Net-creds - Sniff passwords and hashes from an interface or pcap file

Monday, April 20, 2015

Thoroughly sniff passwords and hashes from an interface or pcap file. Concatenates fragmented packets and does not rely on ports for service identification.

  • URLs visited
  • POST loads sent
  • HTTP form logins/passwords
  • HTTP basic auth logins/passwords
  • HTTP searches
  • FTP logins/passwords
  • IRC logins/passwords
  • POP logins/passwords
  • IMAP logins/passwords
  • Telnet logins/passwords
  • SMTP logins/passwords
  • SNMP community string
  • NTLMv1/v2 all supported protocols like HTTP, SMB, LDAP, etc
  • Kerberos


Auto-detect the interface to sniff
sudo python
Choose eth0 as the interface
sudo python -i eth0
Ignore packets to and from
sudo python -f
Read from pcap
python -p pcapfile

Subscribe via e-mail for updates!