PCredz was built to extract credentials from large pcap files or from a live interface.
Stats:
Stats on juicy pcap files:
– 30 mo pcap file : 15s
– 500mo pcap file: 1.5 minutes
– 2 Go pcap file: 7 minutes.
Features:
- Extract from a pcap file or from a live interface:
- Credit card numbers
- POP
- SMTP
- IMAP
- SNMP community string
- FTP
- HTTP Basic
- NTLMv1/v2 (DCE-RPC,SMBv1/2,LDAP, MSSQL, HTTP, etc)
- Kerberos (AS-REQ Pre-Auth etype 2#) hashes.
- All hashes are displayed in a hashcat format (use -m 7500 for kerberos, -m 5500 for NTLMv1, -m 5600 for NTLMv2).
- Log all credentials to a file (CredentialDump-Session.log).
Install:
- Linux:
On a debian based OS: apt-get install python-libpcap
- Os X and other distributions:
wget http://downloads.sourceforge.net/project/pylibpcap/pylibpcap/0.6.4/pylibpcap-0.6.4.tar.g
tar xvf pylibpcap-0.6.4.tar.gz
cd pylibpcap-0.6.4
python setup.py install
Usage:
./Pcredz -f file-to-parse.pcap
./Pcredz -d /tmp/pcap-directory-to-parse/
./Pcredz -i eth0
Options:
-h, –help show this help message and exit
-f capture.pcap Pcap file to parse
-d /home/pnt/pcap/ Pcap directory to parse recursivly
-i eth0 interface for live capture
-v More verbose.
You can download PCredz here:
https://github.com/lgandx/PCredz
Print
Share
Comment
Cite
Upload
Translate
APA
() » Introducing PCredz. Retrieved from https://www.truth.cx/2014/04/08/introducing-pcredz/.
MLA" » Introducing PCredz." - , https://www.truth.cx/2014/04/08/introducing-pcredz/
HARVARD » Introducing PCredz., viewed ,
VANCOUVER - » Introducing PCredz. [Internet]. [Accessed ]. Available from: https://www.truth.cx/2014/04/08/introducing-pcredz/
CHICAGO" » Introducing PCredz." - Accessed . https://www.truth.cx/2014/04/08/introducing-pcredz/
IEEE" » Introducing PCredz." [Online]. Available: https://www.truth.cx/2014/04/08/introducing-pcredz/. [Accessed: ]