https://github.com/lwangenheim/PW_Spy
https://github.com/lwangenheim/PW_Spy
Last synced: 4 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/lwangenheim/PW_Spy
- Owner: lwangenheim
- Created: 2019-05-31T03:44:07.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2020-08-09T18:32:30.000Z (over 5 years ago)
- Last Synced: 2024-11-21T14:38:13.714Z (12 months ago)
- Language: Python
- Size: 18.6 KB
- Stars: 27
- Watchers: 2
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - lwangenheim/PW_Spy - (Python)
README
```
____ __ __ _____
| __ \ \ / / / ____|
| |__) \ \ /\ / / | (___ _ __ _ _
| ___/ \ \/ \/ / \___ \| '_ \| | | |
| | \ /\ / ____) | |_) | |_| |
|_| \/ \/ |_____/| .__/ \__, |
| | __/ |
|_| |___/
```
# PW_Spy
This is a tool to help with analysis after a full password audit. To use it simply call ```./pw_analysis.py``` and provide it with the list of hashes attempted and potfile from your engagement.
So far it will strip out the basewords from the plaintext passwords in the potfile and count the occurances of those. It will also look for any re-used hashes in the list of hashes attempted. Finally it will create the most common password masks observed from the plaintext passwords to identify patterns in the passwords you were able to crack from the environment.
## Example
```./pw_spy.py full_list_of_attempted_hashes.txt engagement_potfile.pot```
## Considerations
It would be best to send this into an output file:
```./pw_spy.py full_list_of_attempted_hashes.txt engagement_potfile.pot > analysis.txt```
If you don't want a specific piece of the analysis for some reason simply comment out the function call at the bottom of the file.
This assumes you used Hashcat and your full hashlist is stripped with one hash per line. The potfile is a raw potfile from Hashcat.
## TODO
1. I will be adding more pieces as I get to it, this is more for personal use at this point.