https://github.com/p0dalirius/pysprayer

Multithreaded spraying of a password on all accounts of a domain.
https://github.com/p0dalirius/pysprayer

active-directory domain passwords pentest spraying

Last synced: 6 months ago
JSON representation

Multithreaded spraying of a password on all accounts of a domain.

• Host: GitHub
• URL: https://github.com/p0dalirius/pysprayer
• Owner: p0dalirius
• Created: 2022-12-14T10:58:59.000Z (almost 3 years ago)
• Default Branch: main
• Last Pushed: 2025-02-11T08:27:09.000Z (8 months ago)
• Last Synced: 2025-04-23T23:56:05.803Z (6 months ago)
• Topics: active-directory, domain, passwords, pentest, spraying
• Language: Python
• Homepage:
• Size: 333 KB
• Stars: 20
• Watchers: 2
• Forks: 3
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Funding: .github/FUNDING.yml

Awesome Lists containing this project

README

          
![](./.github/banner.png)



  Multithreaded spraying of a password on all accounts of a domain.

  


  

  

  

  

  

  




## Features

 - [x] Multithreaded spraying of passwords on multiple accounts

 - [x] Export of the results

## Usage

```

# Sprayer  -h

Sprayer v0.9.1 - by Remi GASCOU (Podalirius)

usage: Sprayer [-h] [-v] -sp SPRAY_PASSWORD [-oH OUTPUT_HASHES] [-T THREADS] [-P PORT] [-u USERNAME] [-p PASSWORD]

               [-d DOMAIN] [--hashes [LMHASH]:NTHASH] [--no-pass] [--dc-ip ip address]

Multithreaded spraying of a password on all accounts of a domain

options:

  -h, --help            show this help message and exit

  -v, --verbose         Verbose mode. (default: False)

  -sp SPRAY_PASSWORD, --spray-password SPRAY_PASSWORD

                        arg1 help message

  -oH OUTPUT_HASHES, --output-hashes OUTPUT_HASHES

                        Output hashes to file

  -T THREADS, --threads THREADS

                        Number of threads (default: 16)

  -P PORT, --port PORT  SMB port to connect to (default: 445)

Credentials:

  -u USERNAME, --username USERNAME

                        Username to authenticate to the remote machine.

  -p PASSWORD, --password PASSWORD

                        Password to authenticate to the remote machine. (if omitted, it will be asked unless -no-

                        pass is specified)

  -d DOMAIN, --domain DOMAIN

                        Windows domain name to authenticate to the machine.

  --hashes [LMHASH]:NTHASH

                        NT/LM hashes (LM hash can be empty)

  --no-pass             Don't ask for password (useful for -k)

  --dc-ip ip address    IP Address of the domain controller. If omitted it will use the domain part (FQDN)

                        specified in the target parameter

```

## Demonstration

```

./Sprayer.py -u 'Administrator' -p 'Admin123!' -d 'COERCE.local' --dc-ip 192.168.1.46 -sp 'Admin123!'

```

https://user-images.githubusercontent.com/79218792/207589885-d934f431-265b-40bf-9c9f-31a3b12bb089.mp4