provocativo_
back to the arsenal
// arsenal·Post-ExploitIntermediateFOSS

Kerbrute

Pre-auth Kerberos username enumeration and password spraying.

Post-Exploit

$ kerbrute --help

Kerbrute

// what it is

Description

Ronnie Flathers' Go tool that uses Kerberos pre-auth to enumerate valid usernames and spray passwords against AD — without triggering account-lockout policies (when used correctly).

// use cases

What people use it for

  • Username enumeration via Kerberos
  • Low-and-slow password spraying

// commands

The commands you'll type

User enum

$ kerbrute userenum --dc dc.corp.local -d corp.local users.txt

Password spray

$ kerbrute passwordspray --dc dc.corp.local -d corp.local users.txt 'Spring2026!'

// facts

category
Post-Exploit
platforms
LIN · WIN · MAC
license
FOSS
difficulty
Intermediate

// links

// related in Post-Exploit

Post-ExploitAdvanced

Mimikatz

Benjamin Delpy's Windows credential-theft Swiss Army knife.

FOSS
WIN
open entry →
Post-ExploitAdvanced

Impacket

SecureAuth (now Fortra) Python toolkit for low-level Windows network protocols.

FOSS
LIN·WIN·MAC
open entry →
Post-ExploitAdvanced

BloodHound

Active Directory attack-path visualizer — graphs the shortest path to Domain Admin.

FOSS
LIN·WIN·MAC
open entry →