap_login     : Brute-force LDAP
-  + dcom_login     : Brute-force DCOM
-  + smb_login      : Brute-force SMB
-  + smb_lookupsid  : Brute-force SMB SID-lookup
-  + rlogin_login   : Brute-force rlogin
-  + vmauthd_login  : Brute-force VMware Authentication Daemon
-  + mssql_login    : Brute-force MSSQL
-  + oracle_login   : Brute-force Oracle
-  + mysql_login    : Brute-force MySQL
-  + mysql_query    : Brute-force MySQL queries
-  * rdp_login      : Brute-force RDP (NLA)
-  + pgsql_login    : Brute-force PostgreSQL
-  + vnc_login      : Brute-force VNC
-
-  + dns_forward    : Forward DNS lookup
-  + dns_reverse    : Reverse DNS lookup
-  + snmp_login     : Brute-force SNMP v1/2/3
-  + ike_enum       : Enumerate IKE transforms
-
-  + unzip_pass     : Brute-force the password of encrypted ZIP files
-  + keystore_pass  : Brute-force the password of Java keystore files
-  + sqlcipher_pass : Brute-force the password of SQLCipher-encrypted databases
-  + umbraco_crack  : Crack Umbraco HMAC-SHA1 password hashes
-
-  + tcp_fuzz       : Fuzz TCP services
-  + dummy_test     : Testing module
-
-Future modules to be implemented:
-  - rdp_login w/no NLA
-
-The name "Patator" comes from https://www.youtube.com/watch?v=9sF9fTALhVA
-
-* Why ?
-
-Basically, I got tired of using Medusa, Hydra, Ncrack, Metasploit auxiliary modules, Nmap NSE scripts and the like because:
-  - they either do not work or are not reliable (got me false negatives several times in the past)
-  - they are not flexible enough (how to iterate over all wordlists, fuzz any module parameter)
-  - they lack useful features (display progress or pause during execution)
-
-
-FEATURES
---------
-  * No false negatives, as it is the user that decides what results to ignore based on:
-      + status code of response
-      + size of response
-      + matching string or regex in response data
-      + ... see --help
-
-  * Modular design
-      + not limited to network modules (eg. the unzip_pass module)
-      + not limited to brute-forcing (eg. remote exploit testing, or vulnerable version probing)
-
-  * Interactive runtime
-      + show progress during execution (press Enter)
-      + pause/unpause execution (press p)
-      + increase/decrease verbosity
-      + add new actions & conditions during runtime (eg. to exclude more types of response from showing)
-      + ... press h to see all available interactive commands
-
-  * Use persistent connections (ie. will test several passwords until the server disconnects)
-
-  * Multi-threaded
-
-  * Flexible user input
-    - Any module parameter can be fuzzed:
-      + use the FILE keyword to iterate over a file
-      + use the COMBO keyword to iterate over a combo file
-      + use the NET keyword to iterate over every hosts of a network subnet
-      + use the RANGE keyword to iterate over hexadecimal, decimal or alphabetical ranges
-      + use the PROG keyword to iterate over the output of an external program
-
-    - Iteration over the joined wordlists can be done in any order
-
-  * Save every response (along with request) to separate log files for later reviewing
-
-
-INSTALL
--------
-
-* Dependencies (best tested versions)
-
-                 |  Required for  |                        URL                         | Version |
---------------------------------------------------------------------------------------------------
-paramiko         | SSH            | http://www.lag.net/paramiko/                       |   2.7.1 |
---------------------------------------------------------------------------------------------------
-pycurl           | HTTP           | http://pycurl.sourceforge.net/                     |  7.43.0 |
---------------------------------------------------------------------------------------------------
-libcurl          | HTTP           | https://curl.haxx.se/                              |  7.58.0 |
---------------------------------------------------------------------------------------------------
-ajpy             | AJP            | https://github.com/hypn0s/AJPy/                    |   0.0.4 |
---------------------------------------------------------------------------------------------------
-openldap         | LDAP           | http://www.openldap.org/                           |  2.4.45 |
---------------------------------------------------------------------------------------------------
-impacket         | SMB, MSSQL     | https://github.com/CoreSecurity/impacket           |  0.9.20 |
---------------------------------------------------------------------------------------------------
-pyOpenSSL        | impacket       | https://pyopenssl.org/                             |  19.1.0 |
---------------------------------------------------------------------------------------------------
-cx_Oracle        | Oracle         | http://cx-oracle.sourceforge.net/                  |   7.3.0 |
---------------------------------------------------------------------------------------------------
-mysqlclient      | MySQL          | https://github.com/PyMySQL/mysqlclient-python      |   1.4.6 |
---------------------------------------------------------------------------------------------------
-xfreerdp         | RDP (NLA)      | https://github.com/FreeRDP/FreeRDP/                |   1.2.0 |
---------------------------------------------------------------------------------------------------
-psycopg          | PostgreSQL     | http://initd.org/psycopg/                          |   2.8.4 |
---------------------------------------------------------------------------------------------------
-pycrypto         | VNC, impacket  | http://www.dlitz.net/software/pycrypto/            |   2.6.1 |
---------------------------------------------------------------------------------------------------
-dnspython        | DNS            | http://www.dnspython.org/                          |  1.16.0 |
---------------------------------------------------------------------------------------------------
-IPy              | NET keyword    | https://github.com/haypo/python-ipy                |     1.0 |
---------------------------------------------------------------------------------------------------
-pysnmp           | SNMP           | http://pysnmp.sourceforge.net/                     |  4.4.12 |
---------------------------------------------------------------------------------------------------
-pyasn1           | SNMP, impacket | http://sourceforge.net/projects/pyasn1/            |   0.4.8 |
---------------------------------------------------------------------------------------------------
-ike-scan         | IKE            | http://www.nta-monitor.com/tools-resources/        |     1.9 |
---------------------------------------------------------------------------------------------------
-unzip            | ZIP passwords  | http://www.info-zip.org/                           |     6.0 |
---------------------------------------------------------------------------------------------------
-Java             | keystore files | http://www.oracle.com/technetwork/java/javase/     |       6 |
---------------------------------------------------------------------------------------------------
-pysqlcipher3     | SQLCipher      | https://github.com/rigglemania/pysqlcipher3        |   1.0.3 |
---------------------------------------------------------------------------------------------------
-python           |                | http://www.python.org/                             |     3.6 |
---------------------------------------------------------------------------------------------------
-
-* Shortcuts (optional)
-ln -s path/to/patator.py /usr/bin/ftp_login
-ln -s path/to/patator.py /usr/bin/http_fuzz
-etc.
-
-
-USAGE
------
-
-$ python patator.py <module> -h # or
-$ <module> -h                   # if shortcuts were created
-
-There are global options and module options:
-  - all global options start with - or --
-  - all module options are of the form option=value
-
-All module options are fuzzable:
----------
-./module host=FILE0 port=FILE1 foobar=FILE2.google.FILE3 0=hosts.txt 1=ports.txt 2=foo.txt 3=bar.txt
-
-If a module option starts with the @ character, data will be loaded from the given filename.
-$ ./http_fuzz raw_request=@req.txt 0=vhosts.txt 1=uagents.txt
-
-The keywords (FILE, COMBO, NET, ...) act as place-holders. They indicate the type of wordlist
-and where to replace themselves with the actual words to test.
-
-Each keyword is numbered in order to:
-  - match the corresponding wordlist
-  - and indicate in what order to iterate over all the wordlists
-
-For example, this would be the classic order:
----------
-$ ./module host=FILE0 user=FILE1 password=FILE2 0=hosts.txt 1=logins.txt 2=passwords.txt
-10.0.0.1 root password
-10.0.0.1 root 123456
-10.0.0.1 root qsdfghj
-... (trying all passwords before testing next login)
-10.0.0.1 admin password
-10.0.0.1 admin 123456
-10.0.0.1 admin qsdfghj
-... (trying all logins before testing next host)
-10.0.0.2 root password
-...
-
-While a more effective order might be:
----------
-$ ./module host=FILE2 user=FILE1 password=FILE0 2=hosts.txt 1=logins.txt 0=passwords.txt
-10.0.0.1 root password
-10.0.0.2 root password
-10.0.0.1 admin password
-10.0.0.2 admin password
-10.0.0.1 root 123456
-10.0.0.2 root 123456
-10.0.0.1 admin 123456
-...
-
-By default Patator iterates over the cartesian product of all payload sets. Use
-the --groups option to iterate over sets simultaneously instead. For example to
-distribute all payloads among identical servers:
----------
-$ ./module name=FILE0.FILE1 resolver=FILE2 0=names.txt 1=domains.txt 2=ips.txt --groups 0,1:2
-ftp.abc.fr 8.8.8.8
-ftp.xyz.fr 8.8.4.4
-git.abc.fr 8.8.8.8
-git.xyz.fr 8.8.4.4
-www.abc.fr 8.8.8.8
-www.xyz.fr 8.8.4.4
-
-The numbers of every keyword given on the command line must be specified.
-Use ',' to iterate over the cartesian product of sets and use ':' to iterate
-over sets simultaneously.
-
-
-* Keywords
-
-Brute-force a list of hosts with a file containing combo entries (each line => login:password).
----------
-./module host=FILE0 user=COMBO10 password=COMBO11 0=hosts.txt 1=combos.txt
-
-Scan subnets to just grab version banners.
----------
-./module host=NET0 0=10.0.1.0/24,10.0.2.0/24,10.0.3.128-10.0.3.255
-
-Fuzz a parameter by iterating over a range of values.
----------
-./module param=RANGE0 0=hex:0x00-0xffff
-./module param=RANGE0 0=int:0-500
-./module param=RANGE0 0=lower:a-zzz
-
-Fuzz a parameter by iterating over the output of an external program.
----------
-./module param=PROG0 0='john -stdout -i'
-./module param=PROG0 0='mp64.bin ?l?l?l',$(mp64.bin --combination ?l?l?l) # http://hashcat.net/wiki/doku.php?id=maskprocessor
-
-
-* Actions & Conditions
-
-Use the -x option to do specific actions upon receiving specific responses. For example:
-
-Ignore responses with status code 200 *AND* a size within a specific range.
----------
-./module host=10.0.0.1 user=FILE0 -x ignore:code=200,size=57-74
-
-Ignore responses with status code 500 *OR* containing "Internal error".
----------
-./module host=10.0.0.1 user=FILE0 -x ignore:code=500 -x ignore:fgrep='Internal error'
-
-Remember that conditions are ANDed within the same -x option, use multiple -x options to
-specify ORed conditions.
-
-
-* Actions skip and free
-
-Stop testing the same value from keyword #0 after a valid combination is found.
----------
-./module data=FILE0.FILE1 -x skip=0:fgrep=Success
-
-Stop testing the same combination after a valid match is found.
----------
-./module data=FILE0.FILE1 data2=RANGE2 -x free=data:fgrep=Success
-
-* Failures
-
-During execution, failures may happen, such as a TCP connect timeout for
-example. By definition a failure is an exception that the module does not expect,
-and as a result the exception is caught upstream by the controller.
-
-Such exceptions, or failures, are not immediately reported to the user, the
-controller will retry 4 more times (see --max-retries) before reporting the
-failed payload to the user with the logging level "FAIL".
-
-
-* Read carefully the following examples to get a good understanding of how patator works.
-{{{ FTP
-
-* Brute-force authentication. Do not report wrong passwords.
----------
-$ ftp_login host=10.0.0.1 user=FILE0 password=FILE1 0=logins.txt 1=passwords.txt -x ignore:mesg='Login incorrect.'
-
-NB0. If you get errors like "500 OOPS: priv_sock_get_cmd", use -x ignore,reset,retry:code=500
-     in order to retry the last login/password using a new TCP connection. Odd servers like vsftpd
-     return this when they shut down the TCP connection (ie. max login attempts reached).
-
-NB1. If you get errors like "too many connections from your IP address", try decreasing the number of
-     threads, the server may be enforcing a maximum number of concurrent connections.
-
-* Same as before, but stop testing a user after his password is found.
----------
-$ ftp_login ... -x free=user:code=0
-
-
-* Find anonymous FTP servers on a subnet.
----------
-$ ftp_login host=NET0 user=anonymous password=test@example.com 0=10.0.0.0/24
-
-}}}
-{{{ SSH
-* Brute-force authentication with password same as login (aka single mode). Do not report wrong passwords.
----------
-$ ssh_login host=10.0.0.1 user=FILE0 password=FILE0 0=logins.txt -x ignore:mesg='Authentication failed.'
-
-NB. If you get errors like "Error reading SSH protocol banner ... Connection reset by peer",
-    try decreasing the number of threads, the server may be enforcing a maximum
-    number of concurrent connections (eg. MaxStartups in OpenSSH).
-
-
-* Brute-force several hosts and stop testing a host after a valid password is found.
----------
-$ ssh_login host=FILE0 user=FILE1 password=FILE2 0=hosts.txt 1=logins.txt 2=passwords.txt -x free=host:code=0
-
-
-* Same as previous, but stop testing a user on a host after his password is found.
----------
-$ ssh_login host=FILE0 user=FILE1 password=FILE2 0=hosts.txt 1=logins.txt 2=passwords.txt -x free=host+user:code=0
-
-}}}
-{{{ Telnet
-
-* Brute-force authentication.
-  (a) Enter login after first prompt is detected, enter password after second prompt.
-  (b) The regex to detect the login and password prompts.
-  (c) Reconnect when we get no login prompt back (max number of tries reached or successful login).
-------------                 (a)
-$ telnet_login host=10.0.0.1 inputs='FILE0\nFILE1' 0=logins.txt 1=passwords.txt \
-    prompt_re='tux login:|Password:' -x reset:egrep!='Login incorrect.+tux login:'
-    (b)                              (c)
-
-NB. If you get errors like "telnet connection closed", try decreasing the number of threads,
-    the server may be enforcing a maximum number of concurrent connections.
-
-}}}
-{{{ SMTP
-
-* Enumerate valid users using the VRFY command.
-  (a) Do not report invalid recipients.
-  (b) Do not report when the server shuts us down with "421 too many errors", reconnect and resume testing.
----------                                         (a)
-$ smtp_vrfy host=10.0.0.1 user=FILE0 0=logins.txt -x ignore:fgrep='User unknown in local recipient table' \
-    -x ignore,reset,retry:code=421
-    (b)
-
-* Use the RCPT TO command in case the VRFY command is not available.
----------
-$ smtp_rcpt host=10.0.0.1 user=FILE0@localhost 0=logins.txt helo='ehlo mx.fb.com' mail_from=root
-
-
-* Brute-force authentication.
-  (a) Send a fake hostname (by default your host fqdn is sent)
----------                  (a)
-$ smtp_login host=10.0.0.1 helo='ehlo its.me.com' user=FILE0@dom.com password=FILE1 0=logins.txt 1=passwords.txt
-
-}}}
-{{{ HTTP
-
-* Find hidden web resources.
-  (a) Use a specific header.
-  (b) Follow redirects.
-  (c) Do not report 404 errors.
-  (d) Retry on 500 errors.
----------                                          (a)
-$ http_fuzz url=http://localhost/FILE0 0=words.txt header='Cookie: SESSID=A2FD8B2DA4' \
-    follow=1 -x ignore:code=404 -x ignore,retry:code=500
-    (b)      (c)                (d)
-
-NB. You may be able to go 10 times faster using webef (http://www.hsc.fr/ressources/outils/webef/).
-    It is the fastest HTTP brute-forcer I know, yet at the moment it still lacks useful features
-    that will prevent you from performing the following attacks.
-
-* Brute-force phpMyAdmin logon.
-  (a) Use POST requests.
-  (b) Follow redirects using cookies sent by server.
-  (c) Ignore failed authentications.
----------                                            (a)         (b)      (b)
-$ http_fuzz url=http://10.0.0.1/phpmyadmin/index.php method=POST follow=1 accept_cookie=1 \
-    body='pma_username=root&pma_password=FILE0&server=1&lang=en' 0=passwords.txt \
-    -x ignore:fgrep='Cannot log in to the MySQL server'
-    (c)
-
-* Scan subnet for directory listings.
-  (a) Ignore not matching responses.
-  (b) Save matching responses into directory.
----------
-$ http_fuzz url=http://NET0/FILE1 0=10.0.0.0/24 1=dirs.txt -x ignore:fgrep!='Index of' \
-    -l /tmp/directory-listings                             (a)
-    (b)
-
-* Brute-force Basic authentication.
-  (a) Single mode (login == password).
-  (b) Do not report failed login attempts.
----------
-$ http_fuzz url=http://10.0.0.1/manager/html user_pass=FILE0:FILE0 0=logins.txt -x ignore:code=401
-                                             (a)                                (b)
-
-* Find hidden virtual hosts.
-  (a) Read template from file.
-  (b) Fuzz both the Host and User-Agent headers.
-  (c) Stop testing a virtual host name after a valid one is found.
----------
-$ echo -e 'Host: FILE0\nUser-Agent: FILE1' > headers.txt
-$ http_fuzz url=http://10.0.0.1/ header=@headers.txt 0=vhosts.txt 1=agents.txt -x skip=0:code!=404
-                                 (a)                (b)                           (c)
-
-* Brute-force logon using GET requests.
-  (a) Encode everything surrounded by the two tags _@@_ in hexadecimal.
-  (b) Ignore HTTP 200 responses with a content size (header+body) within given range
-      and that also contain the given string.
-  (c) Use a different delimiter string because the comma cannot be escaped.
----------                                                                     (a)
-$ http_fuzz url='http://10.0.0.1/login?username=admin&password=_@@_FILE0_@@_' -e _@@_:hex \
-    0=words.txt -x ignore:'code=200|size=1500-|fgrep=Welcome, unauthenticated user' -X '|'
-                (b)                                                                 (c)
-
-* Brute-force logon that enforces two random nonces to be submitted along every POST.
-  (a) First, request the page that provides the nonces as hidden input fields.
-  (b) Use regular expressions to extract the nonces that are to be submitted along the main request.
----------
-$ http_fuzz url=http://10.0.0.1/login method=POST body='user=admin&pass=FILE0&nonce1=_N1_&nonce2=_N2_' 0=passwords.txt accept_cookie=1 \
- before_urls=http://10.0.0.1/index before_egrep='_N1_:<input type="hidden" name="nonce1" value="(\\w+)"|_N2_:name="nonce2" value="(\\w+)"'
- (a)                               (b)
-
-* Test the OPTIONS method against a list of URLs.
-  (a) Ignore URLs that only allow the HEAD and GET methods.
-  (b) Header end of line is '\r\n'.
-  (c) Use a different delimiter string because the comma cannot be escaped.
----------
-$ http_fuzz url=FILE0 0=urls.txt method=OPTIONS -x ignore:egrep='^Allow: HEAD, GET\r$' -X '|'
-                                                (a)                               (b)  (c)
-}}}
-{{{ LDAP
-
-* Brute-force authentication.
-  (a) Do not report wrong passwords.
-  (b) Talk SSL/TLS to port 636.
----------
-$ ldap_login host=10.0.0.1 binddn='cn=FILE0,dc=example,dc=com' 0=logins.txt bindpw=FILE1 1=passwords.txt \
-    -x ignore:mesg='ldap_bind: Invalid credentials (49)' ssl=1 port=636
-    (a)                                                  (b)
-}}}
-{{{ SMB
-
-* Brute-force authentication.
----------
-$ smb_login host=10.0.0.1 user=FILE0 password=FILE1 0=logins.txt 1=passwords.txt -x ignore:fgrep=STATUS_LOGON_FAILURE
-
-NB. If you suddenly get STATUS_ACCOUNT_LOCKED_OUT errors for an account although
-    it is not the first password you test on this account, then you must have locked it.
-
-* Pass-the-hash.
-  (a) Test a list of hosts.
-  (b) Test every user (each line := login:rid:LM hash:NT hash).
----------
-$ smb_login host=FILE0 0=hosts.txt user=COMBO10 password_hash=COMBO12:COMBO13 1=pwdump.txt -x ...
-            (a)                                 (b)
-}}}
-{{{ rlogin
-
-* Brute-force usernames that root might be allowed to login as with no password (eg. a ~/.rhosts file with the line "+ root").
-$ rlogin_login host=10.0.0.1 luser=root user=FILE0 0=logins.txt persistent=0 -x ignore:fgrep=Password:
-
-* Brute-force usernames that might be allowed to login as root with no password (eg. a /root/.rhosts file with the line "+ john").
-$ rlogin_login host=10.0.0.1 user=root luser=FILE0 0=logins.txt persistent=0 -x ignore:fgrep=Password:
-
-}}}
-{{{ MSSQL
-
-* Brute-force authentication.
------------
-$ mssql_login host=10.0.0.1 user=sa password=FILE0 0=passwords.txt -x ignore:fgrep='Login failed for user'
-
-}}}
-{{{ Oracle
-Beware, by default in Oracle, accounts are permanently locked out after 10 wrong passwords,
-except for the SYS account.
-
-* Brute-force authentication.
-------------
-$ oracle_login host=10.0.0.1 user=SYS password=FILE0 0=passwords.txt sid=ORCL -x ignore:code=ORA-01017
-
-NB0. With Oracle 10g XE (Express Edition), you do not need to pass a SID.
-
-NB1. If you get ORA-12516 errors, it may be because you reached the limit of
-     concurrent connections or db processes, try using "--rate-limit 0.5 -t 2" to be
-     more polite. Also you can run "alter system set processes=150 scope=spfile;"
-     and restart your database to get rid of this.
-
-* Brute-force SID.
-------------
-$ oracle_login host=10.0.0.1 sid=FILE0 0=sids.txt -x ignore:code=ORA-12505
-
-NB. Against Oracle9, it may crash (Segmentation fault) as soon as a valid SID is
-    found (cx_Oracle bug). Sometimes, the SID gets printed out before the crash,
-    so try running the same command again if it did not.
-
-}}}
-{{{ MySQL
-
-* Brute-force authentication.
------------
-$ mysql_login host=10.0.0.1 user=FILE0 password=FILE0 0=logins.txt -x ignore:fgrep='Access denied for user'
-
-}}}
-{{{ PostgreSQL
-
-* Brute-force authentication.
------------
-$ pgsql_login host=10.0.0.1 user=postgres password=FILE0 0=passwords.txt -x ignore:fgrep='password authentication failed'
-
-}}}
-{{{ VNC
-Some VNC servers have built-in anti-bruteforce functionality that temporarily
-blacklists the attacker IP address after too many wrong passwords.
- - RealVNC-4.1.3 or TightVNC-1.3.10 for example, allow 5 failed attempts and
-   then enforce a 10 second delay. For each subsequent failed attempt that
-   delay is doubled.
- - RealVNC-3.3.7 or UltraVNC allow 6 failed attempts and then enforce a 10
-   second delay between each following attempt.
-
-* Brute-force authentication.
-  (a) No need to use more than one thread.
-  (b) Keep retrying the same password when we are blacklisted by the server.
-  (c) Exit execution as soon as a valid password is found.
----------                                                (a)
-$ vnc_login host=10.0.0.1 password=FILE0 0=passwords.txt --threads 1 \
-    -x retry:fgrep!='Authentication failure' --max-retries -1 -x quit:code=0
-    (b)                                      (b)              (c)
-}}}
-{{{ DNS
-
-* Brute-force subdomains.
-  (a) Ignore NXDOMAIN responses (rcode 3).
------------
-$ dns_forward name=FILE0.google.com 0=names.txt -x ignore:code=3
-                                                (a)
-* Brute-force domain with every possible TLDs.
------------
-$ dns_forward name=google.MOD0 0=TLD -x ignore:code=3
-
-* Brute-force SRV records.
------------
-$ dns_forward name=MOD0.microsoft.com 0=SRV qtype=SRV -x ignore:code=3
-
-* Grab the version of several hosts.
------------
-$ dns_forward server=FILE0 0=hosts.txt name=version.bind qtype=txt qclass=ch
-
-* Reverse lookup several networks.
-  (a) Ignore names that do not contain 'google.com'.
-  (b) Ignore generic PTR records.
------------
-$ dns_reverse host=NET0 0=216.239.32.0-216.239.47.255,8.8.8.0/24 -x ignore:code=3 -x ignore:fgrep!=google.com -x ignore:fgrep=216-239-
-                                                                                  (a)                         (b)
-}}}
-{{{ SNMP
-
-* SNMPv1/2 : Find valid community names.
-----------
-$ snmp_login host=10.0.0.1 community=FILE0 0=names.txt -x ignore:mesg='No SNMP response received before timeout'
-
-
-* SNMPv3 : Find valid usernames.
-----------
-$ snmp_login host=10.0.0.1 version=3 user=FILE0 0=logins.txt -x ignore:mesg=unknownUserName
-
-
-* SNMPv3 : Find valid passwords.
-----------
-$ snmp_login host=10.0.0.1 version=3 user=myuser auth_key=FILE0 0=passwords.txt -x ignore:mesg=wrongDigest
-
-NB0. If you get "notInTimeWindow" error messages, increase the retries option.
-NB1. SNMPv3 requires passphrases to be at least 8 characters long.
-
-}}}
-{{{ Unzip
-
-* Brute-force the ZIP file password (cracking older pkzip encryption used to be not supported in JtR).
-----------
-$ unzip_pass zipfile=file.zip password=FILE0 0=passwords.txt -x ignore:code!=0
-
-}}}
-
-CHANGELOG
----------
-
-* v1.0 2023/10/09
-  - updated Dockerfile to ubuntu-22.04
-  - fixed bugs
-
-* v0.9 2020/07/26
-  - fixed encoding bugs
-  - new Dockerfile
-  - new --groups and --auto-progress options
-  - fixed various issues reported on Github
-  - new testing env with docker-compose
-
-* v0.8 2020/03/22
-  - new switches (-R, --csv, --xml, --hits)
-  - new pathasis option for http_fuzz
-  - new rdp_gateway module
-  - fixed various issues reported on Github
-
-* v0.7 2017/12/14
-  - added Python3 support
-  - added Windows support
-  - new --timeout and --allow-ignore-failures options
-  - switched to multiprocesses instead of threads (for --timeout to work on Windows)
-  - new modules: ike_enum, rdp_login, ajp_fuzz, sqlcipher_pass
-  - more info added to XML output
-  - fixed many bugs
-
-* v0.6 2014/08/25
-  - added CSV and XML output formats
-  - added module execution time column
-  - improved RANGE keyword
-  - new modules: rlogin_login, umbrack_crack
-  - minor bug fixes/improvements in http_fuzz and smb_login
-  - added more TLDs to dns_forward
-
-* v0.5 2013/07/05
-  - new modules: mysql_query, tcp_fuzz
-  - new RANGE and PROG keywords (supersedes the reading from stdin feature)
-  - switched to impacket for mssql_login
-  - output more intuitive
-  - fixed connection cache
-  - minor bug fixes
-
-* v0.4 2012/11/02
-  - new modules: smb_lookupsid, finger_lookup, pop_login, imap_login, vmauthd_login
-  - improved connection cache
-  - improved usage, user can now act upon specific responses (eg. stop brute-forcing host if down, or stop testing login if password found)
-  - improved dns brute-forcing presentation
-  - switched to dnspython which is not limited to the IN class (eg. can now scan for {hostname,version}.bind)
-  - rewrote itertools.product to avoid memory over-consumption when using large wordlists
-  - can now read wordlist from stdin
-  - added timeout option to most of the network brute-forcing modules
-  - added SSL and/or TLS support to a few modules
-  - before_egrep now allows more than one expression (ie. useful when more than one random nonce needs to be submitted)
-  - fixed numerous bugs
-
-* v0.3 2011/12/16
-    - minor bugs fixed in http_fuzz
-    - option -e better implemented
-    - better warnings about missing dependencies
-
-* v0.2 2011/12/01
-    - new smtp_login module
-    - several bugs fixed
-
-* v0.1 2011/11/25 : Public release
-
-
-TODO
-----
-  * new option -e ns like in Medusa (not likely to be implemented due to design)
-  * replace dnspython|paramiko|IPy with a better module (scapy|libssh2|netaddr... ?) // https://netaddr.readthedocs.org/en/latest/tutorial_01.html
-'''
-
-# }}}
-
 # logging {{{
 class Logger:
   def __init__(self, queue):
@@ -743,10 +72,7 @@ def format(self, record):
       else:
         fmt = '%(asctime)s %(name)-7s %(levelname)7s - %(message)s'
 
