danmcinerney / net-creds Goto Github PK
View Code? Open in Web Editor NEWSniffs sensitive data from interface or pcap
License: GNU General Public License v3.0
net-creds's People
Stargazers
Watchers
Forkers
signedbytes gh0stisic detrojones toddhdow-xx exceltior sp1tf1r3 braneed colinmcintosh bronx205 xxoxx ksmaheshkumar vivolo lucabongiorni atmark dare2netsec atimorin afthill mallocnode drptbl jhermann zenhacklab az0ne mjseeley magnumripper rhodgman-r7 zaratros r00tb0x jbarcia cogbee securewebsite sukelluskello altune wuhaa11 miauwuffmiau john-lin geekspeed edwinlu tchernicum byruggero peterpt merzlyakov-me djgrasss beyondkmp dreilly369 workidea breathblush kostyll buliktt mizery adrellias m4rm0k cyberscions neversatisfied 0x90shell elijahbl cerebralmischief garthoff m1m1x cplushua01 inscriptionweb securextools epocssss vcohere solidstorm rajivraj rubicondimitri evil1-2 dipsec kelixin hbxc0re bollustrado dot-sean s0lst1c3 cinno 0rbytal ivanov-dmitry rukigreen jothatron sealmindset necroapps ognz retsu8 connlan swiv176 hanshaze ngbatnicdotmil vaginessa digideskio o1oo1o1o methos2016 keithfiore jiangwh k-guan songofhack mrphishxxx blowfishj legendarynacar stackpivot psuedoelastic motikarqnet-creds's Issues
Frame Number
Hi,
Any chance we can get the frame number for a result added to the output? This would aid in validation of the results as we could then open the pcap in wireshark and spot check result output.
Thanks!
capture by mask
Please add capture POST request by mask, cap all POST requests that have "login","pass","email" field and custom phazes.
False+ MS Kerberos sometimes triggered with torrent traffic
Investigate.
No sniffing happening with Ubuntu
Hello, I'm running this script on Ubuntu and it doesn't capture anything except traffic from the machine on which the script is running. I've tried enabling promiscuous mode on my wireless interface but that doesn't seem to change anything. Has anyone else seen this / have any mitigations?
problem when running on mac os x
sudo python net-creds.py
File "net-creds.py", line 75
ipr = Popen([‘/usr/local/bin/ip’, 'route'], stdout=PIPE, stderr=DN)
^
SyntaxError: invalid syntax
Issue running on macbook air with mavericks.
I'm having this issue running net-creds.py on a macbook air with mavericks. I followed epocs instructions and here is the error I'm getting,
Traceback (most recent call last):
File "net-creds.py", line 7, in
from scapy.all import *
File "/Library/Python/2.7/site-packages/scapy/all.py", line 16, in
from arch import *
File "/Library/Python/2.7/site-packages/scapy/arch/init.py", line 75, in
from bsd import *
File "/Library/Python/2.7/site-packages/scapy/arch/bsd.py", line 12, in
from unix import *
File "/Library/Python/2.7/site-packages/scapy/arch/unix.py", line 20, in
from pcapdnet import *
File "/Library/Python/2.7/site-packages/scapy/arch/pcapdnet.py", line 173, in
import dnet
ImportError: No module named dnet
Hope someone can help.
Thanks
Crash with incomplete ntlm hash
Control the index access of arrays, be care with incomplete streams
POST load:
Traceback (most recent call last):
File "./net-creds.py", line 995, in
main(parse_args())
File "./net-creds.py", line 972, in main
pkt_parser(pkt)
File "./net-creds.py", line 195, in pkt_parser
other_parser(src_ip_port, dst_ip_port, full_load, ack, seq, pkt, parse_args().verbose)
File "./net-creds.py", line 639, in other_parser
netntlm_found = parse_netntlm(authenticate_header, authorization_header, headers, ack, seq)
File "./net-creds.py", line 700, in parse_netntlm
parse_netntlm_chal(headers, chal_header, ack)
File "./net-creds.py", line 821, in parse_netntlm_chal
msg2 = header_val2[1]
IndexError: list index out of range
Support for python3
Argument for datetime output
I'd like to see an argument to output the datetime with the message. Something like:
root@server:/root/sandbox/net-creds> python net-creds.py -d
[*] Using interface: ens33
[2015-03-04 18:26:41] [192.168.1.2] GET cnn.com/
Check it out: https://github.com/colinmcintosh/net-creds/tree/dev
If you're okay with it I can send a pull request
Repeated information
Working with big pcap files, there are a lot of repeated output,
It will very useful not show repeated data.
