Kerbrute is a powerful tool used primarily in penetration testing to enumerate and brute-force Active Directory accounts via Kerberos Pre-Authentication. Here’s a breakdown of what it does and how it’s used:

🛠 What Is Kerbrute?

Kerbrute is written in Go and designed to:

• Enumerate valid domain usernames
• Brute-force passwords
• Perform password spraying attacks

It interacts with the Kerberos authentication protocol, which is widely used in Windows environments for secure identity verification.

🔍 Key Features

Kerbrute supports several commands:

• userenum: Finds valid usernames in a domain
• bruteuser: Brute-forces a single user’s password using a wordlist
• bruteforce: Tests username-password combos from a file
• passwordspray: Tests one password across many usernames

These techniques are useful for identifying weak credentials or misconfigured accounts during security assessments.

⚙️ How It Works

Kerbrute sends Kerberos authentication requests to a Domain Controller (DC). If a username is valid, the DC responds differently than it would for an invalid one—allowing enumeration without triggering typical login failure alerts. This makes Kerbrute stealthier than traditional brute-force tools.

🧪 Example Usage

./kerbrute_linux_amd64 userenum --dc 192.168.1.100 -d example.local usernames.txt

This command checks which usernames in usernames.txt are valid on the domain example.local.

📥 Where to Get It

You can download Kerbrute from its GitHub repository. It’s available for Linux, Windows, and macOS.