CrackMapExec v2.2 Pentest for Active Directory

CrackMapExec v2.2 Pentest for Active Directory

CrackMapExec is your one-stop-shop for pentesting Windows/Active Directory environments!

From enumerating logged on users and spidering SMB shares to executing psexec style attacks, auto-injecting Mimikatz/Shellcode/DLL’s into memory using Powershell, dumping the NTDS.dit and more!

The biggest improvements over the above tools are:

  • Pure Python script, no external tools required
  • Fully concurrent threading
  • Uses ONLY native WinAPI calls for discovering sessions, users, dumping SAM hashes etc…
  • Opsec safe (no binaries are uploaded to dump clear-text credentials, inject shellcode etc…)


positional arguments:
 target The target range, CIDR identifier or file containing targets
optional arguments:
 -h, --help show this help message and exit
 -v, --version show program's version number and exit
 -t THREADS Set how many concurrent threads to use (defaults to 100)
 -u USERNAME Username(s) or file containing usernames
 -p PASSWORD Password(s) or file containing passwords
 -H HASH NTLM hash(es) or file containing NTLM hashes
 -C COMBO_FILE Combo file containing a list of domain\username:password or username:password entries
 -k HEX_KEY AES key to use for Kerberos Authentication (128 or 256 bits)
 -d DOMAIN Domain name
 -n NAMESPACE WMI Namespace (default: //./root/cimv2)
 -s SHARE Specify a share (default: C$)
 --kerb Use Kerberos authentication. Grabs credentials from ccache file (KRB5CCNAME) based on target parameters
 --port {139,445} SMB port (default: 445)
 --server {http,https}
 Use the selected server (defaults to http)
 --server-port PORT Start the server on the specified port
 --fail-limit LIMIT The max number of failed login attempts allowed per host (default: None)
 --gfail-limit LIMIT The max number of failed login attempts allowed globally (default: None)
 --verbose Enable verbose output

More Information: here

[button size=large style=round color=red align=none url=]Download CrackMapExec v2.2[/button]

Thanks to our friend byt3bl33d3r, for sharing this tool with us 😉

MaxiSoler @maxisoler