Python tool for continuous password spraying taking into account the password policy.
Associated blogposts
- English: https://en.hackndo.com/password-spraying-lockout/
- French: https://www.login-securite.com/2024/06/03/spray-passwords-avoid-lockouts/
| Chapters | Description |
|---|---|
| Warning | Before using this tool, read this |
| Installation | ConPass installation |
| Usage | ConPass usage |
Although I have made every effort to make sure the tool get the correct password policy, there can be some password policy settings that are not taken into account by the tool, which may lead to accounts lockout.
conpass works with python >= 3.7
python -m pip install conpasspython setup.py install
conpass will get all domain users and try a list of password provided in a password file. When a user can be locked out, the tool will wait for the lockout reset period before trying another password.
conpass -d domain -u pixis -p P4ssw0rd -P /tmp/passwords.txtAll passwords and NT hashes provided in /tmp/passwords.txt will be added to a testing Queue, and will be tested against all users, whenever it is possible without locking users out.