PurpleSpray is an adversary simulation tool that executes password spray behavior under different scenarios and conditions with the purpose of generating attack telemetry in properly monitored Windows enterprise environments. Blue teams can leverage PurpleSpray to identify gaps in visibility as well as test the resilience, improve existing and build new detection analytics for password spraying attacks.
PurpleSpray currently supports two modules that leverage the SMB protocol for the spray scenarios. For more details and demos, visit the Wiki.
PurpleSpray was first presented at BSides Baltimore 2019.
PurpleSpray has been tested on Kali Linux 2018.4 and Windows 10 1830 under Python 3.6 and Python 2.7.
Note: Python 2 is no longer supported.
$ git clone https://github.com/mvelazc0/PurpleSpray.git
$ pip3 install -r PurpleSpray/requirements.txt
$ python3 PurpleSpray.py
$ docker build -t purplespray .
$ docker run --rm -it purplespray
This project could not be possible without the following projects:
- Mauricio Velazco - @mvelazco
This project is licensed under the BSD 3-Clause License - see the LICENSE file for details