Usage - puzzlepeaches/CredMaster GitHub Wiki

Usage Overview

A few prerequisites are required to use CredMaster to the fullest.

  • AWS access keys
  • Working Python3 environment
  • A supported target

Example Usage

This will run the o365 module with 5 threads and a 10-20 second jitter. It will attempt 3 passwords every 6 hrs (360 min).

python3 credmaster.py --access_key <key> --secret_access_key <key> \ 
    --plugin o365 \ 
    -u userfile.txt -p passfile.txt -a useragents.txt -o outputfile \ 
    -t 5 -j 20 -m 10 -d 360 --passwordsperdelay 3

This will run the Okta module with one thread and a 10-30 second jitter. It will attempt one password every one hour (60 min).

python3 credmaster.py --access_key <key> --secret_access_key <key> \
    --plugin okta -u userfile.txt -p passfile.txt -a useragents.txt -o outputfile \
    -t 1 -j 30 -m 10 -d 60 --passwordsperdelay 1

Help Message

optional arguments:
  -h, --help            show this help message and exit
  --plugin PLUGIN       Spray plugin
  -u USERFILE, --userfile USERFILE
                        Username file
  -p PASSWORDFILE, --passwordfile PASSWORDFILE
                        Password file
  -a USERAGENTFILE, --useragentfile USERAGENTFILE
                        Useragent file
  -o OUTFILE, --outfile OUTFILE
                        Output file to write contents (omit extension)
  -t THREADS, --threads THREADS
                        Thread count (default 1, max 15)
  -j JITTER, --jitter JITTER
                        Jitter delay between requests in seconds (applies per-thread)
  -m JITTER_MIN, --jitter_min JITTER_MIN
                        Minimum jitter time in seconds, defaults to 0
  -d DELAY, --delay DELAY
                        Delay between unique passwords, in minutes
  --passwordsperdelay PASSWORDSPERDELAY
                        Number of passwords to be tested per delay cycle
  --profile_name PROFILE_NAME
                        AWS Profile Name to store/retrieve credentials
  --access_key ACCESS_KEY
                        AWS Access Key
  --secret_access_key SECRET_ACCESS_KEY
                        AWS Secret Access Key
  --session_token SESSION_TOKEN
                        AWS Session Token
  --config CONFIG       Authenticate to AWS using config file aws.config
  --clean               Clean up ALL AWS APIs from every region, warning irreversible

Command line option details

  • --threads - The number of attempts to make at the same time. Each thread is a unique AWS region so there is less overlap. The max number of threads is 15.
  • --useragentfile - A list of user agents to rotate through while password spraying.
  • --plugin - The module/target you wish to use during your password spraying attempts
  • --jitter and --jitter_min - Random jitter value between login attempts.
  • --delay - Provided with a password list, this option allows us to set the amount of time to wait before attempting the next password in the file. This is helpful for preventing rate-limiting and account lockouts.
  • --passwordsperdelay - The number of passwords per delay cycle. This is helpful for when the lockout counter is high (10 passwords) and you can spray more than one password per delay.
  • --access_key, --secret_access_key, --profile_name and --session_token - Parameters for AWS access to create FireProx API proxies for use during spraying.
  • --config - An easy way to specify a file that you can store your AWS access tokens in. A template can be found in this repo.
  • --clean - remove all APIs from AWS. If you cancel your operations mid-spray you may have leftover API gateways. This cleans them up.
⚠️ **GitHub.com Fallback** ⚠️