To spray using a hash with CredNinja (where 1234567890abcdefg is the hash):
credninja -s ~/nmap.gnmap -a 'Administrator:1234567890abcdefg' --ntlm
https://github.com/knavesec/CredMaster
Launch a password spray / brute force attach via Amazon AWS passthrough proxies, shifting the requesting IP address for every authentication attempt. This dynamically creates FireProx APIs for more evasive password sprays.
Shoutout to @ustayready for his CredKing and FireProx tools, which form the base of this suite.