The Trident project is an automated password spraying tool developed to meet the following requirements:
- the ability to be deployed on several cloud platforms/execution providers
- the ability to schedule spraying campaigns in accordance with a target’s account lockout policy
- the ability to increase the IP pool that authentication attempts originate from for operational security purposes
- the ability to quickly extend functionality to include newly-encountered authentication platforms
Deployment
Deploying trident requires a Google Cloud project, a domain name (for the orchestrator API), and a Cloudflare Access configuration for this domain. Cloudflare Access is used to authenticate requests to the orchestrator API.
brew install cloudflare/cloudflare/cloudflared
brew install terraform
cd terraform
cloudflared login
terraform init
terraform plan
terraform apply
Installation
Trident has a command-line interface available on the releases page. Alternatively, you can download and install trident-client
via go get
:
GO111MODULE=on go get github.com/praetorian-inc/trident/cmd/trident-client
Usage
Config
The trident-client
binary sends API requests to the orchestrator. It reads from ~/.trident/config.yaml
, which has the following format:
orchestrator-url: https://trident.example.org
Author
- Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
- LiveSeptember 5, 2024"40 Steps" Satellite Security - Registration for LIVE WORKSHOP IS NOW ON!
- LiveAugust 21, 2024"40 Steps" Game Hacking - Registration for LIVE WORKSHOP IS NOW ON!
- BlogDecember 13, 2022What are the Common Security Weaknesses of Cloud Based Networks?
- BlogOctober 12, 2022Vulnerability management with Wazuh open source XDR
Subscribe
0 Comments
Newest