Kerberoast Extractor

Kerberoast Extractor

Standalone Python tool for Kerberoasting attacks:

• Automatic Enumeration — Queries LDAP to find all user accounts with SPNs set (servicePrincipalName attribute), filtering out machine accounts and disabled users.
• TGS Request — Requests Kerberos service tickets (TGS-REP) for each discovered SPN using RC4, AES128, or AES256 encryption types.
• Hash Extraction — Extracts the encrypted portion of TGS-REP tickets and formats them as hashcat-compatible hashes ($krb5tgs$23$ for RC4, $krb5tgs$17$/18$ for AES).
• Targeted Mode — Option to target a specific SPN or user account instead of bulk extraction, reducing noise in monitored environments.
• Output Formats — Exports in hashcat and John the Ripper formats with automatic naming by SPN for organized cracking campaigns.
• OPSEC — Supports Kerberos authentication via existing TGT (pass-the-ticket) to avoid generating AS-REQ entries in logs.