-    if PY3:
-      self._style._fmt = fmt
-    else:
-      self._fmt = fmt
+    self._style._fmt = fmt
 
     pp = {}
     for k, v in record.__dict__.items():
@@ -807,12 +133,8 @@ def process_logs(queue, indicatorsfmt, argv, log_dir, runtime_file, csv_file, xm
 
   ignore_ctrlc()
 
-  if PY3:
-    logging._levelToName[logging.ERROR] = 'FAIL'
-    encoding = 'latin1'
-  else:
-    logging._levelNames[logging.ERROR] = 'FAIL'
-    encoding = None
+  logging._levelToName[logging.ERROR] = 'FAIL'
+  encoding = 'latin1'
 
   handler_out = logging.StreamHandler()
   handler_out.setFormatter(TXTFormatter(indicatorsfmt))
@@ -971,47 +293,28 @@ def process_logs(queue, indicatorsfmt, argv, log_dir, runtime_file, csv_file, xm
 import signal
 import ctypes
 import glob
+import asyncio
 from xml.sax.saxutils import escape as xmlescape, quoteattr as xmlquoteattr
 from ssl import SSLContext
 from binascii import hexlify, unhexlify
-
-PY3 = sys.version_info >= (3,)
-
-if PY3:
-  from queue import Empty, Full
-  from urllib.parse import quote, urlencode, urlparse, urlunparse, quote_plus, unquote
-  from io import StringIO
-  from sys import maxsize as maxint
-else:
-  from Queue import Empty, Full
-  from urllib import quote, urlencode, quote_plus, unquote
-  from urlparse import urlparse, urlunparse
-  from cStringIO import StringIO
-  from sys import maxint
-
-if PY3:  # http://python3porting.com/problems.html
-  def b(x):
-    if isinstance(x, bytes):
-      return x
-    else:
-      return x.encode('ISO-8859-1', errors='ignore')
-
-  def B(x):
-    if isinstance(x, str):
-      return x
-    else:
-      return x.decode('ISO-8859-1', errors='ignore')
-else:
-  def b(x):
+from html import unescape as html_unescape
+from queue import Empty, Full
+from urllib.parse import quote, urlencode, urlparse, urlunparse, quote_plus, unquote
+from io import StringIO
+from sys import maxsize as maxint
+
+def b(x):
+  if isinstance(x, bytes):
     return x
+  else:
+    return x.encode('ISO-8859-1', errors='ignore')
 
-  def B(x):
+def B(x):
+  if isinstance(x, str):
     return x
+  else:
+    return x.decode('ISO-8859-1', errors='ignore')
 
-try:
-   input = raw_input
-except NameError:
-   pass
 
 notfound = []
 try:
@@ -1021,14 +324,11 @@ def B(x):
   has_ipy = False
   notfound.append('IPy')
 
-try:
-  # Python 3.4+
-  if sys.platform.startswith('win'):
-    import multiprocessing.popen_spawn_win32 as forking
-  else:
-    import multiprocessing.popen_fork as forking
-except ImportError:
-  import multiprocessing.forking as forking
+
+if sys.platform.startswith('win'):
+  import multiprocessing.popen_spawn_win32 as forking
+else:
+  import multiprocessing.popen_fork as forking
 
 if sys.platform.startswith('win'):
   # First define a modified version of Popen.
@@ -1135,10 +435,7 @@ def repr23(s):
   if all(True if 0x20 <= ord(c) < 0x7f else False for c in s):
     return s
 
-  if PY3:
-    return repr(s.encode('latin1'))[1:]
-  else:
-    return repr(s)
+  return repr(s.encode('latin1'))[1:]
 
 def md5hex(plain):
   return hashlib.md5(plain).hexdigest()
@@ -1146,15 +443,6 @@ def md5hex(plain):
 def sha1hex(plain):
   return hashlib.sha1(plain).hexdigest()
 
-def html_unescape(s):
-  if PY3:
-    import html
-    return html.unescape(s)
-  else:
-    from HTMLParser import HTMLParser
-    h = HTMLParser()
-    return h.unescape(s)
-
 def count_lines(filename):
   with open(filename, 'rb') as f:
     lines = 0
@@ -1168,7 +456,7 @@ def count_lines(filename):
 
     return lines
 
-# I rewrote itertools.product to avoid memory over-consumption when using large wordlists
+# rewrote itertools.product to avoid memory over-consumption when using large wordlists
 def product(xs, *rest):
   if len(rest) == 0:
     for x in xs:
@@ -1388,7 +676,8 @@ def flatten(l):
   return r
 
 def parse_query(qs, keep_blank_values=False, encoding='utf-8', errors='replace'):
-  '''Same as urllib.parse.parse_qsl but without replacing '+' with ' '
+  '''
+  Same as urllib.parse.parse_qsl but without replacing '+' with ' '
   '''
   pairs = [s2 for s1 in qs.split('&') for s2 in s1.split(';')]
   r = []
@@ -2491,10 +1780,7 @@ def reset(self, **kwargs):
 
 # FTP {{{
 from ftplib import FTP, Error as FTP_Error
-try:
-  from ftplib import FTP_TLS # only available since python 2.7
-except ImportError:
-  notfound.append('python')
+from ftplib import FTP_TLS
 
 class FTP_login(TCP_Cache):
   '''Brute-force FTP'''
@@ -2561,12 +1847,7 @@ def execute(self, host, port='21', tls='0', user=None, password=None, timeout='1
 # }}}
 
 # SSH {{{
-try:
-  from logging import NullHandler # only available since python 2.7
-except ImportError:
-  class NullHandler(logging.Handler):
-    def emit(self, record):
-      pass
+from logging import NullHandler
 
 try:
   import paramiko
@@ -2655,11 +1936,7 @@ def execute(self, host, port='22', user=None, password=None, auth_type='password
 
 # Telnet {{{
 try:
-  # the following three lines suppress deprecation warnings for telnetlib in python3.13
-  import warnings
-  with warnings.catch_warnings():
-    warnings.simplefilter("ignore", DeprecationWarning)
-    from telnetlib import Telnet
+  from telnetlib import Telnet
 except ImportError:
   notfound.append('telnetlib')
 
@@ -2726,7 +2003,7 @@ def execute(self, host, port='23', inputs=None, prompt_re='\\w+:', timeout='20',
 # }}}
 
 # SMTP {{{
-from smtplib import SMTP, SMTP_SSL, SMTPException, SMTPResponseException
+from smtplib import SMTP, SMTP_SSL, SMTPResponseException
 
 class SMTP_Base(TCP_Cache):
 
@@ -2967,8 +2244,13 @@ class DCOM_login:
 
   Response = Response_Base
 
-  def execute(self, host, port, uuid, ver, opnum='0', syntax='8a885d04-1ceb-11c9-9fe8-08002b104860:2.0', domain='', user='', password='', lmhash='', nthash='', aeskey=None, tgt=None, tgs=None, authtype=RPC_C_AUTHN_WINNT, authlevel=RPC_C_AUTHN_LEVEL_PKT_PRIVACY):
-    stringBinding = r'ncacn_ip_tcp:%s[%s]' % (host,port)
+  def execute(self, host, port, uuid, ver, opnum='0', syntax='8a885d04-1ceb-11c9-9fe8-08002b104860:2.0', domain='', user='', password='', lmhash='', nthash='', aeskey=None, tgt=None, tgs=None, authtype=None, authlevel=None):
+    if authtype is None:
+      authtype = RPC_C_AUTHN_WINNT
+    if authlevel is None:
+      authlevel = RPC_C_AUTHN_LEVEL_PKT_PRIVACY
+
+    stringBinding = f'ncacn_ip_tcp:{host}[{port}]'
     rpctransport = transport.DCERPCTransportFactory(stringBinding)
     dce = rpctransport.get_dce_rpc()
     dce.set_auth_type(int(authtype))
@@ -3208,10 +2490,7 @@ def execute(self, host, port='445', user='', password='', password_hash=None, do
 
 class POP_Connection(TCP_Connection):
   def close(self):
-    if PY3:
-      self.fp.close()
-    else:
-      self.fp.quit()
+    self.fp.close()
 
 class POP_login(TCP_Cache):
   '''Brute-force POP3'''
@@ -3574,10 +2853,7 @@ def execute(self, host, port='3306', user='anony', password='', timeout='10'):
 
     try:
       with Timing() as timing:
-        if PY3:
-          fp = _mysql.connect(host=host, port=int(port), user=user, password=password, connect_timeout=int(timeout))
-        else:
-          fp = _mysql.connect(host=host, port=int(port), user=user, passwd=password, connect_timeout=int(timeout))
+        fp = _mysql.connect(host=host, port=int(port), user=user, password=password, connect_timeout=int(timeout))
 
       resp = '0', fp.get_server_info()
 
@@ -3608,10 +2884,7 @@ class MySQL_query(TCP_Cache):
   Response = Response_Base
 
   def connect(self, host, port, user, password):
-    if PY3:
-      fp = _mysql.connect(host=host, port=int(port), user=user, password=password) # db=db
-    else:
-      fp = _mysql.connect(host=host, port=int(port), user=user, passwd=password)
+    fp = _mysql.connect(host=host, port=int(port), user=user, password=password) # db=db
 
     return TCP_Connection(fp)
 
