Spraykatz

Spraykatz Description

Spraykatz is a credential gathering tool for Windows machines and large Active Directory environments. Spraykatz uses other programs to automate the process of extracting passwords and hashes.

In its work, Spraykatz on the Windows side uses ProcDump (a utility from Sysinternals, a suite of programs that Microsoft distributes) to dump the lsass process. In order not to load specialized tools on Windows, Spraykatz parses process dumps remotely (in Linux with which the tool is running). This avoids detection by antivirus software as much as possible.

Spraykatz uses slightly modified parts of the following projects:

Do not use Spraykatz in a production environment!

GitHub: https://github.com/aas-n/spraykatz

Author: aas

License: MIT

Spraykatz Help

Usage:

spraykatz.py [-h] -u USERNAME -p PASSWORD -t TARGETS [-d DOMAIN] [-r] [-v {warning,info,debug}] [-w WAIT]

Options:

Optional arguments:
  -h, --help            show this help message and exit

Mandatory Arguments:
  -u USERNAME, --username USERNAME
                        User to spray with. He must have admin rights on targeted systems in order to gain remote code execution.
  -p PASSWORD, --password PASSWORD
                        User's password or NTLM hash in the LM:NT format.
  -t TARGETS, --targets TARGETS
                        IP addresses and/or IP address ranges. You can submit them via a file of targets (one target per line), or inline (separated by commas).

Optional Arguments:
  -d DOMAIN, --domain DOMAIN
                        User's domain. If he is not member of a domain, simply use "-d ." instead.
  -r, --remove          Only try to remove ProcDump and dumps left behind on distant machines. Just in case.
  -v {warning,info,debug}, --verbosity {warning,info,debug}
                        Verbosity mode. Default is info.
  -w WAIT, --wait WAIT  How many seconds Spraykatz waits before exiting gracefully. Default is 180 seconds.

Spraykatz Usage Example

To gather credentials from an Active Directory Domain Controller with an IP address of 192.168.1.72, an administrator named Alex and a password of QWEqwe123:

sudo spraykatz -t 192.168.1.72 -u Alex -p QWEqwe123

How to install Spraykatz

Installation on Kali Linux

sudo apt install git nmap python3-pip
git clone https://github.com/aas-n/spraykatz
cd spraykatz
sudo pip3 install -r requirements.txt

Installation on Debian, Linux Mint, Ubuntu

sudo apt update
sudo apt install -y python3.6 python3-pip git nmap python3-pip
git clone https://github.com/aas-n/spraykatz
cd spraykatz
sudo pip3 install -r requirements.txt

Installation on BlackArch

The program is pre-installed on BlackArch. To install in minimal builds run:

sudo pacman -S spraykatz

Spraykatz Screenshots

Spraykatz Tutorials

Coming soon…

Related tools

Router Scan (100%)
evilginx2 (55.9%)
sqlmap (50%)
Maltego (50%)
Pupy (50%)
patator (RANDOM - 5.9%)

Recommended for you:

KaliTools August 24, 2021 Active Directory, Impacket, Mimikatz, passwords, ProcDump, Pypykatz, Pywerview, Sysinternals, Windows, Windows Server Exploitation Tools Comments Off

Comments are Closed

Penetration Testing Tools

Kali Linux Tools Listing