CredNinja – Multithreaded Tool to Test Credentials

CredNinja is a multithreaded tool designed to identify if credentials are valid, invalid, or local admin valid credentials within a network at-scale via SMB, plus now with a user hunter. This tool is intended for penetration testers who want to perform an engagement quickly and efficiently.

The tool will quickly check the validity of multiple user credentials across multiple servers and be notified if that user has local administrator rights on each server.

CredNinja - Multithreaded Tool to Test Credentials
CredNinja – Multithreaded Tool to Test Credentials

While this tool can be used for more covert operations , it really shines when used at the scale of a large network. At the core of it, you provide it a list of credentials you have dumped (or hashes, it can pass-the-hash) and a list of systems on the domain (possible scanning for port 445 first, or you can use “–scan”). It will tell you if the credentials you dumped are valid on the domain, and if you have local administrator access to a host.

The tool support several options to make the test simultaneous and automated by providing a word or file of user credentials to test. Usernames are accepted in the form of “DOMAIN\USERNAME:PASSWORD” This can be combined with the system list word or file of servers to test against. it may have a single system, a filename containing a list of systems, a gnmap file, or IP addresses in cidr notation. Each credential will be tested against each of these servers by attempting to browse C$ via SMB.

You can read more and download this tool over here:

Notify of
Inline Feedbacks
View all comments