CredSpray is a bash wrapper around NetExec (nxc) designed to streamline credential validation across multiple protocols during penetration testing. It supports both spray mode (testing all users against all passwords) and no-spray mode (paired credential testing).

Perfect for OSCP/CTF/CPTS/PNPT environments, password spraying attacks, targeted credential testing, and multi-protocol enumeration with consolidated results.

• Mixed Hashes/Password File Handling: Automatically detects and separates hashes from passwords in a combined file
• Interrupt Handling: Skip current test (Ctrl+C once) or exit (Ctrl+C twice)
• Spray & No-Spray Modes: Test all combinations or pair credentials
• Dual Authentication: Supports both domain and local authentication
• Multi-Protocol Support: SMB, WinRM, RDP, SSH, MSSQL, LDAP, FTP, WMI, VNC, NFS
• Results Tracking: Automatically saves successful authentications
• Troubleshooting Hints: Built-in error detection with solutions (see Common Issues Gist)

Scenario 1: Same file contains both usernames and passwords

# For paired testing (spraying usernames as passwords) credspray.sh -t 192.168.1.100 -u usernames.txt -p usernames.txt --no-spray

Scenario 2: Found credentials in different formats with orphaned hashes and users

# Create a combined file with all findings vim findings.txt admin:Password123 strikoder:8846f7eaee8fb117ad06bdd830b7586c :Welcome2024 :8846f7eaee8fb117ad06bdd830b7586445 # Test all credentials against target credspray.sh -t 10.10.10.100 -u findings.txt -c findings.txt

Scenario 3: Password spraying with common passwords

# Check out NagoyaSpray for common password lists # https://github.com/strikoder/NagoyaSpray # Spray across all protocols credspray.sh -t 10.10.10.100 -u users.txt -p nagoyapasswords.txt

NetExec (nxc) - Required for credential testing

pip install netexec

Manual installation

# Clone the repository git clone https://github.com/strikoder/CredSpray.git cd CredSpray # Make the script executable chmod +x credspray.sh # Optional: Move to system path sudo cp credspray.sh /usr/local/bin/credspray

credspray.sh -t <target> -u <username|userfile> [-p <password|passfile>] [-H <hash|hashfile>] [-c <combined_file>] [-a <auth_type>] [--spray|--no-spray]

• Default mode is spray - use --no-spray for paired testing
• Default authentication mode is both (domain + local) - use -a to specify domain or local only

After running the script, you'll be prompted to select protocols:

Examples:

• 1,2,3 - Test SMB, WinRM, and RDP
• 1-5 - Test protocols 1 through 5
• all - Test all available protocols

administrator strikoder 

Password123! Summer2024 

NTLM hashes:

8846f7eaee8fb117ad06bdd830b7586c 32ed87bdb5fdc5e9cba88547376818d4 

Spray Mode - Extracts all users and all credentials separately:

user1:password1 → extracts: user1, password1 user2:hash123... → extracts: user2, hash123... user3: → extracts: user3 (no credential) :orphan_password → extracts: orphan_password standalone_username → extracts as username :unknown_credential → smart detection (hash vs password) 

No-Spray Mode - Pairs credentials when the same file used twice -u creds.txt -p creds.txt (skips unpaired entries):

user1:password1 → tests: user1:password1 user2:hash123... → tests: user2:hash123... user3: → SKIPPED (no credential) :orphan_password → SKIPPED (no username) standalone_username → SKIPPED (no credential) 

• NetExec - The powerful network protocol testing tool that powers CredSpray. Check out the NXC Cheatsheet
• OSCP/CTF Community - For inspiring practical penetration testing tools