@@ -3638,7 +2911,7 @@ def execute(self, host, port='3306', user='', password='', query='select @@versi
   from impacket import tds
   from impacket.tds import TDS_ERROR_TOKEN, TDS_LOGINACK_TOKEN
 except ImportError:
-  notfound.append('pyopenssl')
+  notfound.append('impacket')
 
 class MSSQL_login:
   '''Brute-force MSSQL'''
@@ -3834,10 +3107,7 @@ def str_target(self):
     ('clen', 'match Content-Length header (N or N-M or N- or -N)'),
     )
 
-try:
-  from http.server import BaseHTTPRequestHandler
-except ImportError:
-  from BaseHTTPServer import BaseHTTPRequestHandler
+from http.server import BaseHTTPRequestHandler
 
 class HTTPRequestParser(BaseHTTPRequestHandler):
   def __init__(self, fd):
@@ -4203,7 +3473,7 @@ def connect(self, host, port):
     sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
     sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
     sock.connect((host, int(port)))
-    stream = sock.makefile('rb', None if PY3 else 0)
+    stream = sock.makefile('rb', None)
 
     return AJP_Connection((sock, stream))
 
@@ -4273,8 +3543,8 @@ class RDP_login:
   Response = Response_Base
 
   def execute(self, host, port='3389', user=None, password=None):
-
-    cmd = ['xfreerdp', '/v:%s:%d' % (host, int(port)), '/u:%s' % user, '/p:%s' % password, '/cert:ignore', '/tls-seclevel:0', '+auth-only', '/sec:nla', '/log-level:error']
+    # caution: xfreerdp option order matters
+    cmd = ['xfreerdp', '/v:%s:%d' % (host, int(port)), '/u:%s' % user, '/p:%s' % password, '/cert:ignore', '/sec:nla', '/tls:seclevel:0', '+auth-only', '/log-level:error']
 
     with Timing() as timing:
       p = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
@@ -4394,10 +3664,7 @@ def gen_key(self, key):
           btgt = btgt | (1 << 7-i)
       newkey.append(btgt)
 
-    if PY3:
-      return bytes(newkey)
-    else:
-      return ''.join(chr(c) for c in newkey)
+    return bytes(newkey)
 
 class VNC_login:
   '''Brute-force VNC'''
@@ -4796,21 +4063,14 @@ def execute(self, name, server='8.8.8.8', timeout='5', protocol='udp', qtype='AN
 
 # SNMP {{{
 try:
-  from pysnmp.hlapi import getCmd, SnmpEngine, CommunityData, UsmUserData
-  from pysnmp.hlapi import UdpTransportTarget, ContextData, ObjectType, ObjectIdentity
-  from pysnmp.hlapi import usmHMACMD5AuthProtocol, usmHMACSHAAuthProtocol, usmHMAC384SHA512AuthProtocol
-  from pysnmp.hlapi import usmDESPrivProtocol, usmAesCfb128Protocol
+  from pysnmp.hlapi.v3arch.asyncio import SnmpEngine, get_cmd, CommunityData, UdpTransportTarget, ContextData, ObjectType, ObjectIdentity
+  from pysnmp.hlapi.v3arch import auth
 
-  SNMP_AUTHPROTO = {'md5': usmHMACMD5AuthProtocol, 'sha': usmHMACSHAAuthProtocol, 'sha512': usmHMAC384SHA512AuthProtocol}
-  SNMP_PRIVPROTO = {'des': usmDESPrivProtocol, 'aes': usmAesCfb128Protocol}
+  SNMP_AUTHPROTO = {'md5': auth.usmHMACMD5AuthProtocol, 'sha': auth.usmHMACSHAAuthProtocol, 'sha512': auth.usmHMAC384SHA512AuthProtocol}
+  SNMP_PRIVPROTO = {'des': auth.usmDESPrivProtocol, 'aes': auth.usmAesCfb128Protocol}
 except ImportError:
   notfound.append('pysnmp')
 
-try:
-  import pyasn1
-except ImportError:
-  notfound.append('pyasn1')
-
 class SNMP_login:
   '''Brute-force SNMP v1/2/3'''
 
@@ -4852,22 +4112,20 @@ def execute(self, host, port=None, version='2', community='public', user='op5use
 
       kwargs = dict(authKey=auth_key, authProtocol=SNMP_AUTHPROTO[auth_proto])
       if priv_key:
-        kwargs.update(dict(privKey=priv_key, privProtocol=SNMP_PRIVPROTO[priv_proto]))
+        kwargs |= dict(privKey=priv_key, privProtocol=SNMP_PRIVPROTO[priv_proto])
 
-      security_model = UsmUserData(user, **kwargs)
+      security_model = auth.UsmUserData(user, **kwargs)
 
     else:
       raise ValueError('Incorrect SNMP version %r' % version)
 
     with Timing() as timing:
-      errorIndication, errorStatus, errorIndex, varBinds = next(
-        getCmd(
-          SnmpEngine(),
-          security_model,
-          UdpTransportTarget((host, int(port or 161)), timeout=int(timeout), retries=int(retries)),
-          ContextData(),
-          ObjectType(ObjectIdentity('SNMPv2-MIB', 'sysDescr', 0))) #(1, 3, 6, 1, 2, 1, 1, 1, 0)
-        )
+      errorIndication, errorStatus, errorIndex, varBinds  = asyncio.run(self.async_cmd(
+        host,
+        int(port or 161),
+        security_model,
+        timeout=int(timeout),
+        retries=int(retries)))
 
     if errorIndication:
       mesg = '%s' % errorIndication
@@ -4880,6 +4138,22 @@ def execute(self, host, port=None, version='2', community='public', user='op5use
 
     return self.Response(int(errorStatus), mesg, timing)
 
+  async def async_cmd(self, host, port, security_model, timeout, retries):
+    snmp_engine = SnmpEngine()
+
+    iterator = get_cmd(
+        snmp_engine,
+        security_model,
+        await UdpTransportTarget.create((host, port), timeout=timeout, retries=retries),
+        ContextData(),
+        ObjectType(ObjectIdentity('SNMPv2-MIB', 'sysDescr', 0))
+    )
+
+    errorIndication, errorStatus, errorIndex, varBinds = await iterator
+    snmp_engine.close_dispatcher()
+
+    return errorIndication, errorStatus, errorIndex, varBinds
+
 # }}}
 
 # IKE {{{
@@ -4999,7 +4273,7 @@ def execute(self, host, port='500', transform='5,1,1,2', aggressive='0', groupna
 
     has_sa = 'SA=(' in out
     if has_sa:
-      mesg = 'Handshake returned: %s (%s)' % (re.search('SA=\\((.+) LifeType', out).group(1), re.search('\t(.+) Mode Handshake returned', out).group(1))
+      mesg = 'Handshake returned: %s (%s)' % (re.search(r'SA=\((.+) LifeType', out).group(1), re.search(r'\t(.+) Mode Handshake returned', out).group(1))
     else:
       try:
         mesg = out.strip().split('\n')[1].split('\t')[-1]
@@ -5090,10 +4364,7 @@ def execute(self, keystore, password, storetype='jks'):
 
 # SQLCipher {{{
 try:
-  if PY3:
-    from pysqlcipher3 import dbapi2 as sqlcipher
-  else:
-    from pysqlcipher import dbapi2 as sqlcipher
+  from pysqlcipher3 import dbapi2 as sqlcipher
 except ImportError:
   notfound.append('pysqlcipher')
 
@@ -5277,28 +4548,26 @@ def execute(self, data, data2='', delay='1'):
   ]
 
 dependencies = {
-  'paramiko': [('ssh_login',), 'http://www.paramiko.org/', '2.7.1'],
-  'telnetlib': [('telnet_login',), 'telnetlib was removed in Python 3.13', '<= 3.12'],
-  'pycurl': [('http_fuzz', 'rdp_gateway'), 'http://pycurl.io/', '7.43.0'],
-  'libcurl': [('http_fuzz', 'rdp_gateway'), 'https://curl.haxx.se/', '7.58.0'],
-  'ajpy': [('ajp_fuzz',), 'https://github.com/hypn0s/AJPy/', '0.0.4'],
-  'openldap': [('ldap_login',), 'http://www.openldap.org/', '2.4.45'],
-  'impacket': [('smb_login', 'smb_lookupsid', 'dcom_login', 'mssql_login'), 'https://github.com/CoreSecurity/impacket', '0.9.20'],
-  'pyopenssl': [('mssql_login',), 'https://pyopenssl.org/', '19.1.0'],
-  'cx_Oracle': [('oracle_login',), 'http://cx-oracle.sourceforge.net/', '7.3.0'],
-  'mysqlclient': [('mysql_login',), 'https://github.com/PyMySQL/mysqlclient-python', '1.4.6'],
-  'xfreerdp': [('rdp_login',), 'https://github.com/FreeRDP/FreeRDP.git', '1.2.0-beta1'],
-  'psycopg': [('pgsql_login',), 'http://initd.org/psycopg/', '2.8.4'],
-  'pycrypto': [('smb_login', 'smb_lookupsid', 'mssql_login', 'vnc_login',), 'http://www.dlitz.net/software/pycrypto/', '2.6.1'],
-  'dnspython': [('dns_reverse', 'dns_forward'), 'http://www.dnspython.org/', '1.16.0'],
-  'IPy': [('dns_reverse', 'dns_forward'), 'https://github.com/haypo/python-ipy', '1.0'],
-  'pysnmp': [('snmp_login',), 'http://pysnmp.sf.net/', '4.4.12'],
-  'pyasn1': [('smb_login', 'smb_lookupsid', 'mssql_login', 'snmp_login'), 'http://sourceforge.net/projects/pyasn1/', '0.4.8'],
-  'ike-scan': [('ike_enum',), 'http://www.nta-monitor.com/tools-resources/security-tools/ike-scan', '1.9'],
-  'unzip': [('unzip_pass',), 'http://www.info-zip.org/', '6.0'],
-  'java': [('keystore_pass',), 'http://www.oracle.com/technetwork/java/javase/', '6'],
+  'paramiko': [('ssh_login',), 'http://www.paramiko.org/', '3.5.1'],
+  'telnetlib': [('telnet_login',), 'https://pypi.org/project/telnetlib-313-and-up/', '3.13.1'],
+  'pycurl': [('http_fuzz', 'rdp_gateway'), 'http://pycurl.io/', '7.45.4'],
+  'libcurl': [('http_fuzz', 'rdp_gateway'), 'https://curl.haxx.se/', '7.88.1'],
+  'ajpy': [('ajp_fuzz',), 'https://github.com/hypn0s/AJPy/', '0.0.5'],
+  'openldap': [('ldap_login',), 'http://www.openldap.org/', '2.5.13'],
+  'impacket': [('smb_login', 'smb_lookupsid', 'dcom_login', 'mssql_login'), 'https://github.com/fortra/impacket', '0.12.0'],
+  'cx_Oracle': [('oracle_login',), 'https://oracle.github.io/python-cx_Oracle/', '8.3.0'],
+  'mysqlclient': [('mysql_login',), 'https://github.com/PyMySQL/mysqlclient', '2.2.7'],
+  'xfreerdp': [('rdp_login',), 'https://github.com/FreeRDP/FreeRDP.git', '3.12.0'],
+  'psycopg': [('pgsql_login',), 'http://initd.org/psycopg/', '2.9.10'],
+  'pycryptodomex': [('smb_login', 'smb_lookupsid', 'mssql_login', 'vnc_login',), 'https://github.com/Legrandin/pycryptodome/', '3.21.0'],
+  'dnspython': [('dns_reverse', 'dns_forward'), 'http://www.dnspython.org/', '2.7.0'],
+  'IPy': [('dns_reverse', 'dns_forward'), 'https://github.com/haypo/python-ipy', '1.1'],
+  'pysnmp': [('snmp_login',), 'https://github.com/lextudio/pysnmp', '7.1.16'],
+  'ike-scan': [('ike_enum',), 'http://www.nta-monitor.com/tools-resources/security-tools/ike-scan', '1.9.5'],
+  'unzip': [('unzip_pass',), 'https://infozip.sourceforge.net/UnZip.html', '6.0'],
+  'java': [('keystore_pass',), 'https://wiki.debian.org/Java/', '17.0.14'],
   'pysqlcipher': [('sqlcipher_pass',), 'https://github.com/rigglemania/pysqlcipher3', '1.0.3'],
-  'python': [('ftp_login',), 'Patator requires Python 3.6 or above and may still work on Python 2.'],
+  'python': [('ftp_login',), 'Patator requires Python 3.13.2'],
   }
 
