Search
Collection
Category
Tag
Blog
Pricing
Submit

Newsletter

Join the Community

Subscribe to our newsletter for the latest news and updates

Email

AISecKit

Curated AI security tools & LLM safety resources for cybersecurity professionals

Product

Search
Collection
Category
Tag

Resources

Blog
Pricing
Submit

Tools

🔥Marathons Tools

Company

About Us
Privacy Policy
Terms of Service
Sitemap

Copyright © 2025 All Rights Reserved.

Home
Category
TREVORspray

TREVORspray

TREVORspray is a modular password sprayer with threading, clever proxying, loot modules, and more!

image for TREVORspray

Introduction

Information

Publisher
AISecKit
Websitegithub.com
Published date2025/04/28

Categories

Incident Response Tools
Penetration Testing
Security Research

Tags

Exploit Development
Authentication
Authorization
Incident Response
Red Team Testing

More Products

Exploiting AI

An introductory class on understanding AI security risks and mitigation strategies.

Prompt Injection Generative AI Red Team Testing Data Poisoning

PINT Benchmark

A benchmark for prompt injection detection systems, providing a neutral way to evaluate their performance.

Prompt Injection Model Robustness Security Auditing

Folly

Open-source LLM Prompt-Injection and Jailbreaking Playground for testing LLM security vulnerabilities.

Prompt Injection Open Source API Security Security Testing LLM Security+1

TREVORspray

TREVORspray is a powerful modular password sprayer designed for security professionals and penetration testers. It offers a range of features that enhance its usability and effectiveness in testing password security across various platforms.

Key Features:

Modular Design: Easily extendable with custom spray modules to target different services.
Threading Support: Perform multiple requests concurrently to speed up the testing process.
Clever Proxying: Supports SSH and subnet proxying to obfuscate the source of requests.
Loot Modules: Extract valuable data from successful logins, including user information and offline address books.
User Enumeration: Efficiently enumerate users via OneDrive and other services.
MFA Bypass: Capable of bypassing Multi-Factor Authentication under certain conditions.
Comprehensive Logging: Keep track of all activities and results for better analysis.

Benefits:

Increased Efficiency: The ability to spray multiple accounts simultaneously saves time.
Customizability: Users can create their own modules tailored to specific needs.
Enhanced Security Testing: Helps organizations identify weak passwords and improve their security posture.

Highlights:

Supports various authentication methods including O365, ADFS, and Okta.
Automatic retry and reconnect features ensure continuous operation even in unstable network conditions.
Detailed help and documentation available for users to get started quickly.