{"id":13722327,"url":"https://github.com/C-Sto/gosecretsdump","last_synced_at":"2025-05-07T15:30:33.351Z","repository":{"id":43580235,"uuid":"162955234","full_name":"C-Sto/gosecretsdump","owner":"C-Sto","description":"Dump ntds.dit really fast","archived":false,"fork":false,"pushed_at":"2021-10-01T09:11:33.000Z","size":2721,"stargazers_count":345,"open_issues_count":6,"forks_count":48,"subscribers_count":9,"default_branch":"master","last_synced_at":"2024-02-15T10:36:21.233Z","etag":null,"topics":["cracking","cracking-hashes","dit","dit-files","impacket","impacket-secretsdump","ntds","password","securiy","windows"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/C-Sto.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-12-24T05:54:19.000Z","updated_at":"2024-02-11T18:53:05.000Z","dependencies_parsed_at":"2022-09-26T18:01:49.297Z","dependency_job_id":null,"html_url":"https://github.com/C-Sto/gosecretsdump","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/C-Sto%2Fgosecretsdump","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/C-Sto%2Fgosecretsdump/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/C-Sto%2Fgosecretsdump/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/C-Sto%2Fgosecretsdump/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/C-Sto","download_url":"https://codeload.github.com/C-Sto/gosecretsdump/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252905515,"owners_count":21822818,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cracking","cracking-hashes","dit","dit-files","impacket","impacket-secretsdump","ntds","password","securiy","windows"],"created_at":"2024-08-03T01:01:27.452Z","updated_at":"2025-05-07T15:30:32.160Z","avatar_url":"https://github.com/C-Sto.png","language":"Go","funding_links":[],"categories":["Go (531)","Windows Specific","Go"],"sub_categories":[],"readme":"# Gosecretsdump\n\nHave you been using Impacket to dump hashes out of (large) NTDS.dit files, and become increasingly frustrated at how long it takes? I sure have!\n\nAll credit for the original code to the impacket devs, it's much more complicated than I anticipated.\n\nThis is a conversion of the impacket secretsdump module into golang. It's not very good, but it is quite fast. Please let me know if you find bugs, I'll try and fix where I can - bonus points if you can provide sample .dit files for me to bash against.\n\n## Features\n\n- Dumps dits very fast. Operations that usually take hours are now done in minutes.\n- Can dump SAM/SYSTEM backups\n- Can dump local SAM/SYSTEM (must be run as the machine account/SYSTEM)\n- A somewhat usable interface for integration other other tooling (See lib example below)\n\n## Usage\nYou will need to obtain the NTDS.dit and SYSTEM file from the target domain controller as normal. This won't dump anything remotely, just local (for now at least).\n```  \n  -enabled\n        Only output enabled accounts\n  -history\n        Include Password History\n  -livesam\n        Get hashes from live system. Only works on local machine hashes (SAM), only works on Windows.\n  -noprint\n        Don't print output to screen (probably use this with the -out flag)\n  -ntds string\n        Location of the NTDS file (required)\n  -out string\n        Location to export output\n  -sam string\n        Location of SAM registry hive\n  -status\n        Include status in hash output\n  -stream\n        Stream to files rather than writing in a block. Can be much slower.\n  -system string\n        Location of the SYSTEM file (required)\n  -version\n        Print version and exit\n```\n\nExample (there is a test .dit and system file in this repo)\n\n`gosecretsdump -ntds test/ntds.dit -system test/system`\n\n## Comparison\nUsing a large-ish .dit file (approx 1gb)\n\nImpacket secretsdump.py\n```bash\ntime ./secretsdump.py local -system ~/go/src/github.com/c-sto/gosecretsdump/test/big/registry/SYSTEM -ntds ~/go/src/github.com/c-sto/gosecretsdump/test/big/Active\\ Directory/ntds.dit\n\u003csnip\u003e\n./secretsdump.py -system registry/SYSTEM -ntds  local  1197.36s user 12.01s system 98% cpu 20:23.78 total\n```\n\ngosecretsdump\n```bash\ntime go run main.go -system ~/go/src/github.com/c-sto/gosecretsdump/test/big/registry/SYSTEM -ntds ~/go/src/github.com/c-sto/gosecretsdump/test/big/Active\\ Directory/ntds.dit\n\u003csnip\u003e\ngo run main.go -system  -ntds  26.28s user 3.78s system 114% cpu 26.178 total\n```\n\n\n## Lib\n\nSo you want to use this in your cool Go implant? that should be easy. The pattern for all the 'dumping' functions is as follows:\n\n\n**note**\nIt's likely that the api will undergo changes. I'll try to keep to semver, but please understand that I don't really have any idea what I'm doing.\n\n\n```go\n//Create the reader flavour of your choice\ndr, err = samreader.New(\"C:\\\\pentest\\\\system.hive\", \"C:\\\\pentest\\\\sam.hive\")\nif err != nil {\n      return err\n}\n\n//Get the output channel\ndataChan := dr.GetOutChan()\n\n//start dumping\ngo dr.Dump()\n\n//read from the output channel (the channel will be closed once dumping is complete)\nwg := sync.WaitGroup{}\nwg.Add(1)\ngo func(){\n      defer wg.Done() //This probably won't actually work, I can never remember if defer works on inline funcs\n      for dh := range dataChan{\n            fmt.Println(\"%+v\\n\", dh)\n      }\n}()\n//do other things while you wait\nwg.Wait()\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FC-Sto%2Fgosecretsdump","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FC-Sto%2Fgosecretsdump","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FC-Sto%2Fgosecretsdump/lists"}