GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → mvelazc0 → PurpleSpray

mvelazc0 / PurpleSpray

Licence: BSD-3-Clause license
PurpleSpray is an adversary simulation tool that executes password spray behavior under different scenarios and conditions with the purpose of generating attack telemetry in properly monitored Windows enterprise environments

Programming Languages

python
139335 projects - #7 most used programming language
Dockerfile
14818 projects

Labels

purpleteampassword-sprayadversary-simulation

Projects that are alternatives of or similar to PurpleSpray

smbaudit
Perform various SMB-related attacks, particularly useful for testing large Active Directory environments.
Stars: ✭ 31 (-27.91%)
Mutual labels:  password-spray
ad-privileged-audit
Provides various Windows Server Active Directory (AD) security-focused reports.
Stars: ✭ 42 (-2.33%)
Mutual labels:  purpleteam
purple-team-exercise-framework
Purple Team Exercise Framework
Stars: ✭ 284 (+560.47%)
Mutual labels:  purpleteam
Spray365
Spray365 makes spraying Microsoft accounts (Office 365 / Azure AD) easy through its customizable two-step password spraying approach. The built-in execution plan features options that attempt to bypass Azure Smart Lockout and insecure conditional access policies.
Stars: ✭ 233 (+441.86%)
Mutual labels:  password-spray
MurMurHash
This little tool is to calculate a MurmurHash value of a favicon to hunt phishing websites on the Shodan platform.
Stars: ✭ 79 (+83.72%)
Mutual labels:  purpleteam
APT-Lab-Terraform
Purple Teaming Attack & Hunt Lab - Terraform
Stars: ✭ 144 (+234.88%)
Mutual labels:  purpleteam
BlueCloud
Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.
Stars: ✭ 88 (+104.65%)
Mutual labels:  purpleteam
NIST-to-Tech
An open-source listing of cybersecurity technology mapped to the NIST Cybersecurity Framework (CSF)
Stars: ✭ 61 (+41.86%)
Mutual labels:  purpleteam
github-watchman
Monitoring GitHub for sensitive data shared publicly
Stars: ✭ 60 (+39.53%)
Mutual labels:  purpleteam
ezEmu
See adversary, do adversary: Simple execution of commands for defensive tuning/research (now with more ELF on the shelf)
Stars: ✭ 89 (+106.98%)
Mutual labels:  purpleteam
Lolbas
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Stars: ✭ 1,506 (+3402.33%)
Mutual labels:  purpleteam
Lolbas
Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)
Stars: ✭ 3,810 (+8760.47%)
Mutual labels:  purpleteam
CredMaster
Refactored & improved CredKing password spraying tool, uses FireProx APIs to rotate IP addresses, stay anonymous, and beat throttling
Stars: ✭ 273 (+534.88%)
Mutual labels:  password-spray

PurpleSpray

PurpleSpray is an adversary simulation tool that executes password spray behavior under different scenarios and conditions with the purpose of generating attack telemetry in properly monitored Windows enterprise environments. Blue teams can leverage PurpleSpray to identify gaps in visibility as well as test the resilience, improve existing and build new detection analytics for password spraying attacks.

PurpleSpray currently supports two modules that leverage the SMB protocol for the spray scenarios. For more details and demos, visit the Wiki.

PurpleSpray was first presented at BSides Baltimore 2019.

Quick Start Guide

PurpleSpray has been tested on Kali Linux 2018.4 and Windows 10 1830 under Python 3.6 and Python 2.7.

Note: Python 2 is no longer supported.

Installation

$ git clone https://github.com/mvelazc0/PurpleSpray.git
$ pip3 install -r PurpleSpray/requirements.txt

Usage

$ python3 PurpleSpray.py

Docker Build

$ docker build -t purplespray .

Docker Usage

$ docker run --rm -it purplespray

Acknoledgments

This project could not be possible without the following projects:

Authors

License

This project is licensed under the BSD 3-Clause License - see the LICENSE file for details

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].