 # }}}
diff --git a/requirements.txt b/requirements.txt
index f7da511..555be29 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,14 +1,13 @@
-paramiko
-pycurl
-ajpy
-impacket
-pyopenssl
-cx_Oracle
-mysqlclient
-psycopg2-binary
-pycryptodomex
-dnspython
-IPy
-pysnmp==4.4.12
-pyasn1==0.4.8
-pysqlcipher3
+paramiko==3.5.1
+pycurl==7.45.4
+ajpy==0.0.5
+impacket==0.12.0
+cx_Oracle==8.3.0
+mysqlclient==2.2.7
+psycopg2-binary==2.9.10
+pycryptodomex==3.21.0
+dnspython==2.7.0
+IPy==1.1
+pysnmp==7.1.16
+telnetlib-313-and-up==3.13.1
+# pysqlcipher3
\ No newline at end of file
diff --git a/run-tests.sh b/run-tests.sh
index aa630a8..33474d4 100755
--- a/run-tests.sh
+++ b/run-tests.sh
@@ -7,19 +7,10 @@ fi
 
 docker compose up -d --build
 
-case "$1" in
-  python2|python3)
-    PYTHON=$1
-    ;;
-  *)
-    PYTHON='python3'
-  ;;
-esac
-
 UNIX='unix'
 ORACLE='oracle'
 MSSQL='mssql'
-WIN10='' # 192.168.1.5 # vagrant add senglin/win-7-enterprise
+WIN10='' # Windows 10 Enterprise (senglin vagrant)
 VPN=''   #
 
 LOGS='-l ./asdf -y --hits ./hits.txt'
@@ -28,11 +19,13 @@ run()
 {
   echo
   echo "$ $@"
-  docker compose run --no-deps --rm --entrypoint "$PYTHON patator.py" patator "$@"
+  docker compose run --no-deps --rm patator "$@"
 }
 
-echo
-echo ">>> $PYTHON"
+docker compose cp unix:/root/enc.zip .
+docker compose cp unix:/root/keystore.jks .
+docker compose cp unix:/root/enc.db .
+docker compose cp unix:/root/umbraco_users.pw  .
 
 run ftp_login host=$UNIX
 run ftp_login host=$UNIX user=userRANGE0 password=PasswordRANGE0 0=int:0-9
@@ -64,11 +57,8 @@ run smb_login host=$UNIX user=userRANGE0 password=PasswordRANGE0 0=int:0-9
 if [[ ! -z $WIN10 ]]; then
   run smb_login host=$WIN10 user=vagranRANGE0 password=vagranRANGE0 0=lower:r-v
   run smb_lookupsid host=$WIN10 user=vagrant password=vagrant rid=RANGE0 0=int:500-2000 -x ignore:code=1
-  run dcom_login host=$WIN10 user=vagranRANGE0 password=vagranRANGE0 0=lower:r-v
 
-  xhost +si:localuser:root
   run rdp_login host=$WIN10 user=vagranRANGE0 password=vagranRANGE0 0=lower:r-v
-  xhost -si:localuser:root
 fi
 
 run pop_login host=$UNIX
@@ -129,3 +119,4 @@ echo -e 'wrong pass\np\x1fssw\x09rd' > user9.pass
 run ssh_login host=unix user=user9 password=FILE0 0=user9.pass
 
 rm -f dummy.txt user9.pass
+rm -f enc.zip keystore.jks enc.db umbraco_users.pw
\ No newline at end of file
diff --git a/testing/unix/Dockerfile b/testing/unix/Dockerfile
index e833909..7d31377 100644
--- a/testing/unix/Dockerfile
+++ b/testing/unix/Dockerfile
@@ -140,7 +140,6 @@ service postgresql start\n\
 sh /usr/local/sbin/start-tomcat.sh\n\
 socat tcp-l:106,fork,reuseaddr exec:/usr/sbin/poppassd &\n\
 socat tcp-l:4444,fork,reuseaddr exec:\"echo -e 'W\xe1\xc0me'\" &\n\
-cp -v /root/enc.zip /root/keystore.jks /root/enc.db /root/umbraco_users.pw /opt/patator/\n\
 su - vncuser -c 'vncserver -rfbport 5900'\n\
 service smbd start\n\
 service snmpd start\n\

From 5be299a9ba424fc20d07b4f5f7abe1f65379eb75 Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Sun, 16 Feb 2025 16:12:34 +1100
Subject: [PATCH 69/74] Release v1.1

---
 patator.py | 4 ++--
 setup.py   | 3 +--
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/patator.py b/patator.py
index 422b104..5108ebf 100755
--- a/patator.py
+++ b/patator.py
@@ -14,7 +14,7 @@
 __author__  = 'Sebastien Macke'
 __url__     = 'http://web.archive.org/web/20240120232843/http://www.hsc.fr/ressources/outils/patator/'
 __git__     = 'https://github.com/lanjelot/patator'
-__version__ = '1.1-dev'
+__version__ = '1.1'
 __license__ = 'GPLv2'
 __pyver__   = '%d.%d.%d' % sys.version_info[0:3]
 __banner__  = 'Patator %s (%s) with python-%s' % (__version__, __git__, __pyver__)
@@ -3570,7 +3570,7 @@ def execute(self, host, port='3389', user=None, password=None):
 try:
   from Cryptodome.Cipher import DES
 except ImportError:
-  notfound.append('pycrypto')
+  notfound.append('pycryptodomex')
 
 class VNC_Error(Exception):
   pass
diff --git a/setup.py b/setup.py
index fcf0f86..788084a 100644
--- a/setup.py
+++ b/setup.py
@@ -13,12 +13,11 @@ def parse_requirements(file):
 
 setup(
     name="patator",
-    version="1.0",
+    version="1.1",
     description="multi-purpose brute-forcer",
     long_description=long_description,
     url="https://github.com/lanjelot/patator",
     author="Sebastien Macke",
-    author_email="patator@hsc.fr",
     license="GPLv2",
 
     classifiers=[

From 44adec886f16c00dbfb045ff5d56b7c1a6343265 Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Mon, 17 Feb 2025 13:31:31 +1100
Subject: [PATCH 70/74] Fixup packaging

---
 Dockerfile                           |  2 +-
 MANIFEST.in                          |  3 --
 docker-compose.yml                   |  2 +-
 pyproject.toml                       | 46 ++++++++++++++++++++++++++++
 requirements.txt                     |  1 -
 setup.py                             | 44 --------------------------
 src/patator/__init__.py              |  0
 src/patator/__main__.py              |  7 +++++
 patator.py => src/patator/patator.py | 19 ++++++------
 9 files changed, 65 insertions(+), 59 deletions(-)
 delete mode 100644 MANIFEST.in
 create mode 100644 pyproject.toml
 delete mode 100644 setup.py
 create mode 100644 src/patator/__init__.py
 create mode 100644 src/patator/__main__.py
 rename patator.py => src/patator/patator.py (99%)

diff --git a/Dockerfile b/Dockerfile
index 40f32da..0c1469f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -56,5 +56,5 @@ RUN apt-get update \
  && pip install -U IPython \
  && echo 'set bg=dark' > /root/.vimrc
 
-COPY ./patator.py ./
+COPY ./src/patator/patator.py ./
 ENTRYPOINT ["python3", "./patator.py"]
diff --git a/MANIFEST.in b/MANIFEST.in
deleted file mode 100644
index bb910eb..0000000
--- a/MANIFEST.in
+++ /dev/null
@@ -1,3 +0,0 @@
-include README.md
-include LICENSE
-include requirements.txt
diff --git a/docker-compose.yml b/docker-compose.yml
index 343916f..fc81b5c 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -54,5 +54,5 @@ services:
     environment:
       - DISPLAY
     volumes:
-      - .:/opt/patator
+      - ./src/patator/:/opt/patator/
       - /tmp/.X11-unix:/tmp/.X11-unix
diff --git a/pyproject.toml b/pyproject.toml
new file mode 100644
index 0000000..3524ba3
--- /dev/null
+++ b/pyproject.toml
@@ -0,0 +1,46 @@
+[build-system]
+requires = ['hatchling']
+build-backend = 'hatchling.build'
+
+[tool.hatch.version]
+path = 'src/patator/patator.py'
+
+[project]
+name = 'patator'
+dynamic = ['version']
+authors = [
+  { name='Sebastien Macke' },
+]
+description = 'Multi-purpose brute-forcer'
+keywords = ['pentest', 'brute force', 'password attack']
+readme = 'README.md'
+requires-python = '>=3.13'
+dependencies = [
+  'paramiko',
+  'pycurl',
+  'ajpy',
+  'impacket',
+  'cx_Oracle',
+  'mysqlclient',
+  'psycopg2-binary',
+  'pycryptodomex',
+  'dnspython',
+  'IPy',
+  'pysnmp',
+  'telnetlib-313-and-up'
+]
+classifiers = [
+    'Programming Language :: Python :: 3',
+    'Operating System :: OS Independent',
+    'Programming Language :: Python :: 3',
+    'Topic :: Security',
+]
+license = 'GPL-2.0-or-later'
+license-files = ['LICEN[CS]E*']
+
+[project.urls]
+Homepage = 'https://github.com/lanjelot/patator'
+Issues = 'https://github.com/lanjelot/patator/issues'
+
+[project.scripts]
+patator = 'patator.patator:cli'
\ No newline at end of file
diff --git a/requirements.txt b/requirements.txt
index 555be29..a6477c6 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -10,4 +10,3 @@ dnspython==2.7.0
 IPy==1.1
 pysnmp==7.1.16
 telnetlib-313-and-up==3.13.1
-# pysqlcipher3
\ No newline at end of file
diff --git a/setup.py b/setup.py
deleted file mode 100644
index 788084a..0000000
--- a/setup.py
+++ /dev/null
@@ -1,44 +0,0 @@
-from setuptools import setup, find_packages
-
-def parse_requirements(file):
-    required = []
-    with open(file) as f:
-        for req in f.read().splitlines():
-            if not req.strip().startswith('#'):
-                required.append(req)
-    return required
-
-requirements = parse_requirements('requirements.txt')
-long_description = "Patator was written out of frustration from using Hydra, Medusa, Ncrack, Metasploit modules and Nmap NSE scripts for password guessing attacks. I opted for a different approach in order to not create yet another brute-forcing tool and avoid repeating the same shortcomings. Patator is a multi-threaded tool written in Python, that strives to be more reliable and flexible than his fellow predecessors."
-
-setup(
-    name="patator",
-    version="1.1",
-    description="multi-purpose brute-forcer",
-    long_description=long_description,
-    url="https://github.com/lanjelot/patator",
-    author="Sebastien Macke",
-    license="GPLv2",
-
-    classifiers=[
-        'Development Status :: 4 - Beta',
-        'Environment :: Console',
-        'Intended Audience :: Developers',
-        'Intended Audience :: System Administrators',
-        'Intended Audience :: Information Technology',
-        'License :: OSI Approved :: GNU General Public License v2 (GPLv2)',
-        'Programming Language :: Python :: 3',
-        'Operating System :: Microsoft :: Windows',
-        'Operating System :: POSIX :: Linux',
-        'Topic :: Utilities',
-        'Topic :: Security',
-    ],
-
-    keywords="pentest brute force password attack",
-    packages=find_packages(),
-    install_requires=requirements,
-
-    python_requires='>=2.7, !=3.0.*, !=3.1.*, !=3.2.*, <4',
-
-    scripts=['patator.py'],
-)
diff --git a/src/patator/__init__.py b/src/patator/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/src/patator/__main__.py b/src/patator/__main__.py
new file mode 100644
index 0000000..5318e7e
--- /dev/null
+++ b/src/patator/__main__.py
@@ -0,0 +1,7 @@
+
+if __name__ == '__main__':
+    import multiprocessing
+    multiprocessing.freeze_support()
+
+    from .patator import cli
+    cli()
\ No newline at end of file
diff --git a/patator.py b/src/patator/patator.py
similarity index 99%
rename from patator.py
rename to src/patator/patator.py
index 5108ebf..aebb755 100755
--- a/patator.py
+++ b/src/patator/patator.py
@@ -14,10 +14,10 @@
 __author__  = 'Sebastien Macke'
 __url__     = 'http://web.archive.org/web/20240120232843/http://www.hsc.fr/ressources/outils/patator/'
 __git__     = 'https://github.com/lanjelot/patator'
-__version__ = '1.1'
+__version__ = '1.1.0'
 __license__ = 'GPLv2'
 __pyver__   = '%d.%d.%d' % sys.version_info[0:3]
-__banner__  = 'Patator %s (%s) with python-%s' % (__version__, __git__, __pyver__)
+__banner__  = 'Patator %s (%s) with Python-%s' % (__version__, __git__, __pyver__)
 
