Giters

codystuart0 / net_creds

Sniffs sensitive data from interface or pcap

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Thoroughly sniff passwords and hashes from an interface or pcap file. Concatenates fragmented packets and does not rely on ports for service identification.

Screenshots
Screenie1
Screenie2

###Sniffs

  • URLs visited
  • POST loads sent
  • HTTP form logins/passwords
  • HTTP basic auth logins/passwords
  • HTTP searches
  • FTP logins/passwords
  • IRC logins/passwords
  • POP logins/passwords
  • IMAP logins/passwords
  • Telnet logins/passwords
  • SMTP logins/passwords
  • SNMP community string
  • NTLMv1/v2 all supported protocols like HTTP, SMB, LDAP, etc
  • Kerberos

###Examples

Auto-detect the interface to sniff

sudo python net-creds.py

Choose eth0 as the interface

sudo python net-creds.py -i eth0

Ignore packets to and from 192.168.0.2

sudo python net-creds.py -f 192.168.0.2

Read from pcap

python net-creds.py -p pcapfile

####OSX

Credit to epocs:

sudo easy_install pip
sudo pip install scapy
sudo pip install pcapy
brew install libdnet --with-python
mkdir -p /Users/<username>/Library/Python/2.7/lib/python/site-packages
echo 'import site; site.addsitedir("/usr/local/lib/python2.7/site-packages")' >> /Users/<username>/Library/Python/2.7/lib/python/site-packages/homebrew.pth
sudo pip install pypcap
brew tap brona/iproute2mac
brew install iproute2mac

Then replace line 74 '/sbin/ip' with '/usr/local/bin/ip'.

####Importing net_creds as a Python module

net_creds can be imported and run within a Python script or larger project. To use net_creds as a module, first import it within your project file:

	
	import net_creds

Then start it by making a call to net_creds.run() as shown below:

	
	import net_creds

	net_creds.run(interface='wlan0')

The net_creds.run() function accepts the following keyword arguments:

  • interface - Choose an interface to listen on
  • pcap - Parse info from a pcap file; pcap='filename.pcap'
  • filterip - Do not sniff packets from this ip address

Note that net_creds.run() is a blocking call, and that running net_creds in parallel with other modules or code requires the use of daemon processes. For example:

	import net_creds
	from multiprocessing import Process

	def run_net_creds(interface):

		net_creds.run(interface=interface)

	p = Process(target=net_creds.run, args=('wlan0',))
	p.start()

	print 'Run the rest of your code here'

	p.stop()

####Thanks

  • Laurent Gaffie
  • psychomario

About

Sniffs sensitive data from interface or pcap

License:GNU General Public License v3.0

Languages

Language:Python 100.0%