Home

Awesome

CredMaster

Launch a password spray / brute force attach via Amazon AWS passthrough proxies, shifting the requesting IP address for every authentication attempt. This dynamically creates FireProx APIs for more evasive password sprays.

Shoutout to @ustayready for his CredKing and FireProx tools, which form the base of this suite.

See all the full notes on the Wiki, tool released with specifics in this blogpost

For detection tips, see the blogpost and detection section.

Be careful for account lockouts, know the reset policies of your target

TL;DR

  1. git clone the repo down
  2. If unsure how to create correct keys see this blog.
  3. pip install -r requirements.txt
  4. Fill out the config file (wiki) with desired options, or provide through CLI

Benefits & Features

general

Quick Use

The following plugins are currently supported:

Example Use:

python3 credmaster.py --plugin {pluginname} --access_key {key} --secret_access_key {key} -u userfile -p passwordfile -a useragentfile {otherargs}

or

python3 credmaster.py --config config.json

This tool requires AWS API access keys, a walkthrough on how to acquire these keys can be found here: https://bond-o.medium.com/aws-pass-through-proxy-84f1f7fa4b4b

All other usage details can be found on the wiki

TODO

PRs welcome :)

Credits

Feel free to drop me a line