Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/lgandx/PCredz
This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.
https://github.com/lgandx/PCredz
Last synced: about 2 months ago
JSON representation
This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.
- Host: GitHub
- URL: https://github.com/lgandx/PCredz
- Owner: lgandx
- License: gpl-3.0
- Created: 2014-04-07T02:03:33.000Z (over 10 years ago)
- Default Branch: master
- Last Pushed: 2024-06-16T23:48:02.000Z (3 months ago)
- Last Synced: 2024-07-15T22:01:37.651Z (2 months ago)
- Language: Python
- Size: 87.9 KB
- Stars: 1,920
- Watchers: 102
- Forks: 388
- Open Issues: 9
-
Metadata Files:
- Readme: Readme.md
- Funding: .github/FUNDING.yml
Awesome Lists containing this project
- awesome-csirt - PCredz - RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface. (Tools / VPN)
- awesome-hacking-lists - lgandx/PCredz - This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface. (Python)
README
# PCredz
This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.
## Features
- Extract from a pcap file or from a live interface IPv4 and IPv6:
- Credit card numbers
- POP
- SMTP
- IMAP
- SNMP community string
- FTP
- HTTP (NTLM/Basic/HTTP Forms)
- NTLMv1/v2 (DCE-RPC,SMBv1/2,LDAP, MSSQL, HTTP, etc)
- Kerberos (AS-REQ Pre-Auth etype 23) hashes.
- All hashes are displayed in a hashcat format (use -m 7500 for kerberos, -m 5500 for NTLMv1, -m 5600 for NTLMv2).
- Log all credentials and information to a file (CredentialDump-Session.log).
- Log credentials in the logs/ folder. MSKerb.txt, NTLMv1.txt and NTLMv2.txt can be directly fed to hashcat.
## Install
### Docker
Install docker and clone the repo
Build the container
```bash
$ docker build . -t pcredz
```
Then use the command below to map the current working directory inside the Pcredz container. This is useful for moving .pcap files to parse or for retrieving log files from a live capture.
```bash
$ docker run --net=host -v $(pwd):/opt/Pcredz -it pcredz
```
### Linux
On a debian based OS bash:
```bash
apt install python3-pip && sudo apt-get install libpcap-dev && pip3 install Cython && pip3 install python-libpcap
```
## Usage
```
# extract credentials from a pcap file
python3 ./Pcredz -f file-to-parse.pcap
# extract credentials from all pcap files in a folder
python3 ./Pcredz -d /tmp/pcap-directory-to-parse/
# extract credentials from a live packet capture on a network interface (need root privileges)
python3 ./Pcredz -i eth0 -v
```
### Options
```
-h, --help show this help message and exit
-f capture.pcap Pcap file to parse
-d /home/pnt/pcap/ Pcap directory to parse recursivly
-i eth0 interface for live capture
-v More verbose.
-o output_dir Store log files in output_dir instead of the directory containing Pcredz.
```