 # logging {{{
 class Logger:
@@ -4573,18 +4573,16 @@ def execute(self, data, data2='', delay='1'):
 # }}}
 
 # main {{{
-if __name__ == '__main__':
-  multiprocessing.freeze_support()
-
-  def show_usage():
-    print(__banner__)
-    print('''Usage: patator.py module --help
+def show_usage():
+  print(__banner__)
+  print('''Usage: patator.py module --help
 
 Available modules:
 %s''' % '\n'.join('  + %-13s : %s' % (k, v[1].__doc__) for k, v in modules))
 
-    sys.exit(2)
+  sys.exit(2)
 
+def cli():
   available = dict(modules)
   name = os.path.basename(sys.argv[0]).lower()
 
@@ -4619,6 +4617,9 @@ def show_usage():
   powder = ctrl(module, [name] + sys.argv[1:])
   powder.fire()
 
+if __name__ == '__main__':
+  multiprocessing.freeze_support()
+  cli()
 # }}}
 
 # vim: ts=2 sw=2 sts=2 et fdm=marker bg=dark

From ab7300e88000238c506025726d474be5fbe89d7a Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Mon, 17 Feb 2025 20:52:26 +1100
Subject: [PATCH 71/74] Fix release.sh

---
 release.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/release.sh b/release.sh
index 5f8e252..791fd6e 100755
--- a/release.sh
+++ b/release.sh
@@ -9,7 +9,7 @@ TMP_COPY=$(mktemp -d)
 git clone -b master $GIT_REPO $TMP_COPY
 cd $TMP_COPY
 VERSION=$(echo `git tag|sort -V|tail -1`-`git rev-parse --verify HEAD|cut -b -7`)
-sed -i -e "s,^__version__.*$,__version__ = '$VERSION'," patator.py
+sed -i -e "s,^__version__.*$,__version__ = '$VERSION'," src/patator/patator.py
 docker build . -t $DOCKER_IMAGE:$VERSION -t $DOCKER_IMAGE:latest
 
 docker login

From e763ba4f7c791c65297a7a2da6bae31d7b2704a0 Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Mon, 17 Feb 2025 21:01:42 +1100
Subject: [PATCH 72/74] Update README

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index b0af923..f3cbaaa 100644
--- a/README.md
+++ b/README.md
@@ -43,7 +43,7 @@ Currently it supports the following modules:
 
 The name "Patator" comes from [this](https://www.youtube.com/watch?v=9sF9fTALhVA).
 
-Patator is NOT script-kiddie friendly, please read the full README inside [patator.py](patator.py) before reporting.
+Patator is NOT script-kiddie friendly, please read the below and the [wiki](https://github.com/lanjelot/patator/wiki) before reporting.
 
 Please donate if you like this project! :)
 

From 09d56ce625ef846b31008c95e7d460213f317750 Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Mon, 17 Feb 2025 21:39:39 +1100
Subject: [PATCH 73/74] Fix #226

---
 README.md                  |   7 ++++++-
 donate/bitcoin-address.txt |   1 +
 donate/donate-bitcoin.png  | Bin 0 -> 10280 bytes
 3 files changed, 7 insertions(+), 1 deletion(-)
 create mode 100644 donate/bitcoin-address.txt
 create mode 100644 donate/donate-bitcoin.png

diff --git a/README.md b/README.md
index f3cbaaa..c200649 100644
--- a/README.md
+++ b/README.md
@@ -46,8 +46,13 @@ The name "Patator" comes from [this](https://www.youtube.com/watch?v=9sF9fTALhVA
 Patator is NOT script-kiddie friendly, please read the below and the [wiki](https://github.com/lanjelot/patator/wiki) before reporting.
 
 Please donate if you like this project! :)
+<div align="center">
+    
+| PayPal | Bitcoin |
+| -------- | ------- |
+| [![paypal](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=SB36VJH4EM5WG&lc=AU&item_name=lanjelot&item_number=patator&currency_code=AUD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted)| [![bitcoin](donate/donate-bitcoin.png)](https://raw.githubusercontent.com/lanjelot/patator/master/donate/bitcoin-address.txt) |
 
-[![paypal](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=SB36VJH4EM5WG&lc=AU&item_name=lanjelot&item_number=patator&currency_code=AUD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted)
+</div>
 
 Many thanks! [@lanjelot](https://twitter.com/lanjelot)
 
