Tag: password spraying
-
Inside the Protocol: Master Kerberos Defense and Detection with Kerlab’s Rust Toolkit
Kerlab A Rust implementation of Kerberos for FUn and Detection Kerlab was developed just to drill down kerberos protocol and better understand it. The main purpose is to write more targeted detection rules. kerasktgt Kerberos Ask Ticket Granting Ticket Use to ask the first Ticket in kerberos protocol. If the username is not set, the TGT request…
-
Brute Force Reimagined: How BruteForceAI Uses LLMs to Crack Complex Login Forms
BruteForceAI is an advanced penetration testing tool that revolutionizes traditional brute-force attacks by integrating Large Language Models (LLM) for intelligent form analysis. The tool automatically identifies login form selectors using AI, then executes sophisticated multi-threaded attacks with human-like behavior patterns. LLM-Powered Form Analysis Stage 1 (AI Analysis): LLM analyzes HTML content to identify login form…
-
SpearSpray: The Stealthy Tool That Bypasses Lockout Policies in Active Directory
SpearSpray is an advanced password spraying tool designed specifically for Active Directory environments. It combines user enumeration via LDAP with intelligent pattern-based password generation to perform controlled and stealthy password spraying attacks over Kerberos. Features Core Capabilities LDAP Integration: Direct enumeration of Active Directory users through LDAP queries Custom LDAP Queries: Define specific queries to target…
-
CaptainCredz: modular and discreet password-spraying tool
CaptainCredz is a modular and discreet password-spraying tool, with advanced features such as a cache mechanism and a fine-grained timing control. To start using captaincredz, the following lines may be useful: Extending CaptainCredz Writing your own plugin If your identity provider is not yet supported by CaptainCredz, you may have to write your own plugin.…
-
MSSprinkler: A Non-Disruptive Password Spraying Tool for M365
MSSprinkler MSSprinkler is a password-spraying utility for organizations to test their M365 accounts from an external perspective. It employs a ‘low-and-slow’ approach to avoid locking out accounts and provides verbose information related to accounts and tenant information. MSSprinkler is written in PowerShell and can be imported directly as a module. It has no other dependencies.…
-
Entraspray: Password spraying tool for Microsoft Online accounts
Entraspray Entraspray is a rewrite of MSOLSpray in Python. The main purpose of this tool remains the same: to perform password spraying against Microsoft Azure accounts while also providing detailed information about account status and errors; such as if MFA is enabled, if a tenant or user doesn’t exist, if the account is locked or…