A SQL host scanner and dictionary attack tool. Comes with a script (filter_pass.py
) to filter a series of password lists based on password strength.
Install using PyPI to install the Postgres driver
pip install hathi
For the optional MSSQL support, install
pip install "hathi[mssql]"
For the optional MySQL support, install
pip install "hathi[mysql]"
usage: hathi [-h] [--username USERNAME [USERNAME ...]] [--range RANGE [RANGE ...]] [--usernames FILE] [--passwords FILE] [--hostname HOSTNAME]
[--json] [--mssql] [--postgres] [--mysql] [--multiple]
[host ...]
Port scan and dictionary attack PostgreSQL, MSSQL and MySQL servers.
positional arguments:
host host to scan
optional arguments:
-h, --help show this help message and exit
--username USERNAME [USERNAME ...]
specific username
--range RANGE [RANGE ...]
CIDR range, e.g. 192.168.1.0/24
--usernames FILE Path to plaintext username list file
--passwords FILE Path to plaintext password list file
--hostname HOSTNAME an @hostname to append to the usernames
--json Output in JSON
--mssql Force scanning hosts as MSSQL
--postgres Force scanning hosts as Postgres
--mysql Force scanning hosts as Mysql
--multiple Seek multiple username/password pairs on a single host
--database DATABASE try a specific database name
--no-ssl Disable TLS/SSL connections
Use a wordlist generator like this one or this one to create more effective password lists.