Spraykatz - retrieve credentials on Windows machines


Spraykatz is a tool without any pretention able to retrieve credentials on Windows machines and large Active Directory environments.

It simply tries to procdump machines and parse dumps remotely in order to avoid detections by antivirus softwares as much as possible.


This tool is written for python>=3. Do not use this on production environments!


On a fresh updated Ubuntu:

apt update
apt install -y python3.6 python3-pip git nmap
git clone --recurse-submodules https://github.com/aas-n/spraykatz.git
cd spraykatz
pip3 install -r requirements.txt

Using Spraykatz

A quick start could be:

./spraykatz.py -u H4x0r -p L0c4L4dm1n -t

Mandatory arguments

Switches Description
-u, --username
User to spray with. He must have admin rights on targeted systems in order to gain remote code execution.
-p, --password
User's password or NTLM hash in the LM:NT format.
-t, --targets
IP addresses and/or IP address ranges. You can submit them via a file of targets (one target per line), or inline (separated by commas).

Optional arguments

Switches Description
-d, --domain
User's domain. If he is not member of a domain, simply use -d . instead.
-v, --verbosity
Verbosity mode {warning, info, debug}. Default == info.


Spraykatz uses slighlty modified parts of the following projects:

Written by Lydéric Lefebvre

Copyright (c) 2019 Lydéric Lefebvre

Main page: https://github.com/aas-n/spraykatz

December 23, 2019


Hakin9 TEAM
Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023