PurpleSpray

PurpleSpray is an adversary simulation tool that executes password spray behavior under different scenarios and conditions with the purpose of generating attack telemetry in properly monitored Windows enterprise environments. Blue teams can leverage PurpleSpray to identify gaps in visibility as well as test the resilience, improve existing and build new detection analytics for password spraying attacks.

PurpleSpray currently supports two modules that leverage the SMB protocol for the spray scenarios. For more details and demos, visit the Wiki.

PurpleSpray was first presented at BSides Baltimore 2019.

Quick Start Guide

PurpleSpray has been tested on Kali Linux 2018.4 and Windows 10 1830 under Python 3.6 and Python 2.7.

Note: Python 2 is no longer supported.

Installation

$ git clone https://github.com/mvelazc0/PurpleSpray.git
$ pip3 install -r PurpleSpray/requirements.txt

Usage

$ python3 PurpleSpray.py

Docker Build

$ docker build -t purplespray .

Docker Usage

$ docker run --rm -it purplespray

Acknoledgments

This project could not be possible without the following projects:

• Impacket
• Powershell Empire
• Death Star
• The PenTesters Framework

Authors

• Mauricio Velazco - @mvelazco

License

This project is licensed under the BSD 3-Clause License - see the LICENSE file for details