Kerbrute

Kerbrute is a Go-based tool designed to efficiently brute force and enumerate AD accounts through Kerberos Pre-Authentication, making it faster and potentially stealthier than traditional password guessing methods. Instead of generating standard failed logon events (4625), it validates usernames and credentials by sending a single UDP frame to the DC, allowing account enumeration and authentication attempts with minimal noise. It supports multiple modes, including user enumeration, password spraying, and credential testing, while offering options for threading, logging, and safe execution to prevent account lockouts.

kerbrute userenum -d domain.local --dc 10.10.10.10 /usr/share/seclists/Usernames/xato-net-10-million-usernames.txt

Testing known passwords against a list of domain users (lockout-sensitive):

kerbrute passwordspray -d lab.ropnop.com domain_users.txt Password123

Brute force against a single username (lockout-sensitive):

kerbrute bruteuser -d lab.ropnop.com passwords.lst thoffman

The bruteforce option accepts a username:password list:

cat combos.lst | kerbrute -d lab.ropnop.com bruteforce -

PreviousImpacket NextLDAPsearch

Last updated 8 hours ago

Was this helpful?