kerbrute

Bruteforcing Windows passwords with Kerberos is much faster than any other approach I know of, and potentially stealthier since pre-authentication failures do not trigger that "traditional" An account failed to log on event 4625. With Kerberos, you can validate a username or test a login by only sending one UDP frame to the KDC (Domain Controller).

Kerbrute has three main commands:
- bruteuser: bruteforce a single user's password from a wordlist
- bruteforce: read username:password combos from a file or stdin and test them
- passwordspray: test a single password against a list of users
- userenum: enumerate valid domain usernames via Kerberos