diff --git a/donate/bitcoin-address.txt b/donate/bitcoin-address.txt
new file mode 100644
index 0000000..9a3abf2
--- /dev/null
+++ b/donate/bitcoin-address.txt
@@ -0,0 +1 @@
+bitcoin:1MiukC6ZXB6vt29xabVfHQT6DMiEeoDPQJ 
diff --git a/donate/donate-bitcoin.png b/donate/donate-bitcoin.png
new file mode 100644
index 0000000000000000000000000000000000000000..878074c9a7baa41c45546fdb56a1ff81b7ab3105
GIT binary patch
literal 10280
zcmZX41yqz#`{&RINC+sM0s<=C9TJj~(p@6mjdZ8PNJ~kV^bkWMEl8JicS-K$`}XYl
z@9sIoJIpZeoqM17#S^ZqDE$<J1OozrJe8G^RDnPch`@C+Ix6^yB9RgYej!_kDTqNJ
zRk4`2MkwGhf|H80IKoW-Yd`RS%0xy*0Rr))hd}&;AdqYDC;u%7#Dx_C*)fDb_){T}
z7xw8*9|XY@PwZv1oFEWP{Kszu$hUNGD=LVrq?nrf?0$xayV{?-hou@i)1{Or)TFX9
z(}6)uhW>HNxCmJ^wJMSnI;C<&@BO&$nexjDXl7Zi%Pe!=yw?pd&Uz&lh)ffXiiIrk
zOhG0Uw~v2@r&`JU;4qeVb>7RCohR{0S60^4=^!Q9aO37+#-PQp$I^%gC2_9<8F~N}
zJ%n!o5&XiSTR`kc=UMW`*DTkC5}0^g{SC!?{@h%Bj>BSjd96PYR{ch&&hTPy23B2T
zF|u-Xyb7znIcUaVV`I}e_uBqV=Y0f6d%nBiGNl(58M&II*Xm8o$jAt*4hlkk`SRsQ
zn7)}A-TirmpF+gQ8+P_*I6`NmM<Todth9`b;Yh5E`gC-38f~$;(y{DQ0|NslJNbo$
z9OsUXj->}Y3=Go0z2xNNOlCJWH#yE#R8{HDbyQT?t%U3I@?MTNScXgDB3rQ{iz)k4
zqX$63VL_%Cn3#WecLj2MV0RaD?i)~x*OLM+I|PnSPSgZ;v@|rOJ8u6@)_+t~Y$i1}
zHL;(+)ra+k!HspBU85Q0WM##SjcF?OcK(!Hon}1@GV3(hQ*%6*mX<C#+>T^v4J*^B
zSKQj1oR|puce<(SPhHwOHTB|Ct*7{ny_;K#no`N1mB!7?)uaWd5h0Ds-IW!@7cX8!
zp3lzBL4EUA{{Dr}x9#kF+VGT)rKsKZadmUcIvR;imigZw01-<J7g=VFj{fVz{bk!L
z7MA+r{W_aDR+k;MlG$>ddTcH(E*QI#l2U;_Sf=VoXJ=qhN=iy-Y3b{N*hZ&K#jU$E
zAun!@*5YEO+kHE~)ucCC)yM-WEcIG#E-o&--dC0CHWq`aU%U=mQV_A&j=!d)m`s)H
zY1FnHw%(K;Om%ija4L&RE`OyV<Kf}qI9weTI7~mf*<4#gW?*2@*OHJx;z*vDP)oa*
zo0_sX-%L(VmzR4PKqX27R!(3D!b+5e<v4eF5X#XvG6GhAeZGrFNN85I2<{jPg9)N@
zF))$|dlNBhl=`zaU*@OiuOxMMcmKVZv)fF1_wHRzadCvEhK|m_&*<oAv+Hb#1TJ@W
zK>@0)tgJ?@UfpMCp6BYZ`tkYsJ7wj#Znnbwd^VemjEui~dxOl@Ha2Fn7(yoh2@07&
z5D<_5j{JBv=QyS3mQ!7wpqZSR8N-m}ouGMf+)K$Z)3CU>IC!4?R_~WCi-5q5m(t9k
z`{jaLmHV-={tVdBO0$9I=(S1J)$HhZj`_+TKEOYU2Ze@m?C0;@7l3!ySl-_sLdIaL
z_*SG^NW;lVFlma4iG&RK@dq5T@gmE^zY)JuUpsPg^65q=h9D?RWfAR7JP6gtp#9H|
zfvc{E*w1ryLpyq72nYxomuYEfksTf4`ZK|pFJ9ITjg0hySbH;h1NI17{qra1*W~1m
z1P$6Acpw@cCFKZnNkv8P{oRd+Sx!#Qs3j+i9UNVnuPt~lc}f)rdwZ}8^JJyxPQ)xp
zNlDXHCZXy!*4EZ#wl~+i6*@xZwc61~NA~C(&cP;po@cLAM<#js`4!zMe@fDz2RugP
zf6tW!3&9%aU81LLe66X4h0el7Zmh7lvomK9S{k{aJFd6@at^E4#vrla^;Ryd+HKJT
zt*WZ(za>Mn?V7M+Z!|~ZW3}m%An_9<96`gH8^^nAmvljo1Wj&>VKVxX>B&n16B+D0
zh(r`7Bg5Op_W^-{Y$iQe`dSVSY!n`Ac<4`CgU`!#8#{DaUcCw{($v!%nn>feAyKWU
zsv0XeENf}W@Sp^RCjoKr=CCdHa>+02F|qtPi2|t5F~D~FOX?f{K0fNiG1;9gOEi8x
zUZ7y|>)Eqs$|@>|Ik=vnl70MjAmqA7G|tV*`IYhX^fZyP6`w(oHMCG6jXSzAGgYBW
za-P|!tv-TLwE$F{t|yq7X%nlM=;(%ZBm{(nY)bB3(=`@2U3C<L>3rkGRj`v^%<@`N
zQXzk)NO9i2eOsSrpiP5^EQS#B-xc9f#ivw8j0oRgDJUr5&-Q|{L!36?v^kvf{d-68
zZiawc45OTaLigTGjfa_*mX`ZYQQ_wcVQezq_Ls2m88`hFPeO~4%wT01@a7vy9v&XD
zJC_42ZKl6yXlbE=^CToBaZu=!oSr)8Z54ejIXO&rc6KU)=-|-i+WLBqO!%i-lJM|w
zTAXBBbdH3C1YQXK^>0f~`8G6cvPvt;fB*i;Q(9SB$+yhU>&jlzad0GBr9q*LMK-p!
zZ^yacyirh@3kX1zJ-h^GD?bO4q+rpyqNQh|q_os@XMdqNrASj%wR2*w#q09NY9ZY-
zG2A>jF0vR2Rv_H4y}cdc%umi6lPh40!Vbk^O2W9fxQH9r=J|4khnCvfDr{M+4Zb+J
zxxd%c;DhIsi`356iKOEux1EWIi2T#iNN;a%vo%U`G)l@&WHVlY&$fJcXji4LrA2&l
zdg@_TV?HD<CibPfF3bDmiR<Cw5VL^e8hTAhV^Pr)=@>F2WLYE1p`ju9mg(t_JsOS&
z^NsR4Y<7PmA}}^uz+ST12nYy3eY<f5ykw&)TCXGi>43Ijv7^^u|7Ck>W(G=}RZ>!t
z=NlOjk-Gcu>WYe*+UTk`z6Sm?V3ilF9OS8Z$sh4Djn1Vd%FN76dso*GdHUQ}Mo7Fd
z5^iohv$M0K)6-$s*PftSNJ>l7Qc<<jU;cwyWWpC)yvjc5sH+EOXH!L<UmPxtT#Y3s
zC9#Pi(z=feUM&a0s=>y0b#)#6623i>xV_yJ2^}r}%OLXaNyQ%M&>!1;g(_Y%FrYa&
zIA|;cvb0_y4kW(`JX-5_*_}N8HJl|fB6!}YzBgB|^n1K^c2;|ApHv(Kz|l%1%d9!-
zI9S%{=7>ba6fJ1jm@nR%nlt_6tR^2G9tIymN?92f3l(W+ch})>2g)k~jMv&fWqxA;
zEOGbD%HAFqgw2n#vhLe|r{H9^Z5K_~9QhEDkno6z(91L;)6>b2QBi5Qxu3hbx;h7j
zQEsT_#l&Fe6&7|HvKsy=RwvM<M*wkIqEQwAHx%{sY<kBm5s><oBekbT%GAt^nx1|m
zIV1X%_L&~UN2Hw?l8;11dUq+Bqinbc^Y~Fx(pi}08v(FK|0Gh~a-x#(m)KaGir2!z
znf=OoHRexggFx0K^?xRm_yxBzF@gu641Vl#&STar&;IeFZ{@tl1X^h^LXpVJPeKxn
zn#N;SHzU;Gy#4HPpJl3ya2J``($mvRF<C*%^7>qJK4;O#0v-9c#^-2X+><7<zTMU!
zSUyoTsk*=Ka&uz=V!A4XcLd6MwS*v{jM%`KN!0(leQ}YZP$^5w*!a8U^|j>D)oQH7
zUN)zZKUCO<ze`bsz;k4Uo}7wdJ+vD1L%e94p|kDrD*M0Uk>`8+`!=(O0*A0bP-1(H
zTh`W0rAq5&unI~_Fu_~)kh{$zfaPGI)=5r1HQP4o8&IVtB{H%y8I^F&MXe^~iqp(M
zK6ya(>HD;`DTq4Em0EPLz8)-a(128^n9<SXvinlR^<`LEIUMWhQ)*^rOi+!IVAPRu
zR|pg7Aq!Q_*{^&})|P2V?46a>C_)#G&y}CIpb~{h1`f_QI>jd?1?S{YH_dddO&C5R
zv7McW_I6S2=QHvKY@%96BFg&0f~~tm&dLN2_|+laTgi7Uyk2hRnx9ow@xklq6xyD2
zB!86uX>DgGEhUAjQKpTO^!}aOpwvp)PKlnfn(ybifhK7~)?-$DQ&2q=GX=wIt*1IV
zJ5466y>IsGx3;&9&f@DAJqL^*DE)5P5<@whHsl)`8a{s3`S9V(<fI0=kaPFvx4~g_
zv+C;VpkpG4mmub#>uG3&0GxFCYhxrUc63x3y~a5BzWK2Lc4QM7hr5C@@uReKE$RH?
z;=Skf=GImpS&*idmX+$?%c@=q6BrZ?4Q=fAZ$zWX^3i)Ed5%<&o`c`GA_F4d6h^;$
zU}kLSn-@2%-&h*WkPFG-M`N#eWp6{`KOQ-CI4YWSr-Mb`iqhBi08?WkG#|-~u4ucT
zT~Woz3B`c)Fq^(KHa31~b`pU{K{1@S8M_%SZ*R{E+9UOP_~3}|1qV8ZM=*laAm&G+
zu-*U=?f82D)P`MMxkuWls;C@|XWbKsE9p;Pu?iSXI@#E~N&E}*x;*%R6gB^QFTbd$
ze@BEwd@W=uEBIvYL8fH)1rqd9-p~@lK4mz)l!dZBA1Y-x?rrrk5y4B_$jONVfZ1&c
zD*8~=+%Zd5pKIqn(`q&=7XA!uJw3gx-Q7TW`oQL9fx{VI->%pk^%t2p!zI$rbDVoT
zoBq2nREbr(KA%m*bc&D-<5%J#dYxDb!O0>MzdJ`mOM~G;3H7uBuU}&UE@I>hMPDgE
zBMO8=qNM_pm^I(Gegqv%-~BJj&)Qlx1lckTlkNz@kByFWUw`%QPRz{CMu1%hg}0%p
zX(iL^plV^L{EEeNp_Y~<d~X3_i+&P^+$RwwM~r=OnZfxcvH@=U#5juL*Y`Uj-3uJ^
z=ZPSAK_{4<QJkNJjDy1juzz}HMmDqMD=59<8F-+20qm;_bH@{KJ6Izh=7jbQ4@-G^
z@<R+)d!o6$KlO-d-7ju&T???rk>ISah=?~D@>)gjTA`A`LIQChH#bUf`+WlEnGye8
z;(ysL@ASCsb5YZss0Q(Wf|@e=`?uqG!XY?2P$#X`=Rg>)ZER?lPR-8`x_8Iq;h~_S
zYI7x*XjXjx`SYvh#_}?imG|A<-QX1s4Gk_KVfPkA$F5$ZBMM+xaoxhVcX!abKY#v2
z9o=-{D;WZ`6PNIfhOFj&zVUVCSA%@AH`Y_Vy%zEYl_w{TsW%p&1Ld~0QKqmM^nlHl
z=h^Fvr=14uBM*zU#{scDikRc`bHg<ox=v{0vp7cbwufw%Tb#4}L$M9Qr+<F=#N7;j
z5p*Wp6SOc~zEk%v_v-3hjwr?-9lGTTD#YUE;#&9#IbBaNFy0)_(5QXG$QbXOIvr0d
z{ZdG*e_)`7zg<m3gS`$L3WWlc7~Wk6aE)2lIe@$L?O{*aVq#(vdN#MW`=j3NN%jN0
zDr-_+UT!XV0_vaO&0b9%6#lcWu47=pTHb*5lw}hjDFq(;&XA|P0MEsc3!oZaakfO0
z@^sA1%&4_BH<L0bri&UGQS<ZjFR!fy0i<sXUK}N!nUxirknl`RQ!^J7RMbEO(6>MS
zw8R52F?G95zd~AHpW>}<gFk56L|CZ2e0*@w+X2q#Sm}<;Q7Ouv+VzOVR!ZmnqFShk
z0GTY;vwqg><>lqDGr_3a<ou+ptgN!WURquri`#adcV$pMM~LB{@UPnqKT3vg7zi;)
zQz{WT>3WsTm(y-asR21*FtqCgH|fl7%Ml~iZ+<H|&CNGqHSz%sR&se47p}-CD6-hB
zAngiZNck$^AYk<8xU46sXlar7GltLJWpY?xLmuf9Krc)zXxSANI9Y!8eDCGts=O|3
z$L}LULQro3&kdT!KK%9Ty|asp5eVdhle#+Yy`?rvP#_0yO3KRKiHRW?o0#ONF*yLt
zj)jfg;f<gAf$DCZ#qUYXs<M_=_}$HAE&yp8vCK8q)gX=omhKMRXon47=2QmGdri8H
zrw9{i4-6);`BJIyX{T}}1*~F0OkvTMnicx_ZQh9W&LyI5ZkMUt>d+B=adB}Xk!MNo
zQ2>ugWgsL*8fUJ68DqTdangxW?F35({3G%rSEHl~pxQ;X13)$l+9$`y15*rqX9#rX
z7Z&hdya)xH>6E*fxD0iuVt;=>y0VfrC^-1B-P=1jh?$tsUhL0>4i78-P-E)q?KJ_}
zQE;iQrp9S(8{|#kkfJ%_^*o!X)h)gJMZ}f?7E9y=W{$3TvU9<dnBV@y7DrBwe&6*R
z)jZzZ!h(X|zpk<jIM^5Q9A%kIc&Z;C&>1A>&Mz-dk)>l+?f0hH#y=bOC(wa(A~j_v
zE>Oyf`TCUr(z$Y6tX`7pJ6T~63kuKK<)uk)4EZuIwvUg`V<8O;MEd>vw|r>WJ1Hq+
z@Ql5^y{M}zH|Uels!yCG<F)mlXFBBgS9!4yTP`WCudk_629DPfmA<{Eu>SNZE+xf6
