WinRM_Brute is a script which will allow you to brute force crednetials using the WinRM/WSMan service. Because it can pass authentication, it can be used to validate credentials.

Download here:

WinRM_Brute, will ask you for the following:

  1. The target of the computer.
  2. To select either a single user or to pull from a current user list.
  3. To provide the path to a wordlist full of passwords.

Once it has these values, it will attempt to authenticate and if successful will display the credentials at the end.

There is a new option that will attempt to pull usernames from AD using the following code:


Create a website or blog at

%d bloggers like this: