Skip to content

Home

Jump to bottom
knavesec edited this page Mar 22, 2021 · 5 revisions

Overview

CredMaster allows you to launch a password spray via Amazon AWS passthrough proxies, shifting the requesting IP address for every authentication attempt. This dynamically creates FireProx APIs for evasive password sprays, and spoofs tracking headers to avoid detection.

This was released in this blog post: https://whynotsecurity.com/blog/credmaster

Features:

  • Fully supports all AWS Regions
  • Automatically generates APIs for proxy pass-through
  • Spoofs API tracking numbers, forwarded-for IPs, and other proxy tracking headers
  • Multi-threaded processing
  • Password delay counters & configuration for lockout policy evasion
  • Easily add new plugins
  • Fully anonymous

general

Credits

Overview

Home

Installation

Usage

Config File

Notifications

Fireprox Utilities

Plugins

Overview

OWA

EWS

ADFS

O365

O365Enum

MSOL

MSGraph

AZVault

AzureSSO

HTTPBrute

HTTPPost

Okta

FortinetVPN

GmailEnum

PingFed

Misc

Development

Weekday Warrior

Throttle Evasion

Anonymity

Credits

Clone this wiki locally