DanMcInerney/net-creds

Stars
1,654
Rank 28,073 (Top 0.6 %)
Language
Python
License
GNU General Publi...
Created over 9 years ago
Updated 11 months ago

DanMcInerney/net-creds

DanMcInerney

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Sniffs sensitive data from interface or pcap

Thoroughly sniff passwords and hashes from an interface or pcap file. Concatenates fragmented packets and does not rely on ports for service identification.

Screenshots

Sniffs

URLs visited
POST loads sent
HTTP form logins/passwords
HTTP basic auth logins/passwords
HTTP searches
FTP logins/passwords
IRC logins/passwords
POP logins/passwords
IMAP logins/passwords
Telnet logins/passwords
SMTP logins/passwords
SNMP community string
NTLMv1/v2 all supported protocols: HTTP, SMB, LDAP, etc.
Kerberos

Examples

Auto-detect the interface to sniff

sudo python net-creds.py

Choose eth0 as the interface

sudo python net-creds.py -i eth0

Ignore packets to and from 192.168.0.2

sudo python net-creds.py -f 192.168.0.2

Read from pcap

python net-creds.py -p pcapfile

OS X

Credit to epocs:

sudo easy_install pip
sudo pip install scapy
sudo pip install pcapy
brew install libdnet --with-python
mkdir -p /Users/<username>/Library/Python/2.7/lib/python/site-packages
echo 'import site; site.addsitedir("/usr/local/lib/python2.7/site-packages")' >> /Users/<username>/Library/Python/2.7/lib/python/site-packages/homebrew.pth
sudo pip install pypcap
brew tap brona/iproute2mac
brew install iproute2mac

Then replace line 74 '/sbin/ip' with '/usr/local/bin/ip'.

Thanks

Laurent Gaffie
psychomario

wifijammer

Continuously jam all wifi clients/routers

LANs.py

Inject code and spy on wifi users

xsscrapy

XSS spider - 66/66 wavsep XSS detected

icebreaker

Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment

pymetasploit3

Automation library for Metasploit

pentest-machine

Automates some pentest jobs via nmap xml file

dnsspoof

DNS spoofer. Drops DNS responses from the router and replaces it with the spoofed DNS response

fakeAP

Create fake AP in Kali with 1 command

elite-proxy-finder

Finds public elite anonymity proxies and concurrently tests them

msf-autoshell

Feed the tool a .nessus file and it will automatically get you MSF shell

creds.py

Harvest FTP/POP/IMAP/HTTP/IRC creds

fast-recon

Does some google dorks against a domain

device-pharmer

Opens 1K+ IPs or Shodan search results and attempts to login

wifi-monitor

Prints the IPs on your local network that're sending the most packets

msf-autopwn

Autoexploitation of some of the most common vulnerabilities in wild

search-google

Scrape google search results

autorelay

Automatically performs the SMB relay attack

msfbot

WORK IN PROGRESS. Waits for MSF session then automatically gets domain admin

get_proxy

Py class that returns fastest http proxy

Invoke-Cats

Obfuscated Invoke-Mimikatz

SMB-reverse-brute

Async'ly gather unique usernames thru null SMB sessions and bruteforce them with 2 passwords

best-channel

Find wifi channel with least interference

shellshock-hunter

Concurrently test bing results for shellshock vulnerability

smb-autopwn

Discovers and exploits hosts vulnerable to MS08-067/MS17-010

Autobloodhound

Automatically parses and attacks BloodHound-generated graphs

autoresp

Runs Responder, uploads hashes for cracking, alerts when cracked

FuzzStrings

Simple, hand-picked list of fuzz strings

shellshock-hunter-google

Search google for shellshock vulnerable sites

cookiejack

ARP spoof then session jack within your browser

crawler.py

async web crawler

nmap-parser

Parses Nmap XML files

MsfWrapper

Asynchronous MSF RPC API wrapper

net-sniffer

Sniffs an interface/pcap file and concatenates fragmented packet loads

shodan-search

WPSmash

mailspy

Catch IMAP/POP passwords and see incoming and outgoing messages

arp-ping-detector

ARP ping detector on local network

Obf-Cats

Obfuscated Invoke-Mimikatz script

injecthtml

async-meterpreter-controller

Template for asynchronously controlling meterpreter sessions

search-bing

Search bing with python

flashforge-finder-api

FlashForge Finder 3D Printer API with temperature control

postanalyzer

Analyze and log POSTs your machine makes

joomla-addon-hunter

Find potential SQLi in Joomla URLs

vimrc

UfcstatsScraper

Scrapes ufcstats.com for data

BestfightoddsScraper

Asynchronously scrape bestfightodds.com for odds data

Invoke-Pwds

Obfuscated Invoke-PowerDump for SAM hash retrieval

basic-xss-spider

sort of functional - abandoned

arpdet

Detects and deauths arp spoofers automatically. Broken.

SherdogScraper

Scrapes sherdog.com for fights

async-requests

quickscan

bashrc

Dating-service

Written by kid I was teaching python to.

mma

dotfiles

UFCScraper