CrackMapExec (a.k.a CME) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks. Built with stealth in mind, CME follows the concept of “Living off the Land”: abusing built-in Active Directory features/protocols to achieve it’s functionality and allowing it to evade most endpoint protection/IDS/IPS solutions.
CME makes heavy use of the Impacket library (developed by @asolino) and the PowerSploit Toolkit (developed by @mattifestation) for working with network protocols and performing a variety of post-exploitation techniques.
Although meant to be used primarily for offensive purposes (e.g. red teams), CME can be used by blue teams as well to assess account privileges, find possible misconfigurations and simulate attack scenarios.
CrackMapExec is developed by @byt3bl33d3r and maintained by @mpgn
Installation:
#~ apt-get install -y libssl-dev libffi-dev python-dev build-essential
#~ git clone --recursive https://github.com/byt3bl33d3r/CrackMapExec
#~ cd CrackMapExec
#~ python3 setup.py installUsage:
#~ cme --help
usage: cme [-h] [-v] [-t THREADS] [--timeout TIMEOUT] [--jitter INTERVAL]
[--darrell] [--verbose]
{http,smb,mssql} ...
optional arguments:
-h, --help show this help message and exit
-v, --version show program's version number and exit
-t THREADS set how many concurrent threads to use (default: 100)
--timeout TIMEOUT max timeout in seconds of each thread (default: None)
--jitter INTERVAL sets a random delay between each connection (default: None)
--darrell give Darrell a hand
--verbose enable verbose output
protocols:
available protocols
{http,smb,mssql}
http own stuff using HTTP(S)
smb own stuff using SMB and/or Active Directory
mssql own stuff using MSSQL and/or Active DirectoryDownload: https://github.com/byt3bl33d3r/CrackMapExec
