CrackMapExec vs DomainPasswordSpray
GitHub Stats
About CrackMapExec
CrackMapExec is a versatile tool for pentesting Active Directory environments, offering capabilities for SMB, LDAP, MSSQL, and WinRM enumeration and exploitation. It facilitates lateral movement and credential spraying attacks while providing a comprehensive interface for testing domain credentials and configurations. Written in Python, it is favored by security professionals for its integration with offensive security operations, allowing for efficient discovery and exploitation of network vulnerabilities.
About DomainPasswordSpray
DomainPasswordSpray is a PowerShell tool that performs password spray attacks against Active Directory domain user accounts. Unlike credential stuffing which tries many passwords against one account, password spraying tries one password against all accounts to avoid lockout policies. The tool automatically enumerates domain users, respects account lockout thresholds and observation windows, and can target specific organizational units or groups. It outputs successful credentials and supports custom password lists. Lockout-aware design makes it safer than manual spraying approaches.
Platform Support
Tags
Shared
CrackMapExec only
DomainPasswordSpray only