PyPcap Install Fails on OS X 10.8.5
$ pip install pypcap
fails with:
clang -fno-strict-aliasing -fno-common -dynamic -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -mno-fused-madd -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_PCAP_SETNONBLOCK=1 -DHAVE_PCAP_COMPILE_NOPCAP=1 -DHAVE_PCAP_FILE=1 -I/usr/include/pcap -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c pcap.c -o build/temp.macosx-10.8-intel-2.7/pcap.o
clang: error: unknown argument: '-mno-fused-madd' [-Wunused-command-line-argument-hard-error-in-future]
clang: note: this will be a hard error (cannot be downgraded to a warning) in the future
error: command 'clang' failed with exit status 1
I tried, to no avail, a suggested workaround:
sudo ARCHFLAGS=-Wno-error=unused-command-line-argument-hard-error-in-future gem install pcap
Any other ideas?
Context:
- OS X 10.8.5
- Python 2.7.2
- clang --version
Apple LLVM version 5.1 (clang-503.0.40) (based on LLVM 3.4svn)
Target: x86_64-apple-darwin12.5.0
Thread model: posix - ruby 2.2.0p0 (2014-12-25 revision 49005) [x86_64-darwin12.0]
Issues running on OS X
After jumping through the usual hoops to get things running on an OS X machine, the final barrier that I've run into is the lack of /sbin/ip being installed on OS X. I can't seem to find a way to install it, so I'm wondering if there's a workaround. Traceback attached below:
Traceback (most recent call last):
File "/Users/admin/Desktop/net-creds.py", line 971, in <module>
main(parse_args())
File "/Users/admin/Desktop/net-creds.py", line 961, in main
conf.iface = iface_finder()
File "/Users/admin/Desktop/net-creds.py", line 73, in iface_finder
ipr = Popen(['/sbin/ip', 'route'], stdout=PIPE, stderr=DN)
File "/usr/local/Cellar/python/2.7.9/Frameworks/Python.framework/Versions/2.7/lib/python2.7/subprocess.py", line 710, in __init__
errread, errwrite)
File "/usr/local/Cellar/python/2.7.9/Frameworks/Python.framework/Versions/2.7/lib/python2.7/subprocess.py", line 1335, in _execute_child
raise child_exception
OSError: [Errno 2] No such file or directory
ImportError: No module named scapy
when i run: sudo python2 net-creds.py
i get a import error.
Implement HTTPS
Sniffing HTTPs authentications.
Any chance to get it running under python 3 ?
Just tried 2to3 to convert your script from python 2 to 3 but errors raised at execution runtime.
Any chance to rewrite it under python 3 ?
Thanks.
Permission denied
┌──(kali㉿kali)-[~/net-creds]
└─$ ./net-creds.py
Traceback (most recent call last):
File "./net-creds.py", line 38, in
logging.basicConfig(filename='credentials.txt',level=logging.INFO)
File "/usr/lib/python2.7/logging/init.py", line 1554, in basicConfig
hdlr = FileHandler(filename, mode)
File "/usr/lib/python2.7/logging/init.py", line 920, in init
StreamHandler.init(self, self._open())
File "/usr/lib/python2.7/logging/init.py", line 950, in _open
stream = open(self.baseFilename, self.mode)
IOError: [Errno 13] Permission denied: '/home/kali/net-creds/credentials.txt'
┌──(kali㉿kali)-[~/net-creds]
└─$ sudo python3 net-creds.py
[sudo] password for kali:
File "/home/kali/net-creds/net-creds.py", line 952
print print_str
^^^^^^^^^^^^^^^
SyntaxError: Missing parentheses in call to 'print'. Did you mean print(...)?
UnicodeDecodeError
Traceback (most recent call last):
File "net-creds.py", line 1001, in
main(parse_args())
File "net-creds.py", line 978, in main
pkt_parser(pkt)
File "net-creds.py", line 183, in pkt_parser
mail_creds_found = mail_logins(full_load, src_ip_port, dst_ip_port, ack, seq)
File "net-creds.py", line 500, in mail_logins
mail_decode(src_ip_port, dst_ip_port, mail_creds)
File "net-creds.py", line 402, in mail_decode
printer(src_ip_port, dst_ip_port, msg)
File "net-creds.py", line 947, in printer
if msg in contents:
UnicodeDecodeError: 'ascii' codec can't decode byte 0x96 in position 1778: ordinal not in range(128)
Running in Kali Linux 2.0 with Python 2.7.9.
Thank you.
Crash on parse_ntlm_chal
Getting this on a net-creds run while doing ARP Spoofing:
Traceback (most recent call last): File "net-creds.py", line 1003, in <module> main(parse_args()) File "net-creds.py", line 999, in main sniff(iface=conf.iface, prn=pkt_parser, store=0) File "/usr/lib/python2.7/site-packages/scapy/sendrecv.py", line 780, in sniff r = prn(p) File "net-creds.py", line 199, in pkt_parser other_parser(src_ip_port, dst_ip_port, full_load, ack, seq, pkt, parse_args().verbose) File "net-creds.py", line 643, in other_parser netntlm_found = parse_netntlm(authenticate_header, authorization_header, headers, ack, seq) File "net-creds.py", line 707, in parse_netntlm parse_netntlm_chal(headers, chal_header, ack) File "net-creds.py", line 831, in parse_netntlm_chal parse_ntlm_chal(msg2, ack) File "net-creds.py", line 844, in parse_ntlm_chal assert(msg_type==2) AssertionError
Import error of geteuid, devnull
Import error of geteuid, devnull from os library
Error: while import urllib
Traceback (most recent call last):
File "net-creds.py", line 15, in
from urllib import unquote
ImportError: cannot import name 'unquote' from 'urllib' (/usr/lib64/python3.8/urllib/init.py)
python: 3.8.3
pip: pip 19.3.1 from /usr/lib/python3.8/site-packages/pip (python 3.8)
Please, help me.
Install in Termux
Hello, I have the following errors
root@localhost:~/git/net-creds# python2 net-creds.py Traceback (most recent call last): File "net-creds.py", line 1003, in <module> main(parse_args()) File "net-creds.py", line 993, in main conf.iface = iface_finder() File "net-creds.py", line 76, in iface_finder ipr = Popen(['/sbin/ip', 'route'], stdout=PIPE, stderr=DN) File "/usr/lib/python2.7/subprocess.py", line 394, in __init__ errread, errwrite) File "/usr/lib/python2.7/subprocess.py", line 1047, in _execute_child raise child_exception OSError: [Errno 2] No such file or directory
Crash decoding incomplete base64
The incorrect base64 padding exception must be controlled, for avoiding crashes:
POST load:
Traceback (most recent call last):
File "./net-creds.py", line 995, in
main(parse_args())
File "./net-creds.py", line 972, in main
pkt_parser(pkt)
File "./net-creds.py", line 195, in pkt_parser
other_parser(src_ip_port, dst_ip_port, full_load, ack, seq, pkt, parse_args().verbose)
File "./net-creds.py", line 644, in other_parser
parse_basic_auth(src_ip_port, dst_ip_port, headers, authorization_header)
File "./net-creds.py", line 689, in parse_basic_auth
basic_auth_creds = base64.decodestring(basic_auth_b64)
File "/usr/lib/python2.7/base64.py", line 321, in decodestring
return binascii.a2b_base64(s)
binascii.Error: Incorrect padding
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.