SmartSpray

Overview

SmartSpray is a specialized Red Team tool designed for stealthy, targeted password auditing in Active Directory environments. Built entirely on native Impacket libraries, it eliminates dependencies on external binaries like CrackMapExec.

Key Capabilities:

• Stealth Operations: Randomized SMB fingerprints and per-request jitter.
• Policy Compliance: Granular password complexity filters (GPO-aware).
• Smart Safety: Built-in logic to strictly adhere to Account Lockout Policies.
• Resilience: Automated state tracking for resume-on-interrupt.

[!NOTE]
This tool is intended for authorized security assessments only.

Features

🛡️ Evasion & Stealth

• True Native: Pure Python implementation using impacket.smbconnection.
• Stealth Mode (--stealth):
  • Randomizes client hostnames (e.g., DESKTOP-7X91D2) per connection.
  • Injects random micro-delays (0.5s - 1.5s) between attempts to evade burst detection.
• Jitter (--jitter): Adds randomized delays to the lockout wait timer, making traffic patterns unpredictable.

🎯 Advanced Filtering

• Complexity Enforcement (--complexity): Pre-validates passwords against AD policies before spraying, saving precious lockout attempts.
  • Level 0: None (Spray all).
  • Level 1: Standard AD (3 of 4 character classes).
  • Level 2: GPO Compliant (Standard + Username check).
  • Level 3: Strict (4 of 4 character classes).
• Length Enforcement (-pl): Automatically skips passwords shorter than the domain minimum.

⚙️ Safety & Control

• Smart Thresholds: Automatically calculates a safe buffer zone based on the domain's real lockout policy (e.g., sprays 2 times for a threshold of 5).
• Interactive Mode: Full guided configuration if no arguments are provided.
• Quiet Mode (--quiet): Minimalist output showing only successful compromises.
• Session Resume: Tracks progress in spray_state.json to resume after interruptions.

Installation

Requires Python 3.6+ and the Impacket library.

git clone https://github.com/GabrielDuschl/Automated-SMB-Password-Spraying.git
cd Automated-SMB-Password-Spraying
pip3 install impacket

Usage

1. Interactive Mode (Recommended)

Simply run the script without arguments. Validates input and guides you through Evasion and Policy settings.

python3 SmartSpray.py

2. CLI Mode (Automation)

For CI/CD pipelines or scripted attacks.

python3 SmartSpray.py [OPTIONS]

Configuration Options

| Argument | Flag | Description | Default | | :--- | :--- | :--- | :--- | | Domain | -d, --domain | Target Domain Name (and Host to auth against) | Required | | User File | -u, --user | Path to file containing usernames | Required | | Pass File | -p, --password | Path to file containing passwords | Required | | Min Length | -pl, --pass-length | Minimum Password Length (Policy) | Required | | Threshold | -t, --threshold | Real Account Lockout Threshold. Script buffers this by -3. | 5 | | Lockout | -l, --lockout | Reset Account Lockout Counter (minutes) | 15 | | Jitter | -j, --jitter | Max random minutes added to the lockout timer | 0 | | Complexity | -c, --complexity | 0=None, 1=Standard, 2=GPO+User, 3=Strict | 0 | | Stealth | --stealth | Enable Random Hostnames & Micro-Delays | False | | Quiet | -q, --quiet | Suppress "Testing..." logs. Show hits only. | False | | Output | -o, --output | CSV file to write valid credentials to | None | | No Resume | --no-resume | Ignore saved state and start fresh | False |

Examples

Standard Spray (Safe Default)

python3 SmartSpray.py -d corp.local -u users.txt -p common.txt -pl 7

Stealth Op (GPO-Compliant Filter + Max Evasion)

python3 SmartSpray.py -d corp.local -u users.txt -p common.txt -pl 7 -t 5 -l 30 --stealth --complexity 2 --jitter 10 --quiet

• Explanation: Sprays only 2 passwords per batch (Threshold 5), waits 30-40 mins between batches (Lockout 30 + Jitter 10), enables random footprints, and skips passwords containing usernames or failing complexity.*

Liability Disclaimer

This tool is for educational and authorized testing purposes only. The author acts with no liability for the usage of this tool.