Category: Password Attacks
msprobe Finding all things on-prem Microsoft for password spraying and enumeration. The tool will use a list of common subdomains associated with your target apex domain to attempt to discover valid instances of on-prem...
OrbitalDump A simple multi-threaded distributed SSH brute-forcing tool written in Python. How it Works When the script is executed without the –proxies switch, it acts just like any other multi-threaded SSH brute-forcing script. When the...
SSOh-No This tool is designed to enumerate users, password spray, and perform brute force attacks against any organisation that utilises Azure AD or O365. Generally, this endpoint provides extremely verbose errors which can be...
pdfrip pdfrip is a fast multithreaded PDF password cracking utility written in Rust with support for wordlist-based dictionary attacks, date and number range bruteforcing, and a custom query builder for password formats. Features Fast: Performs...
Zscan – a scan blasting toolset Zscan is an open-source collection of Intranet port scanners, blasting tools, and other utilities. Based on host discovery and port scanning, you can blow up mysql, MSSQL, Redis,...
Kraken: A multi-platform distributed brute-force password cracking system What is Kraken Kraken is an online distributed brute force password cracking tool. It allows you to parallelize dictionaries and crunch word generator-based cracking across multiple...
Weakpass rule-based online generator The tool generates a wordlist based on a set of words entered by the user. For example, during penetration testing, you need to gain access to some service, device, account,...
haiti A CLI tool (and library) to identify hash types (hash type identifier). Features 442+ hash types detected Modern algorithms supported (SHA3, Keccak, Blake2, etc.) Hashcat and John the Ripper references CLI tool &...
Narthex Narthex (Greek: Νάρθηξ, νάρθηκας) is a modular & minimal dictionary generator for Unix and Unix-like operating system written in C and Shell. It contains autonomous Unix-style programs for the creation of personalised dictionaries...
LDAP Password Hunter It happens that due to legacy services requirements or just bad security practices passwords are world-readable in the LDAP database by any user who is able to authenticate. LDAP Password Hunter...
trident The Trident project is an automated password spraying tool developed to meet the following requirements: the ability to be deployed on several cloud platforms/execution providers the ability to schedule spraying campaigns in accordance...
What is Spray365? Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD). How is Spray365 different from the many other password spraying tools that are...
BruteLoops A dead-simple library providing the foundational logic for efficient password brute force attacks against authentication interfaces. A “modular” example is included with the library that demonstrates how to use this package. It’s fully...
SharpSpray SharpSpray is a Windows domain password spraying tool written in .NET C#. SharpSpray is a C# port of DomainPasswordSpray with enhanced and extra capabilities. This tool uses LDAP Protocol to communicate with the Domain active...
Microsoft365_devicePhish Abusing Microsoft 365 OAuth Authorization Flow for Phishing Attack This is a simple proof-of-concept script that allows an attacker to conduct a phishing attack against Microsoft 365 OAuth Authorization Flow. Using this, one...