ENNAENNA

DomainPasswordSpray vs Kerbrute

DomainPasswordSpray

๐Ÿ”ฅ Offensive Ops ยท PowerShell

Kerbrute

๐Ÿ”‘ Password Attacks ยท Go

GitHub Stats

2.0k
Stars
3.3k
414
Forks
472
23
Issues
41
1y ago
Updated
1y ago
MIT
License
Apache-2.0
PowerShell
Language
Go

About DomainPasswordSpray

DomainPasswordSpray is a PowerShell tool that performs password spray attacks against Active Directory domain user accounts. Unlike credential stuffing which tries many passwords against one account, password spraying tries one password against all accounts to avoid lockout policies. The tool automatically enumerates domain users, respects account lockout thresholds and observation windows, and can target specific organizational units or groups. It outputs successful credentials and supports custom password lists. Lockout-aware design makes it safer than manual spraying approaches.

About Kerbrute

Kerbrute is a Go-based tool designed to quickly brute-force and enumerate valid Active Directory accounts through Kerberos pre-authentication. It is utilized for discovering valid usernames and testing password policies within AD environments. Kerbrute is a useful utility for security assessments, allowing penetration testers to identify weaknesses in Kerberos authentication configurations.

Platform Support

๐ŸชŸwindows
๐Ÿงlinux๐ŸŽmacos๐ŸชŸwindows

Tags

Shared

password-sprayactive-directory

DomainPasswordSpray only

credential-attackpowershelllockout-aware

Kerbrute only

kerberosuser-enum
View DomainPasswordSpray DetailsView Kerbrute Details