RAPIDS STATUS · STABLE PYTHON 3.8+
REPO SECURITY MIT
Real-Fruit-Snacks  //  credential spraying  //  stable release

RAPIDS.

modules
28 protocols
targets
multi threading
features
PTH · skip logic
stack
Python 3.8+
01 Premise

Push credentials through every service on a network.

Rapids is a modular credential spraying framework with 28 native protocol modules. Automatic port scanning, domain discovery, adaptive skip logic, and pass-the-hash support — no external tool dependencies for core functionality.

Built for fast, focused, and relentless authentication testing across large network ranges.

02 Specs

What's in the box.

MODULES
28 native protocols · SMB · SSH · RDP · WinRM · MSSQL · LDAP · Kerberos + databases
SPRAYING
Adaptive skip logic — three consecutive timeouts drops an endpoint, five marks host unreachable
TRANSPORT
Pass-the-hash support across SMB · RDP · WinRM · MSSQL · LDAP · Kerberos protocols
DISCOVERY
Domain discovery via SMB — automatic domain name extraction for Kerberos pre-auth
OUTPUT
Copy-pasteable commands — successful auths include connect strings for immediate pivot
STACK
Pure Python native libraries · impacket · paramiko · pywinrm · threading pool
03 Quickstart

Install, scan, spray, pivot.

Rapids automatically scans ports and maps them to protocol modules for comprehensive credential testing.

# Install from PyPI
$ pip install rapids

# Spray single credential against CIDR range
$ rapids --targets 10.10.10.0/24 --username admin --password Password123

# Multi-credential spray with user/pass lists
$ rapids --targets targets.txt --userlist users.txt --passlist passwords.txt

# Pass-the-hash across SMB/RDP/WinRM
$ rapids --targets 10.10.10.0/24 --username administrator --hash aad3b435b51404eeaad3b435b51404ee:8846f7eaee8fb117ad06bdd830b7586c
04 Reference

Command surface and protocols.

Full CLI reference for credential spraying, module selection, and output formatting.

TARGETING

--targets <file|cidr>Target file, IP, or CIDR range
--ports <list>Custom ports (overrides auto-scan)
--exclude <file>Exclude IPs from targeting
--timeout <sec>Connection timeout per attempt

CREDENTIALS

--username <user>Single username
--password <pass>Single password
--userlist <file>Username list file
--passlist <file>Password list file
--hash <lm:ntlm>Pass-the-hash (PTH) authentication

MODULES

--modules <list>Specific modules: smb,ssh,rdp,winrm,mssql
--exclude-modules <list>Skip specific modules
--list-modulesShow all 28 available protocol modules

OUTPUT

--output <file>Save results to file
--format <type>Output format: table, json, csv
--verboseShow failed attempts and debug info
--connect-commandsInclude connect strings for successful auths
05 Architecture

Scan, map, spray, verify.

Four-stage pipeline: port scanning to discover services, protocol mapping to modules, credential spraying with threading, and optional proof-of-access verification.

rapids/
scanner.py     // nmap integration · port discovery
modules/       // 28 protocol implementations
├── smb.py     // impacket SMB · domain discovery
├── ssh.py     // paramiko SSH client
├── rdp.py     // RDP with NLA support
└── database/  // mysql · postgres · mssql · mongo
engine.py      // threading · skip logic · results
cli.py         // argparse interface
06 Authorization

Authorized testing only.

Rapids is designed exclusively for authorized security testing with explicit written permission. Credential spraying generates significant authentication logs — ensure proper authorization and scope.

Security issues should be reported through private security advisories.

Adaptive skip logic prevents excessive authentication attempts against unresponsive services.

→ GET STARTED

Test every credential
against every service.

Open repo