Skip to content

A dictionary attack tool for PostgreSQL and MSSQL

License

Notifications You must be signed in to change notification settings

tonybaloney/hathi

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

45 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Hathi

PyPI version

A SQL host scanner and dictionary attack tool. Comes with a script (filter_pass.py) to filter a series of password lists based on password strength.

Screenshot of hathi in action

Installation

Install using PyPI to install the Postgres driver

pip install hathi

For the optional MSSQL support, install

pip install "hathi[mssql]"

For the optional MySQL support, install

pip install "hathi[mysql]"

Usage

usage: hathi [-h] [--username USERNAME [USERNAME ...]] [--range RANGE [RANGE ...]] [--usernames FILE] [--passwords FILE] [--hostname HOSTNAME]
                   [--json] [--mssql] [--postgres] [--mysql] [--multiple]
                   [host ...]

Port scan and dictionary attack PostgreSQL, MSSQL and MySQL servers.

positional arguments:
  host                  host to scan

optional arguments:
  -h, --help            show this help message and exit
  --username USERNAME [USERNAME ...]
                        specific username
  --range RANGE [RANGE ...]
                        CIDR range, e.g. 192.168.1.0/24
  --usernames FILE      Path to plaintext username list file
  --passwords FILE      Path to plaintext password list file
  --hostname HOSTNAME   an @hostname to append to the usernames
  --json                Output in JSON
  --mssql               Force scanning hosts as MSSQL
  --postgres            Force scanning hosts as Postgres
  --mysql               Force scanning hosts as Mysql
  --multiple            Seek multiple username/password pairs on a single host
  --database DATABASE   try a specific database name
  --no-ssl              Disable TLS/SSL connections

Use a wordlist generator like this one or this one to create more effective password lists.