1 - #! /usr/bin/env python 2 - # Pcredz 1 .0.0 1 + #!/usr/bin/env python 2 + # Pcredz 2 .0.2 3 3 # Created by Laurent Gaffie 4 4 # 5 5 # This program is free software: you can redistribute it and/or modify skipped 34 lines 40 40 from threading import Thread 41 41 42 42 def ShowWelcome(): 43 - Message = 'Pcredz 2.0.1 \nAuthor: Laurent Gaffie\nPlease send bugs/comments/pcaps to: [email protected] \nThis script will extract NTLM (http ,ldap ,smb ,sql ,etc), Kerberos,\nFTP, HTTP Basic and credit card data from a given pcap file or from a live interface.\n' 43 + Message = 'Pcredz 2.0.2 \nAuthor: Laurent Gaffie\nPlease send bugs/comments/pcaps to: [email protected] \nThis script will extract NTLM (HTTP ,LDAP , SMB ,MSSQL ,RPC , etc), Kerberos,\nFTP, HTTP Basic and credit card data from a given pcap file or from a live interface.\n' 44 44 print(Message) 45 45 46 46 parser = argparse.ArgumentParser(description='Pcredz 1.0.0\nAuthor: Laurent Gaffie') skipped 304 lines 351 351 d['data']=s[4*d['header_len']:] 352 352 return d 353 353 354 + def Decode_Ipv6_Packet(s): 355 + d={} 356 + d['version']=(s[0] & 0xf0) >> 4 357 + d['nxthdr']=s[6] 358 + d['plen']=struct.unpack("!h", s[4:6])[0] 359 + d['source_address']="[" +socket.inet_ntop(socket.AF_INET6, s[8:24]) + "]" 360 + d['destination_address']="[" +socket.inet_ntop(socket.AF_INET6, s[24:40]) + "]" 361 + d['protocol']=s[6] 362 + d['data']=s[40:] 363 + return d 364 + 354 365 def Print_Packet_Details(decoded,SrcPort,DstPort): 355 366 if timestamp: 356 367 ts = '[%f] ' % time.time() skipped 283 lines 640 651 DstPort = struct.unpack('>H',decoded['data'][2:4])[0] 641 652 ParseDataRegex(decoded, SrcPort, DstPort) 642 653 654 + if data[14:16]== b'\x86\xdd': 655 + decoded=Decode_Ipv6_Packet(data[16:]) 656 + SrcPort = struct.unpack('>H',decoded['data'][0:2])[0] 657 + DstPort = struct.unpack('>H',decoded['data'][2:4])[0] 658 + ParseDataRegex(decoded, SrcPort, DstPort) 659 + 660 + 643 661 def Print_Packet_800dot11(pktlen, timestamp, data): 644 662 if not data: 645 663 return 646 664 if data[32:34]== b'\x08\x00': 647 665 decoded=Decode_Ip_Packet(data[34:]) 666 + SrcPort = struct.unpack('>H',decoded['data'][0:2])[0] 667 + DstPort = struct.unpack('>H',decoded['data'][2:4])[0] 668 + ParseDataRegex(decoded, SrcPort, DstPort) 669 + 670 + if data[32:34]== b'\x86\xdd': 671 + decoded=Decode_Ipv6_Packet(data[34:]) 648 672 SrcPort = struct.unpack('>H',decoded['data'][0:2])[0] 649 673 DstPort = struct.unpack('>H',decoded['data'][2:4])[0] 650 674 ParseDataRegex(decoded, SrcPort, DstPort) skipped 11 lines 662 686 DstPort = struct.unpack('>H',decoded['data'][2:4])[0] 663 687 else: 664 688 DstPort = 0 689 + ParseDataRegex(decoded, SrcPort, DstPort) 690 + 691 + if data[12:14]== b'\x86\xdd': 692 + decoded= Decode_Ipv6_Packet(data[14:]) 693 + if len(decoded['data']) >= 2: 694 + SrcPort= struct.unpack('>H',decoded['data'][0:2])[0] 695 + else: 696 + SrcPort = 0 697 + if len(decoded['data']) > 2: 698 + DstPort = struct.unpack('>H',decoded['data'][2:4])[0] 665 699 ParseDataRegex(decoded, SrcPort, DstPort) 666 700 667 701 def loop_packets(pcap_object, func): skipped 106 lines