CredMaster v2.0 releases: Launch a password spray via Amazon AWS passthrough proxies

by do son · Published April 1, 2021 · Updated January 23, 2023

CredMaster

Launch a password spray / brute force attach via Amazon AWS passthrough proxies, shifting the requesting IP address for every authentication attempt. This dynamically creates FireProx APIs for more evasive password sprays.

Benefits & Features

Rotates the requesting IP address for every request
Automatically generates APIs for proxy passthru
Spoofs API tracking numbers, forwarded-for IPs, and other proxy tracking headers = fully anonymous
Easily configuation via config file
Multi-threaded processing
Password delay counters & configuration for lockout policy evasion
Easily add new plugins
Colourised output
Notification systems for Slack, Discord, Teams & Pushover
WeekdayWarrior setting for timed spraying and SOC evasion

Changelog v2.0

New Plugins
More…

Download

git clone https://github.com/knavesec/CredMaster.git

A few prerequisites are required to use CredMaster to the fullest.

AWS access keys, a walkthrough on how to acquire these keys can be found here.
Python3
A supported target

Use

Example Usage

This will run the o365 module with 5 threads and a 10-20 second jitter. It will attempt 3 passwords every 6 hrs (360 min).

python3 credmaster.py --access_key <key> --secret_access_key <key> \

    --plugin o365 \

    -u userfile.txt -p passfile.txt -a useragents.txt -o outputfile \

    -t 5 -j 20 -m 10 -d 360 --passwordsperdelay 3

This will run the Okta module with one thread and a 10-30 second jitter. It will attempt one password every one hour (60 min).

python3 credmaster.py --access_key <key> --secret_access_key <key> \

    --plugin okta -u userfile.txt -p passfile.txt -a useragents.txt -o outputfile \

    -t 1 -j 30 -m 10 -d 60 --passwordsperdelay 1

The following plugins are currently supported: