Bounty
Protect your domain's treasure - breach yourself before someone else does.
Where password security meets treasure protection
Protect Your Digital Treasure
Bounty is an Active Directory hardening tool that compares your users' password hashes against a database of cracked and leaked credentials. Like a vigilant guardian of your digital treasure, Bounty proactively identifies weak or compromised accounts before they can be exploited. This empowers you to enforce a stronger authentication posture across your enterprise environment and stay ahead of potential threats.
Secure Your Domain's Most Valuable Assets
Secure Hash Comparison
Like a seasoned treasure hunter consulting a trusted guide, Bounty securely checks your Active Directory password hashes against an encrypted database of known cracked credentials. It identifies vulnerable accounts without ever exposing your sensitive data, ensuring both security and insight.
Flexible Hash Processing Options
Choose between sending NTLM hashes for comprehensive analysis or more secure hash digests for 1:1 matching. Full hashes undergo rigorous testing against specialized wordlists, rules, and masks to detect even low-entropy permutations of known compromised passwords, while digests offer maximum security with targeted matching.
Active Directory Integration
Bounty integrates seamlessly with your Active Directory environment, allowing for targeted auditing of specific user groups, OUs, or the entire domain. This precision targeting ensures you can focus your security efforts where they matter most.
Password Hygiene Enforcement
Beyond simple detection, Bounty provides comprehensive tools for enforcing resilient password policies, helping organizations implement and maintain strong password hygiene across their entire user base.
The Kraken's Advantage
What sets Bounty apart is its unique approach to password security. While traditional tools focus on enforcing complex password policies, Bounty takes a proactive stance by identifying passwords that have already been compromised in the wild.
This approach addresses the fundamental weakness of even complex passwords — their reuse or compromise in real-world breaches and red team engagements — delivering a level of protection that traditional password policies alone can't provide.
Technical Specifications
System Requirements
Domain Controller Access
- Windows Server 2012 R2 or newer
- Password expiration modification privileges
- 8GB RAM minimum (16GB recommended)
- 10GB+ storage for temporary audit storage
Security Features
- Secure hash processing for maximum security
- Encrypted storage of all sensitive data
- Detailed audit logging of all operations
- SIEM Integrations and Email Alerting
Hash Database
- Regular updates from multiple breach and real-world sources
- Over 10 billion unique password hashes
- Fast and secure bleeding edge protocols
- Optimized search for rapid comparison
Use Cases
- →Regular security audits of Active Directory environments
- →Post-breach assessment to identify potentially compromised accounts
- →Compliance verification for password security requirements
- →Proactive security hardening before penetration testing
Become a Beta Tester
Help shape the future of Active Directory security by joining our beta testing program.