zJ0^Uw20qNj5^IXBuUuxh&)m33zg7Lf(xCXnw+ty`c~8hA8GECKGt9jiqed3w{;;5e
zysRud&92qz59I=2?F_P*cs1Wx-$qkclKS@@d}hN_?@Q-%ic3sHl51}1Zm|CwkSC<i
zloYWoQ8@m$D;z(L=B-2*n&vb&E9>Y_8vkH<8^*i$Lf(fx(WFsFy9Wm`0BdwQQbg5W
z%elMrj@OlyMPCkVZ*GRd;bPwBe>5Qw0J{^Lh8)OPtgGwmr<{eVe4|)aT>$bKo13%d
zS5V4VF}k_fPh~g5;Eh=gAM1g1I;3x#iZ$xSY>yY7E=ov91Txk*12h;G7A6W>1_lPk
z(fO1?nz;l3u&d8P)_s=>VK^BIsD-;<<{!9Ub!Z^D4!0{)Iv4t)NerdLUF=0X@M)9G
zRhje>De324R^*SP<X2mc(a>9KG8y>Yajo`8;(6=m?X_S$c_Jnw6Q*u5Q)``)=efPT
z9n~j5p|t38b78d9>I18m2*sAgU`4~B=mKorhFfC$;Gjp(Z2={Rp`sgNVqt-np~zqr
zDQaiO^2yp-!87=1!0Og42)eSry9;Oq1{M}psxKEAIl00<I9|g8i2(;PKpW%{^Ff=R
zpPz4cAX746yMJ%RNwVe44-s{C{#kS&BUaqnx<~*4tkwLR5qu91_OD`VHCDv7srAF$
zV?_@$FjQQ}$aauNkn*E@s;fkMw$vI;eaSk#<c6rs*LiSI&vtb@Vl=AF{lNA^*WKjz
zwlnu7K6MxyOMH4p#@Nyl3nODWV5n!(WB}6x<g-ZW0y0YYW{+dMZFOY@tct~EVPPR-
zs>eGSkBkf}W>qSk4$5K^wQgf$BPi7UvA(5c;pfZK<Kr(SCCuOu72b858*Z3zy=4Pj
z0kAq&yG22emZt$kr|;apVZ19eKU<G)AvHbd^fGL)eZw*my!#{Q-t##D9w{W4{HvU+
z(NP<zR94F?a-&KoO4l9^oq}&7Ewo`e&kO|x1xFVa-Y|9>>|xsGH8c<brK?=l?@>bX
z_7>!g2^7!q|EEf2(hQ1$_i^`&0^+fbU`)8feAr!BQW~1nsdd_6CD+I)n}Jh=P$o}S
z|D&V^1cboINX$c_sJdGs$Jmf!VI9HB2F1X^eoFQcnQ?qdfO6s?Yqs>LBXw7eTSDL4
zBHxhNy=R^em&4@|YIg@jefWy=Az*59awQN)7}P$Va=qrBxyAjBjgVdnuSYga)=T~B
zRo~B%A{dN}n3xz4uO6T=$t#%vwd&KiFJUOp0E_;m7eBC$j){rX>mWFk4L%)E2|$PG
z?N4OzK!6hwoOuc<89ZhRxBz%rqx2(Or_cZ(nAX<TBd`U2ej>#sB~|7_-#)ng#J;{q
z#?F5rxD)B#D^q^!E|06Q_Sn{Q&e_|yL$l}=ZhRS-r)>BHTt_b%<VSb+_DmBR2OBRJ
zy%YlY=`9NnWL9#&MlIR3{*(HBesXeBx;RY?U`hG|2hec<braj-JPH-L{i1o%fyu(^
z)xsOYv93ytr!5I-&$>Tjcx}*1rjl@9XSXEGhzO))OecfE8ZT)qR<Kr}g-T0G26eB>
z4RYZ|OLbx*v#Rd$*ewp;oSz*XwSyCj&&slM><p#a9Zel~T<v)}zSjxB&lz1&SsB+*
z4B(#%;kII8V(8e|QtIl2At51>3eiAmGrC_}2ILA7QqT1$7#CQVf2=}`kB>)x`m`G`
z3szQE|5)McFub?YH#FFd(h`Sc$nV^^n!Sr}u_Ug=`tDwc9`I0BIt9~wKCi4Sp@f8>
zLcBB=^>cG7E<W<xJx5Z-r%o2-vz{!)OIu)4Ed~nu>_nnwgwlY_+S(c`0{yF3G6^N^
zfGZOZ1cN7IK3N&wlgArRvCiTk+rs(ua-%)E1c~hI?9R^5a{xR;4K(V~)X^cG_{5b6
zFIIkqi;L@THjw;xyD+PVHdYW(Q&Y3xZeu9zQNdhP>Fn=+0`3h52q;^n$dHvtSzR3k
zyaXU*<H=I3f*GJLMHhK*3_=Tb9mzuX=ju;0H2~%{0z4cY2dDQdqw4bVvVUeK1wcE4
z83Hc=_}o}Oe3kUx-OH=fkVw(q>ugLKkCb$Pw1kalVEyF7Vd9t7(HHc#BsP{;Bodnj
zJ<C-$Y|h&ToyL1FnhhI#NtCCNdV-qZwnW9%tXE_7TNS?ip39eQ_!8Kk7KyHJZa{fa
zsw?a&Goa~Tca)Tr%q}mto#=HJ78ZUK^W|%xpiT6xJM!}K9>uVe%Vq&pXd33h0q|59
zfGv+J^YDQFzKh=fo|}987-v(>;9NaoZw7B1+}wJBAP^4ZhO>){j=4EfAVCn3kgQm7
z_Her``S5@(G5Lk$;N%pjQp9=JmYYjU;e8}F@Aq(5P^e{VYg>>fDi`bT6*vjcSwSag
zaiNv=Zu_^~M4HXwi^(qVqEF%(>(K@IvS*s4k6X6|3x@N^^l(&RYbymF9^TKyZ>eOy
ztRS@d`uf^`T8+QV@G4bfQZUeU@{zy*{WImGSvuD=;wo0JyWZ+&32!s%)tUDZe^i;0
zG-A}l%Nzatr59CcJv;1MhL+2-xP_`WJW1d#Q?c837eRN3fx|}rGYvpka&h5GtP#bn
zf8Flx?%qB!f^&X;9;HWRM1H4_IYxdDNoQVse&@Ha`LOA=urXIp?L;=`={0JC-9+Oz
z<i%+-kpy_d8_$#3Z-mSmR2&@m;%&M{+y@{<pq|F2=H@Gheh&f_d(k|LabFu!fKt7g
z>4n{q$Cab-WAv@lYl7#`**&Dldf5*5Pu2(ASHc;n2rBbm8+4a5B=#Tu+sx7_4aF-}
z3+j&qBn8*^IMP70!DMcu5M$nT&gSZDT<P!XYNsVmkc;!XTa1%?bKc3A%xaq-{2T?l
zJGvdCo^upL*~>%vQE76Zj31=k>knP}5YM#viO_ZceGFQs|M8j~y%8KZ@wi=7oC`*L
zsWIaPipsxL$_I4Df+b^NrV)_`!A!q<51HdNLK4T6<Ye}hyDvy+M`=s9JuBzsdM5Sh
zgQ;vtKo-UK`y3t`iuV2c_v|stmv;!babH`PxOc6#lFIEH@4qON^DXmHma&a=W;+|1
zvjDMZY;5f7gSh;#Q~aZfu-Y4&TUF(tB1ChOGfwdj9d+IUo_nVL3U#g&Q^S$4Nt`E_
zc@M#!{eBRI$d^Ebmp9DgbYtu(1HFa+2d1P)S{p+tf(@_`f5=40+12ZJO9?~`YCh;w
z-(sn!Tx79czdySw6SbJuz~WQn%BX*Nw$<o+$3I!7!&BrF7f$Kn&sI*1kB=V@g@%KO
zOG{YzX9A~k6ZP8Ca7JFj37y2W|J(w(86HqR|07XAsYtVCim_FAW!z4O=#z;#y6eSo
z#>BH~^7=zd4ro9?jcc+JK?ka6gYR8aw`Wgb;>N_EKRH!Z9}*5v%K*m+8Dok7La3+T
z-L3&B2$(q!<#9mzk=<0#Yw=W9t6;ay{{jsyKk@|3DCukwpmb;*MsUD3l1bkI*C%6>
zYpqkzkASVEm?a#&ylhyaW@h|VD_lOD;;?(`SpPFq;x-zDsJ(w50h-Q7tr7*2T}@q`
znvLzaz~d0H-RE+Fp(s--*C_LvOwfI_01B(?nNPIj1iS@wH<HNn0>um_Mo5^)0ua+f
z`HoM3WSuYwXA2l+BCAPds89pyClK}8D`N*{Ypoyo8el`R!|~Lmk_GG>u52H@y|q+T
z0~Z(dOZA$QCG}Q9Yb2j37IA-`_P@RL2I4<8FK_C7svR4!dVUlai(6X00-TX(KqcS`
zj!b0eZZMKSCx=Tx5d(D9-12hl`}=#~7#0!_4QZ=5kO3MxIywpgg2PLC`iNQiXI(gN
z+f!Mf;55;I>hSxw3b+GQ<uoHby-#SU2f)JY!a}r1y=7;oW1>hE5FWHzZJWe)eO=us
zQXX5;)B?l(v9?DS5t_}AtN;Vx)ttx2+?*b0$vBKNHB$H<sZaVlzD8_qSr)|J-}@%k
z7RLjQ)I&pH!aE@Qs#qzFTj96j-o}P`W)TT1tWAm6oDCpw=p{8FkQaegpfn6Ikyph=
zM;8?pg#d7x{pVB8pHCkQ3}Qif1!WlM!rx}1ObWhF?Xq!lBD=Y{UH$t<4IHvhwX@DN
z0cA1@3WVotwcPEcx{WF-J3fFDCq`S_7P65TubBJ#3ga7s#3Q0T0%^qI+sMbqr-4S4
zBZ9@6-p@?e4o;q}4!fwRsNv!M=1m>pz*;wvpf7`q|CeQ6g;fX2_9LnGFJBM<CMKom
zyj~TjPZY~nfiEs*x{BkAl+z{9MNK}fyU(XXM--V4oO*P_@32Cy9Grj$)F0|Dw)PW)
zx&n5BkqEiyeqpfuN7Ep9^tyfCf|%&JU2v1Uq$D!nWmE)a!9gJ*?B@}Yk;f@*x51hh
zdo?2~b#u0XN1Q|8m`{I!CY?KQb#uevBO@g8YhWPKN=H+Zp`ZT@*rJ11sAx8c2(Aza
zTJYm602*{xHrRp>ju%7>%+7SSvXQIeN4J5Ffq~=Pwx^__A(dF})2HIRI*^3iEkJzK
zlBWc?@IU5Efxfo(Y>;2FnVFf!(k8H5W=*mF<KI1+U$5GM=kjQN>2?99b!!aRa{$ty
z0|%sP`hxP|3hlAtPY(S0mEf#=1IRSADvWy4LQjv}q?4F{pleTj>QgPy)lHsJ1>Y5`
zF+J*E9edVBLckF&ppdd>#f^Xih7HS&VSB%l8D}$B$JTQQ#PKU&KwBSs3JD2)N9%dw
z;OKZQ>=0|J&_NQf83k7O{uwS8Np#*WIlr?^0w7Jl$H$?<!1Yh{1QL*Z%iy4Vfxe<5
zwknH|P{yOl&9JSXUr@kq6B!v<_T0|EYoBYw6Zn}4l8fKIk;wYIq@#=Plly;$0c?K!
z_+j{&90XF_w{O3gZvZz=tp>?d@J0&PEZAmlZjP9=KQ0cp2l0D(c}zbQHU>uZcH=xD
zA>q-*#YWPT{pXNuU>XxU85mHWF0uw><X4tS<-*-z!TC|${r%xZ49W2=MxCfVOi3wk
z6sqZsO5_)T^<J>p>T^^2{H5Ic_o=)2d3mhofPtnydj3gY`voZC-2_>RpfD5^6#Pu`
z7JzmOmcT#B+PEDqDnMb#VsWUzwMKb#E#vy+qB7P8QcM6q!)+oEUu*vdbOR|O0>?R<
zdbV@cka1?J<8->e{Yk+8lW#M&kPHqAVm$}o_GpM_Npy?Ja{mUmb8IYryK`Uw6BxqJ
z=kBkk+IlkF7Om9VfWz*7y<JF6&=qWgXU-EV3EchhNjUtkSK5;Vu5ij{U=m`QSwv)M
zM;KUZsk<P!X3l)V%uXnTJk=6FM@cYtX(Nd??|5hOYmE*);D5$i2Msuzt;54C0uw0k
zXmxdUKfAU70|$t7+NHp{eY5Qev@pxhpMzK<)wgcuCMUt7QPFX{1)R5VgEHZhj}U%h
zV&dqRuAUxnjx4M83l!2SJ<mV=$HoN3+TCn-s-idKDJj)DtCTW53pH2brAAAh`HA@V
zzO>|I^Yf2gl8b47`<d0(fY@lXL(Xe2n$XA0mB_=#2Nm>q5<vCzf4H!zy!zh9@A|cB
zClfL<qJek3WZVK&MlxP|e@)l>TMyXzqz>-&7zT=QPT^a~EvT!2jv$vFpAzQQ)jeNd
zUx%@0DE3Cpz~Ntt(861ri~+)C_mO<}&PWj2)3NK}?k+=e3ea?`2-#x}Xk@}x|F(ZY
zN|4lN%cFqNU;G*xs@;ZL8&@2=pG35L&gf^RKZy{_{C}fi-g#$dXB3QHsL%QPLx4}O
z{ihC?nV=EiYNOtc9-W<a0RtA5k)nyE<?LAyaX$!UjdNyt5+J3?HDz*LLJ_fy2t#ow
zdjQ=m{Zuk$*?NgdOq=C%K@5;CobvWAGAu0a>}=<EzMQ<j2Z#=0rIh1GKkTt<{(p9Q
z08udTsNYx9;hI=lqJu$_K!OjGLqks|XC-B}0sTtiBN_$|fml;B)AGsI*8D8F`LLDr
z`1lxCTmB^j0~nwQ1H(mB^z=Q&b-l5aDQlexNlD$_Px7mMZd_&0V<?0ofb}l6g?Bok
zssv9i{D6TZ4_N!Sw2Mov0wUJ`nWXsd_z#$=VB4c?c01J9p8;9paCKya9;}_CSuq;x
z_Oi})AwsLhTrBm&O%JKv$Io-)<DFON0(^XI#+5`saI>_v-AMW~HPtzZc3!4c6QcQ?
zfIt!$^$^3c@9!QZ;EFvUZpr)4z&vXH_{;-k>|?zxc@PD+3gRHp%PS4xi27RZ-(!IL
zU@&g1uO0`*i|gvn|Iq4wEX0WaF}@#t|HrFUqn;>Y4F+RAUS9ccmt!+C;g3DreJk}p
z)l;CInTd(0%p5qjQ3uq5VNY|(*1$*%=3fMxj+?!em5zzP=sm)y>A5+MJ3wGofT&I}
z7u*+|d`0bX5<w2rP*yf{X#-jmzVFdDA{8MIRaI4J9hkD=7FxCy%!GjrD)>*+`=1F=
z`SfuFVG$sZ&_6ah+S;I<znOG$a!Oo7xot<np#qH?u`FR*BGm{JYmN+kmrp=|BecD-
zp~3L-U;+1<jFR8E&-~K)eCLn+Gb3wjW_`aq7xZo&#><MDnnYqJQ`47VuBnIaWU)9!
zEnahnnT16Ol#s;4&WVA+!JkbARe@7ok0V1xeO}A$2(oAuvOb{m#r``Ce~h~St0aa!
zBPI^d%gd8xO9pcotY$zS(1;xYOxIYyxnuVUik9I=s=7J@08{!`@h_;8QT864lGngf
zHYRSGY>kbJi({*gcOdH>n~I=9e;mj-4qSOaD8xs~JJgb_1QUA@*>{SP<>H0`{|i^W
B3HJa1

