Here’s a comprehensive explanation of CrackMapExec (CME):
🧰 What Is CrackMapExec?
CrackMapExec is an open-source post-exploitation and Active Directory (AD) enumeration tool used by penetration testers, red teamers, and security professionals. Think of it as a Swiss Army knife for Windows network assessments—it automates many tasks that would otherwise require multiple tools and manual effort.
It’s especially powerful in internal network environments, where it helps map out AD structures, test credentials, and perform lateral movement.
🔍 Key Features
Here’s what CrackMapExec can do:
| 🧩 Feature | 📝 Description |
|---|---|
| AD Enumeration | Lists domains, forests, users, groups, computers, and trust relationships |
| Credential Attacks | Supports password spraying, brute force, and credential stuffing across SMB, LDAP, WinRM, and more |
| Remote Code Execution | Executes commands/scripts remotely via PowerShell, WMI, SMB, and PSExec |
| Lateral Movement | Uses techniques like pass-the-hash, pass-the-ticket, and token impersonation |
| Vulnerability Checks | Detects issues like ZeroLogon, PetitPotam, MS17-010, and others |
| Credential Dumping | Extracts credentials from memory or Group Policy Preferences (GPP) |
| Integration | Works with tools like BloodHound, Empire, and Metasploit |
🚀 Installation
You can install CrackMapExec on Linux (especially Kali) or via Python:
# Clone from GitHub
git clone https://github.com/Porchetta-Industries/CrackMapExec
cd CrackMapExec
poetry install
poetry run crackmapexec
Or use:
apt install crackmapexec # On Kali Linux
🧪 Example Usage
To enumerate SMB shares on a subnet:
crackmapexec smb 192.168.1.0/24
To spray credentials:
crackmapexec smb 192.168.1.0/24 -u 'admin' -p 'Summer2025!'
To check for vulnerabilities:
crackmapexec smb 192.168.1.10 -M zerologon
⚠️ Ethical Considerations
While CrackMapExec is a legitimate tool for security testing, it can be flagged by antivirus software as a “hacktool”. It should only be used in environments where you have explicit permission—such as penetration testing engagements or lab setups.
