Orange-Cyberdefense/graphcat Orange-Cyberdefense/graphcat

  • Stars
    star
    152
  • Rank 244,685 (Top 5 %)
  • Language
    Python
  • License
    MIT License
  • Created almost 2 years ago
  • Updated almost 2 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
Orange-Cyberdefense/graphcat
github

Orange-Cyberdefense

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Generate graphs and charts based on password cracking result

graphcat.py

Simple script to generate graphs and charts on hashcat (and john) potfile and ntds.

Table of Content

Install

git clone https://github.com/Orange-Cyberdefense/graphcat
cd graphcat
pip install .

Helper

$ graphcat.py -h
usage: graphcat.py [-h] -potfile hashcat.potfile -hashfile hashfile.txt [-john] [-format FORMAT] [-export-charts] [-output-dir OUTPUT_DIR] [-debug]

Password Cracking Graph Reporting

options:
  -h, --help            show this help message and exit
  -potfile hashcat.potfile
                        Hashcat Potfile
  -hashfile hashfile.txt
                        File containing hashes (one per line)
  -john                 John potfile
  -format FORMAT        hashfile format (default 3): 1 for hash; 2 for username:hash; 3 for secretsdump (username:uid:lm:ntlm)
  -export-charts        Output also charts in png
  -output-dir OUTPUT_DIR
                        Output directory
  -debug                Turn DEBUG output ON

Usage

Graphcat just need a potfile with -potfile (default is hashcat, but you can use -john to submit a john potfile) and a hashfile with -hashfile. The hashfile should be in a specific format from the 3 availables formats with -format flag. Default is Secretsdump.

The tool will generate a report with multiple password cracking charts. You can get charts in png with the -export-charts flag.

$ graphcat.py -hashfile entreprise.local.ntds -potfile hashcat.pot
[-] Parsing potfile
[-] 164 entries in potfile
[-] Parsing hashfile
[-] 1600 entries in hashfile
[-] Generating graphs...
[-] Generating report...
[-] Report available at graphcat_1672941324.pdf

Formats

1: Only Hash

aad3b435b51404eeaad3b435b51404ee
aad3b435b51404eeaad3b435b51404ee
aad3b435b51404eeaad3b435b51404ee

2: Username + Hash

test1:aad3b435b51404eeaad3b435b51404ee
test2:aad3b435b51404eeaad3b435b51404ee
test3:aad3b435b51404eeaad3b435b51404ee

3: Secretsdump

waza.local\test1:4268:aad3b435b51404eeaad3b435b51404ee:aad3b435b51404eeaad3b435b51404ee:::
waza.local\test2:4269:aad3b435b51404eeaad3b435b51404ee:aad3b435b51404eeaad3b435b51404ee:::
waza.local\test3:4270:aad3b435b51404eeaad3b435b51404ee:aad3b435b51404eeaad3b435b51404ee:::

If a hash occurs more than once in the hash file, it will be counted that many times.

Moreover, if you submit secretsdump with password history (-history in secretsdump command), it will analyze similarity in password history

Charts example

More Repositories

1

GOAD

game of active directory
PowerShell
4,933
star
2

arsenal

Arsenal is just a quick inventory and launcher for hacking programs
Python
3,155
star
3

ocd-mindmaps

Orange Cyberdefense mindmaps
1,001
star
4

awesome-industrial-protocols

Security-oriented list of resources about industrial network protocols.
Python
448
star
5

KeePwn

A python tool to automate KeePass discovery and secret extraction.
Python
444
star
6

fenrir-ocd

Python
226
star
7

grepmarx

A source code static analysis platform for AppSec enthusiasts.
Python
194
star
8

russia-ukraine_IOCs

Russia / Ukraine 2022 conflict related IOCs from CERT Orange Cyberdefense Threat Intelligence Datalake
173
star
9

versionshaker

Find the remote website version based on a git repository
Python
122
star
10

haiti

๐Ÿ”‘ A CLI tool to identify the hash type of a given hash.
Ruby
107
star
11

CVE-repository

๐Ÿชฒ Repository of CVE found by OCD people
Python
68
star
12

disposable-mailbox-docker

A self hosted yopmail like server running in a docker
PHP
55
star
13

cme-wmi

A standalone WMI protocol for CrackMapExec
Python
48
star
14

wmi-shell

WMI Shell project : proof-of-concept of remote access to a Windows machine using only the WMI service.
C
43
star
15

bof

BOF (Boiboite Opener Framework) is a testing framework for industrial protocols implementations and devices.
Python
42
star
16

ctf-party

๐ŸŽ A library to enhance and speed up script/exploit writing for CTF players
Ruby
39
star
17

rabid

๐Ÿช A CLI tool and library allowing to simply decode all kind of BigIP cookies.
Ruby
37
star
18

ctf-write-ups

๐Ÿ“ Collection of our CTF write-ups
Python
27
star
19

sikara

Ease and assist the compromise of an Active Directory environment.
Python
26
star
20

reverse-proxy-auth

A Nginx reverse proxy that authenticates users using their personal certificates. Includes everything to create and revoke those certificates, create the CA and even TLS certificates for websites.
Shell
23
star
21

mass-nessus-docker

Deploy multiple instances of Nessus in docker containers easily
Shell
19
star
22

log4shell_iocs

Log4Shell IOCs from CERT Orange Cyberdefense Threat Intelligence Datalake
17
star
23

leHACK-2022

C
16
star
24

sqltrees

Developper-proof prevention of SQL injection (java library)
Java
10
star
25

sweetlemonade

SWEETLEMONADE is a bootkit for UEFI firmware
C
5
star
26

CyberSOC-detect-Nanocore-RAT

Dรฉtection de malwares par Artefacts : le cas du RAT Nanocore
Python
3
star