Skip to content

Password spraying using AWS Lambda or GCP Cloud Functions for IP rotation

Notifications You must be signed in to change notification settings

dabull2112/CredKing

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

CredKing

Overview

Easily launch a password spray using AWS Lambda across multiple regions, rotating IP addresses with each request.

Brought to you by:

Black Hills Information Security

Benefits

  • Fully supports all AWS Lambda Regions
  • Multi-threaded processing
  • Generates user/password pairs
  • Easily add new plugins
  • Automatically creates execution role and lambdas

Basic Usage

usage: credking.py [-h] --plugin PLUGIN [--threads THREADS] --userfile USERFILE --passwordfile PASSWORDFILE --access_key ACCESS_KEY --secret_access_key SECRET_ACCESS_KEY [--useragentfile USERAGENTFILE]

Arguments:
  -h, --help                            show this help message and exit
  --plugin PLUGIN                       spraying plugin
  --threads THREADS                     thread count (default: 1)
  --userfile USERFILE                   username file
  --passwordfile PASSWORDFILE           password file
  --access_key ACCESS_KEY               aws access key
  --secret_access_key SECRET_ACCESS_KEY aws secret access key
  --useragentfile                       useragent file

Plugin Usage

Gmail

The Gmail plugin does not require any additional arguments.

Okta

The Okta plugin adds a new required argument called oktadomain.

usage: credking.py <usual arugments> --oktadomain org.okta.com

Installation

Ubuntu 16.04

You can install and run automatically using Python 3 with the following command:

$ git clone https://github.com/ustayready/CredKing
$ cd CredKing
~/CredKing$ python3 credking.py

Note that Python 3 is required.

Bug reports, feature requests and patches are welcome.

Development

You can create new plugins by:

$ cd plugins
$ mkdir newplugin
$ cd newplugin
$ touch __init__.py
$ touch newplugin.py

Next, make sure to include the lambda handler function in your newplugin.py:

def lambda_handler(event, context):
	return your_function(event['username'], event['password'])

CredKing generates a deployment zip file which the lambdas receive when they are created. Because of this, CredKing requires the pre-reqs to be installed directly into the newplugin folder. You can accomplish this by:

$ pip install <pre-req> -t .

Plugin specific arguments

Plugin specific arguments can be specified with no modifications to credking.py, simply pass them as --argumentname value

If your plugin requirements plugin-specific arguments, you can implement a validate function in the __init__.py file of your plugin directory that will be passed an dictionary of all optional arguments.

Below is an example of plugin arugment validation used by the okta plugin's __init__.py.

def validate(args):
    if 'oktadomain' in args.keys():
        return True,None
    else:
        error = "Missing oktadomain argument, specify as --oktadomain org.okta.com"
        return False,error

The okta.py lambda_handler function then accesses the oktadomain argument as shown below.

def lambda_handler(event, context):
	domain = event['args']['oktadomain']
	return okta_authenticate(domain, event['username'], event['password'], event['useragent'])

That's it, enjoy!

About

Password spraying using AWS Lambda or GCP Cloud Functions for IP rotation

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 70.6%
  • C 20.2%
  • XSLT 5.7%
  • C++ 2.4%
  • Objective-C 1.1%