ENNAENNA

DomainPasswordSpray vs THC Hydra

DomainPasswordSpray

๐Ÿ”ฅ Offensive Ops ยท PowerShell

THC Hydra

๐Ÿ”‘ Password Attacks ยท C

GitHub Stats

2.0k
Stars
11.8k
414
Forks
2.5k
23
Issues
57
1y ago
Updated
6d ago
MIT
License
AGPL-3.0
PowerShell
Language
C

About DomainPasswordSpray

DomainPasswordSpray is a PowerShell tool that performs password spray attacks against Active Directory domain user accounts. Unlike credential stuffing which tries many passwords against one account, password spraying tries one password against all accounts to avoid lockout policies. The tool automatically enumerates domain users, respects account lockout thresholds and observation windows, and can target specific organizational units or groups. It outputs successful credentials and supports custom password lists. Lockout-aware design makes it safer than manual spraying approaches.

About THC Hydra

THC Hydra is the most widely used online password brute-forcing tool. It supports over 50 protocols including SSH, FTP, HTTP, HTTPS, SMB, MySQL, MSSQL, PostgreSQL, LDAP, RDP, VNC, and many more. Hydra is fast and flexible, supporting parallel connections and multiple attack types. It's an essential tool for penetration testers verifying password policies and testing authentication mechanisms.

Platform Support

๐ŸชŸwindows
๐Ÿงlinux๐ŸŽmacos๐ŸชŸwindows

Tags

DomainPasswordSpray only

password-sprayactive-directorycredential-attackpowershelllockout-aware

THC Hydra only

brute-forceonlinemulti-protocolclassic
View DomainPasswordSpray DetailsView THC Hydra Details