DonPwner: New Dual-Use Tool Automates Credential Attacks on Role-Based Active Directory
A new tool, DonPwner, has been released publicly — a utility for credential analysis and the automation of attacks against role-based Active Directory environments, built atop the DonPAPI database and designed to streamline authorized security testing. The project supports large-scale password checks with configurable delays, the generation of targeted wordlists from its corpus, and reconciliation against credential dumps — features that render it valuable to auditors while simultaneously underscoring the dual-use nature of such tooling.
The repository contains extraction scripts, integration modules for NetExec (formerly CrackMapExec), and helper commands for “safe” password spraying with delay and jitter parameters to reduce account lockouts and lower operational visibility. Capabilities include automatic exclusion of accounts that authenticate successfully from subsequent attempts and a secretsdump-hash comparison option to verify matches against discovered secrets.
DonPwner is distributed under a non-commercial, attribution-required license that restricts commercial use — the author explicitly insists on obtaining permission before employing the tool on third-party networks. Documentation stresses the code’s educational and testing purpose and cautions about legal consequences for misuse.
The publication has reignited debate over the uneasy trade-off between providing pentesters with powerful, efficiency-boosting instruments and the risk that adversaries might repurpose them. Security teams therefore urge strict access controls and insist that such tools be used only within authorized scopes.
DonPwner exemplifies the dilemma of dual-use software: a mechanism to harden networks in responsible hands and a potential vector for abuse if licensing terms and usage policies are disregarded.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
