What additional capabilities does the Python implementation pyKerbrute have compared to the original kerbrute?

PyKerbrute adds support for TCP protocol in addition to UDP, and it allows validation of NTLM hashes instead of only plaintext passwords. These enhancements provide more flexibility in network environments and attack scenarios. The password verification function uses the NTLM hash directly in the padata encryption, similar to how plaintext passwords are processed. For a deeper understanding of password brute-forcing via other protocols, see Penetration Basics - Brute-Forcing Domain User Passwords via LDAP Protocol.