CredMaster: Launch a password spray via Amazon AWS passthrough proxies
Launch a password spray via Amazon AWS passthrough proxies, shifting the requesting IP address for every authentication attempt. This dynamically creates FireProx APIs for more evasive password sprays.
- Fully supports all AWS Regions
- Automatically generates APIs for proxy passthru
- Spoofs API tracking numbers, forwarded-for IPs, and other proxy tracking headers
- Multi-threaded processing
- Password delay counters & configuration for lockout policy evasion
- Easily add new plugins
- Fully anonymous
git clone https://github.com/knavesec/CredMaster.git
A few prerequisites are required to use CredMaster to the fullest.
- AWS access keys, a walkthrough on how to acquire these keys can be found here.
- A supported target
This will run the o365 module with 5 threads and a 10-20 second jitter. It will attempt 3 passwords every 6 hrs (360 min).
This will run the Okta module with one thread and a 10-30 second jitter. It will attempt one password every one hour (60 min).
The following plugins are currently supported: