net-creds – Sniffs Sensitive Data from interface or pcap

net-creds is a tool that you can use to run network penetration testing and allow user to sniff passwords and hashes from an interface or pcap file. Concatenates fragmented packets and does not rely on ports for service identification.

net-creds - Sniffs Sensitive Data from interface or pcap
net-creds – Sniffs Sensitive Data from interface or pcap

There is a large list of services and protocols we use to connect and transmit data. This tool will make a focus on any sensitive information that the user will send or submit to remote system and that information will be highlighted with information about the type of authentication.

Some of the supported protocol and processed services are:

  • URLs visited
  • POST loads sent
  • HTTP form logins/passwords
  • HTTP basic auth logins/passwords
  • HTTP searches
  • FTP logins/passwords
  • IRC logins/passwords
  • POP logins/passwords
  • IMAP logins/passwords
  • Telnet logins/passwords
  • SMTP logins/passwords
  • SNMP community string
  • NTLMv1/v2 all supported protocols: HTTP, SMB, LDAP, etc.
  • Kerberos

User will have the possibility to select options to make autodetection of sniffed traffic to find sensitive information, He will be able to run the tool on any selected interface normally the one that are will have spanned/spoofed traffic, it will be possible to ignore ip addresses or packets that are out of the testing scope and may generate false positives.

The other good functionality is to read pcap files this in case there is a netflow data that penetration tester managed to get from servers or network devices. the tool may analyze and process packet capture to list sensitive information.

You can read more and download this tool over here: https://github.com/DanMcInerney/net-creds

Share