Fast multithreaded multiplatform password spraying tool designed for easy use. Supports webhooks, jitter, delay, files, rotation, backend database
GPL-3.0 License
Bot releases are visible (Hide)
Added a spraytype for BlueIris web portals. this supports auth and lockout detection.
Published by CausticKirbyZ 7 months ago
The o365 spraytype now features additional context around error AADSTS50079 and AADSTS50055
Published by CausticKirbyZ about 1 year ago
Updated IMAP to be more error checking and provide user feedback on errors.
Published by CausticKirbyZ about 1 year ago
Published by CausticKirbyZ about 1 year ago
Published by CausticKirbyZ over 1 year ago
Published by CausticKirbyZ over 1 year ago
--disable-color
can be used to turn printable color off if neededcleaned up some print lines in a few places and updated some help menu for clarity purposes.
Published by CausticKirbyZ over 1 year ago
Small update to adfs spraytype for compatibility reasons.
Published by CausticKirbyZ over 1 year ago
fixed issue where --strip-user-string was returning inconsistent results
Published by CausticKirbyZ almost 2 years ago
spraycannon --version
will check the current git to look if updates are available.spray()
functions return a SprayStatus Object and can be better handled dynamically. no more messy passing arrays back and forthval-users
and export val-users
If threading is enabled there is a small UI bug that will overlap the "jitter" counter and a counter with how many threads are queued. i know about this and will fix for next release. This should not effect the spraying or functionality.
Published by CausticKirbyZ about 2 years ago
All changes in this version are towards aws api gateway support. the base requests should not have changed
ADFS and Cisco_vpn have not been tested but should work as only minimal change was allowed for "/fireprox/" or other url path portions added to base url. for exchangeeas it may work but there are 2 requests and the second one pulls the hostname from the first use with caution through aws api gateways.
fixes to other spraytypes will come in time.
--force
to ignore previous sprays while still logging to the database while still spraying--strip-pass-string
to strip the username of a particular string in real time. useful for stripping a domain from a username while using --user-as-password
--strip-user-string
this does the same as --strip-pass-string
but strips for the username field. can be useful to use an email list but not need the fqdn portion of the username.Published by CausticKirbyZ about 2 years ago
Okta spraytype
Published by CausticKirbyZ over 2 years ago
Published by CausticKirbyZ over 2 years ago
Published by CausticKirbyZ over 2 years ago
Published by CausticKirbyZ over 2 years ago
-t 'https://esxi.ip.or.domain'
Published by CausticKirbyZ over 2 years ago
Several new webhooks have been added:
All webhooks are parsed and fired on by domain name. ie --webhook="https://discord.com/...." -> fires the discord specific webhook
A new SprayType:
BugFixes:
-Fixed issue where webhooks wouldn't fire on successful validation in single threaded mode on user-as-password and user:pass format
Published by CausticKirbyZ over 2 years ago
Fixed some spelling errors should work now