MCPcopy Index your code
hub / github.com/citronneur/kerlab

github.com/citronneur/kerlab @main

Chat with this repo
repository ↗ · DeepWiki ↗ · + Follow
134 symbols 199 edges 28 files 33 documented · 25%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

Kerlab

A Rust implementation of Kerberos for FUn and Detection

Kerlab was developped just to drill down kerberos protocol and better understand it. The main pupose is to write more targeted detection rules. These rules was presented during the Toulouse Hacking Conference 2021 that took place on 11 of june.

:warning: Kerlab needs the nightly version of rust because we massively use static parameters for template :warning:

kerasktgt Kerberos Ask Ticket Granting Ticket

Use to ask the first Ticket in kerberos protocol. If the username is not set, the TGT request is made without pre authentication. It will write the ticket into KRB_CRED format, compatible with rubeus or mimikatz. We can choose between the cleartext password, or the ntlm hash version.

kerasktgt 0.1.0
Sylvain Peyrefitte <citronneur@gmail.com>
Kerberos Lab for Fun and Detection

USAGE:
    kerasktgt.exe [FLAGS] [OPTIONS]

FLAGS:
        --forwardable    Ask for a forwardable ticket
    -h, --help           Prints help information
        --renewable      Ask for a renewable ticket
    -V, --version        Prints version information

OPTIONS:
        --dc <dc>                host IP of the Domain Controller
        --domain <domain>        Windows Domain
        --ntlm <ntlm>            NTLM hash for RC4 encryption
        --outfile <outfile>      Output file path
        --password <password>    Username password
        --port <port>            Domain Controller Kerberos port [default: 88]
        --username <username>    Username of TGT

kerasktgs Kerberos Ask Ticket Granting Servive

Use to ask a TGS ticket using a saved TGT. kerasktgs support S4U protocol extension, through s4u options.

kerasktgs 0.1.0
Sylvain Peyrefitte <citronneur@gmail.com>
Kerberos Lab for Fun and Detection

USAGE:
    kerasktgs.exe [FLAGS] [OPTIONS]

FLAGS:
        --forwardable    Ask for a forwardable ticket
        --forwarded      Ask for a forwarded ticket
    -h, --help           Prints help information
        --renewable      Ask for a renewable ticket
    -V, --version        Prints version information

OPTIONS:
        --dc <dc>                  host IP of the Domain Controller
        --outfile <outfile>        Output file path
        --port <port>              Domain Controller Kerberos port [default: 88]
        --s4u <s4u>                Ask for a service ticket in place of this user
        --s4u-realm <s4u-realm>    Ask for a service ticket in place of this user
        --service <service>        Name of the service
        --ticket <ticket>          TGT recorded using kerasktgt

kerforce Kerberos Brute Force

Use to perform an online brute force attack. The file attribute is just a file with a password at each line.

kerforce 0.1.0
Sylvain Peyrefitte <citronneur@gmail.com>
Kerberos Lab for Fun and Detection

USAGE:
    kerforce.exe [FLAGS] [OPTIONS]

FLAGS:
    -h, --help       Prints help information
        --safe       Stop when account it's first locked
    -V, --version    Prints version information

OPTIONS:
        --dc <dc>                host IP of the Domain Controller
        --domain <domain>        Windows Domain
        --file <file>            File that contain password file
        --port <port>            Domain Controller Kerberos port [default: 88]
        --username <username>    Username of TGT

kerspray Kerberos Password Spraying

Use to perform a Kerberos Password spraying attack using a list of username.

kerspray 0.1.0
Sylvain Peyrefitte <citronneur@gmail.com>
Kerberos Lab for Fun and Detection

USAGE:
    kerspray.exe [FLAGS] [OPTIONS]

FLAGS:
    -h, --help       Prints help information
        --safe       Stop when account it's first locked
    -V, --version    Prints version information

OPTIONS:
        --dc <dc>                host IP of the Domain Controller
        --domain <domain>        Windows Domain
        --file <file>            File that contain username
        --password <password>    Password of TGT
        --port <port>            Domain Controller Kerberos port [default: 88]

kerticket Kerberos Ticket Viewer

Print informations of ticket saved on disk. Use to convert a ticket into hashcat compatible format. We can decrytp the EncTicketPartBody using the hash or the password of the service (including krbtgt).

kerticket 0.1.0
Sylvain Peyrefitte <citronneur@gmail.com>
Kerberos Lab for Fun and Detection

USAGE:
    kerticket.exe [OPTIONS]

FLAGS:
    -h, --help       Prints help information
    -V, --version    Prints version information

OPTIONS:
        --hashcat <hashcat>      output file for hash cat brute forcing
        --ntlm <ntlm>            NTLM hash for RC4 encryption de decrypt ticket
        --password <password>    Password for RC4 encryption de decrypt ticket
        --ticket <ticket>        Path to the ticket file

Extension points exported contracts — how you extend this code

ASN1 (Interface)
This trait is a wrapper around the yasna library to better declare ASN1 type [12 implementers]
src/asn1.rs
Display (Interface)
(no doc) [35 implementers]
src/display.rs
Message (Interface)
(no doc) [3 implementers]
src/message.rs
ReadFromCursor (Interface)
(no doc) [1 implementers]
src/pac.rs

Core symbols most depended-on inside this repo

print
called by 157
src/display.rs
new_line
called by 121
src/display.rs
indent
called by 26
src/display.rs
dedent
called by 26
src/display.rs
format
called by 12
src/display.rs
from_ber
called by 12
src/asn1.rs
hmac_md5
called by 8
src/rc4hmac.rs
to_der
called by 7
src/asn1.rs

Shape

Method 53
Class 43
Function 23
Enum 11
Interface 4

Languages

Rust100%

Modules by API surface

src/asn1.rs15 symbols
src/pac.rs14 symbols
src/encryption.rs11 symbols
src/display.rs10 symbols
src/rc4hmac.rs9 symbols
src/padata.rs8 symbols
src/base.rs8 symbols
src/krbkdcreq.rs7 symbols
src/error.rs6 symbols
src/ndr.rs5 symbols
src/ticket.rs4 symbols
src/request.rs4 symbols

For agents

$ claude mcp add kerlab \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact