TREVORspray
TREVORspray is a powerful modular password sprayer designed for security professionals and penetration testers. It offers a range of features that enhance its usability and effectiveness in testing password security across various platforms.
Key Features:
- Modular Design: Easily extendable with custom spray modules to target different services.
- Threading Support: Perform multiple requests concurrently to speed up the testing process.
- Clever Proxying: Supports SSH and subnet proxying to obfuscate the source of requests.
- Loot Modules: Extract valuable data from successful logins, including user information and offline address books.
- User Enumeration: Efficiently enumerate users via OneDrive and other services.
- MFA Bypass: Capable of bypassing Multi-Factor Authentication under certain conditions.
- Comprehensive Logging: Keep track of all activities and results for better analysis.
Benefits:
- Increased Efficiency: The ability to spray multiple accounts simultaneously saves time.
- Customizability: Users can create their own modules tailored to specific needs.
- Enhanced Security Testing: Helps organizations identify weak passwords and improve their security posture.
Highlights:
- Supports various authentication methods including O365, ADFS, and Okta.
- Automatic retry and reconnect features ensure continuous operation even in unstable network conditions.
- Detailed help and documentation available for users to get started quickly.