CompTIA PenTest+ (PT0-002) — Question 49

A penetration tester wants to test a list of common passwords against the SSH daemon on a network device. Which of the following tools would be BEST to use for this purpose?

Answer options

• A. Hashcat
• B. Mimikatz
• C. Patator
• D. John the Ripper

Correct answer: C

Explanation

Patator is designed specifically for testing various services, including SSH, using brute-force attacks with customizable options, making it the best choice for this scenario. Hashcat is primarily for password cracking rather than direct service testing, Mimikatz is focused on credential extraction from Windows systems, and John the Ripper is more suited for cracking password hashes rather than testing live services.