kerbrute

A script to perform Kerberos bruteforcing by using the Impacket library.

When is executed, as input it receives a user or list of users and a password or list of passwords. Then is performs a brute-force attack to enumerate:

• Valid username/passwords pairs
• Valid usernames
• Usernames without pre-authentication required

As a result, the script generates a list of valid credentials discovered, and the TGT’s generated due to those valid credentials.

Installation

From pypi:

pip3 install kerbrute

From repo:

git clone https://github.com/TarlogicSecurity/kerbrute 
cd kerbrute 
pip install -r requirements.txt

Use

Example of execution: