password_spray
Test multiple passwords against one or more user accounts to identify weak credentials during security assessments.
Instructions
spray passwords on an account or several accounts
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| ips | Yes | ||
| usernames | Yes | ||
| passwords | Yes | ||
| onelogin | No |
Implementation Reference
- src/pentestmcp/server.py:231-235 (handler)The handler function for the 'password_spray' tool. It uses netexec to perform password spraying on specified IPs with given usernames and passwords, with an option for one-login behavior.@mcp.tool(name="password_spray",description="spray passwords on an account or several accounts") def password_spray(ips:List[str],usernames:List[str],passwords:List[str],onelogin:bool=False): if(onelogin): return run_command(["netexec","smb"]+ips+["-u"]+usernames+["-p"]+passwords+["--no-bruteforce","--continue-on-success"]) return run_command(["netexec","smb"]+ips+["-u"]+usernames+["-p"]+passwords)
- src/pentestmcp/server.py:231-231 (registration)The @mcp.tool decorator registers the password_spray function as an MCP tool.@mcp.tool(name="password_spray",description="spray passwords on an account or several accounts")
- src/pentestmcp/server.py:28-85 (helper)Helper function used by password_spray to execute shell commands via subprocess.def run_command(command: List[str], timeout: int = 150,communicate:bool=False) -> Dict[str, Union[str, int, bool]]: try: logger.info(f"communicate :{communicate}") logger.info(f"Running command: {' '.join(command)}") if communicate: # Use Popen for interactive communication process = subprocess.Popen( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE, text=True ) stdout, stderr = process.communicate(input="y\n", timeout=timeout) returncode = process.returncode else: # Use run for non-interactive commands result = subprocess.run( command, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True, check=True, timeout=timeout ) stdout = result.stdout stderr = result.stderr returncode = result.returncode logger.info(f"Command completed with return code {returncode}") return { "success": True, "stdout": stdout, "stderr": stderr, "returncode": returncode } except subprocess.CalledProcessError as e: logger.error(f"Command failed with return code {e.returncode}: {e.stderr}") return { "success": False, "stdout": e.stdout, "stderr": e.stderr, "returncode": e.returncode, "error": f"Command failed with return code {e.returncode}" } except subprocess.TimeoutExpired as e: logger.error(f"Command timed out after {timeout} seconds") return { "success": False, "error": f"Command timed out after {timeout} seconds" } except Exception as e: logger.error(f"Error running command: {str(e)}") return { "success": False, "error": str(e) }