hathi

A dictionary attack tool for PostgreSQL and MSSQL

MIT License

Downloads
197
Stars
36
Committers
2
View Code on GitHub View on X
Ecosystems: Python

Hathi

A SQL host scanner and dictionary attack tool. Comes with a script (filter_pass.py) to filter a series of password lists based on password strength.

Installation

Install using PyPI to install the Postgres driver

pip install hathi

For the optional MSSQL support, install

pip install "hathi[mssql]"

For the optional MySQL support, install

pip install "hathi[mysql]"

Usage

usage: hathi [-h] [--username USERNAME [USERNAME ...]] [--range RANGE [RANGE ...]] [--usernames FILE] [--passwords FILE] [--hostname HOSTNAME]
                   [--json] [--mssql] [--postgres] [--mysql] [--multiple]
                   [host ...]

Port scan and dictionary attack PostgreSQL, MSSQL and MySQL servers.

positional arguments:
  host                  host to scan

optional arguments:
  -h, --help            show this help message and exit
  --username USERNAME [USERNAME ...]
                        specific username
  --range RANGE [RANGE ...]
                        CIDR range, e.g. 192.168.1.0/24
  --usernames FILE      Path to plaintext username list file
  --passwords FILE      Path to plaintext password list file
  --hostname HOSTNAME   an @hostname to append to the usernames
  --json                Output in JSON
  --mssql               Force scanning hosts as MSSQL
  --postgres            Force scanning hosts as Postgres
  --mysql               Force scanning hosts as Mysql
  --multiple            Seek multiple username/password pairs on a single host
  --database DATABASE   try a specific database name
  --no-ssl              Disable TLS/SSL connections

Use a wordlist generator like this one or this one to create more effective password lists.

Package Rankings
Top 17.03% on Pypi.org
Badges
Extracted from project README
PyPI version
Related Projects
GitMiner

Tool for advanced mining for content on Github

27 Feb 2016 2,087
psak

The Pentester's Swiss Army Knife

10 Dec 2017 28
TIDoS-Framework

The Offensive Manual Web Application Penetration Testing Framework.

08 Jun 2018 1,768
DefaultCreds-cheat-sheet

One place for all the default credentials to assist the Blue/Red teamers activities on finding de...

01 Jan 2021 5,270
enumdb

Relational database brute force and post exploitation tool for MySQL and MSSQL

19 Jan 2018 216
AttackSurfaceMapper

AttackSurfaceMapper is a tool that aims to automate the reconnaissance process.

07 Aug 2019 1,309
VHostScan

A virtual host scanner that performs reverse lookups, can be used with pivot tools, detect catch-...

03 Sep 2017 1,189
hashID

Software to identify the different types of hashes -

10 Jan 2013 1,333
password-stretcher

FETCH THE PASSWORD STRETCHER

08 Dec 2017 30
mentalist

Mentalist is a graphical tool for custom wordlist generation. It utilizes common human paradigms ...

05 Nov 2017 1,790
brutekrag

Penetration tests on SSH servers using brute force or dictionary attacks. Written in Python.

05 Jun 2017 32
arsenal

Arsenal is just a quick inventory and launcher for hacking programs

02 Sep 2020 3,168
smartbrute

Password spraying and bruteforcing tool for Active Directory Domain Services

16 Jul 2021 334
pentest-tools

A collection of custom security tools for quick needs.

02 Nov 2015 3,123
Brute-Force-Login

Proof -Of-Concept Brute Force Login on a web-site with a good dictionary of words

04 Apr 2018 260