net creds: Sniffs sensitive data from interface or pcap

by do son · Published · Updated

net creds

net creds

Thoroughly sniff passwords and hashes from an interface or pcap file. Concatenates fragmented packets and does not rely on ports for service identification.

Sniffs

  • URLs visited
  • POST loads sent
  • HTTP form logins/passwords
  • HTTP basic auth logins/passwords
  • HTTP searches
  • FTP logins/passwords
  • IRC logins/passwords
  • POP logins/passwords
  • IMAP logins/passwords
  • Telnet logins/passwords
  • SMTP logins/passwords
  • SNMP community string
  • NTLMv1/v2 all supported protocols: HTTP, SMB, LDAP, etc.
  • Kerberos

Install

git clone https://github.com/DanMcInerney/net-creds.git
cd net-creds
pip install -r requirements.txt

MacOS

sudo easy_install pip

sudo pip install scapy

sudo pip install pcapy

brew install libdnet --with-python

mkdir -p /Users/<username>/Library/Python/2.7/lib/python/site-packages

echo 'import site; site.addsitedir("/usr/local/lib/python2.7/site-packages")' >> /Users/<username>/Library/Python/2.7/lib/python/site-packages/homebrew.pth

sudo pip install pypcap

brew tap brona/iproute2mac

brew install iproute2mac

Usage

python net-creds.py

Auto-detect the interface to sniffExample

sudo python net-creds.py

Choose eth0 as the interface

sudo python net-creds.py -i eth0

Ignore packets to and from 192.168.0.2

sudo python net-creds.py -f 192.168.0.2

Read from pcap

python net-creds.py -p pcapfile

Source: https://github.com/DanMcInerney/

Tags: net-creds