literal 0
HcmV?d00001


From 964e87c4932fc20f3d0c3226a8e409eae527e831 Mon Sep 17 00:00:00 2001
From: lanjelot <lanjelot@gmail.com>
Date: Tue, 20 May 2025 10:07:19 +1000
Subject: [PATCH 74/74] Add deepwiki link

---
 README.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index c200649..1e91fe8 100644
--- a/README.md
+++ b/README.md
@@ -43,11 +43,12 @@ Currently it supports the following modules:
 
 The name "Patator" comes from [this](https://www.youtube.com/watch?v=9sF9fTALhVA).
 
-Patator is NOT script-kiddie friendly, please read the below and the [wiki](https://github.com/lanjelot/patator/wiki) before reporting.
+Patator is NOT script-kiddie friendly, please read the below, [DeepWiki](https://deepwiki.com/lanjelot/patator) and the [wiki](https://github.com/lanjelot/patator/wiki) before reporting.
+
 
 Please donate if you like this project! :)
 <div align="center">
-    
+
 | PayPal | Bitcoin |
 | -------- | ------- |
 | [![paypal](https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif)](https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=SB36VJH4EM5WG&lc=AU&item_name=lanjelot&item_number=patator&currency_code=AUD&bn=PP%2dDonationsBF%3abtn_donateCC_LG%2egif%3aNonHosted)| [![bitcoin](donate/donate-bitcoin.png)](https://raw.githubusercontent.com/lanjelot/patator/master/donate/bitcoin-address.txt) |