This is 1/2 of the work done... lot's of cool stuff!

I've re-written a decent amount of the framework to support dynamic config file updates, revamped the ARP Spoofing 'engine' and changed the way MITMf integrates Responder and Netcreds. - Net-creds is now started by default and no longer a plugin.. It's all about getting those creds after all. - Integrated the Subterfuge Framework's ARPWatch script, it will enable itself when spoofing the whole subnet (also squashed bugs in the original ARP spoofing code) - The spoof plugin now supports specifying a range of targets (e.g. --target 10.10.10.1-15) and multiple targets (e.g. --target 10.10.10.1,10.10.10.2) - An SMB Server is now started by default, MITMf now uses Impacket's SMBserver as supposed to the one built into Responder, mainly for 2 reasons: 1) Impacket is moving towards SMB2 support and is actively developed 2) Impacket's SMB server is fully functional as supposed to Responder's (will be adding a section for it in the config file) 3) Responder's SMB server was unrealiable when used through MITMf (After spending a day trying to figure out why, I just gave up and yanked it out) - Responder's code has been broken down into single importable classes (way easier to manage and read, ugh!) - Started adding dynamic config support to Responder's code and changed the logging messages to be a bit more readable. - POST data captured through the proxy will now only be logged and printed to STDOUT when it's decodable to UTF-8 (this prevents logging encrypted data which is no use) - Responder and the Beefapi script are no longer submodules (they seem to be a pain to package, so i removed them to help a brother out) - Some plugins are missing because I'm currently re-writing them, will be added later - Main plugin class now inharates from the ConfigWatcher class, this way plugins will support dynamic configs natively! \o/
2025-08-21 14:03:26 -07:00 · 2015-04-27 18:33:55 +02:00 · 2015-04-27 18:33:55 +02:00 · 9712eed4a3
commit 9712eed4a3
parent 663f38e732
92 changed files with 6883 additions and 3349 deletions
--- a/core/netcreds/README.md
+++ b/core/netcreds/README.md
@ -0,0 +1,64 @@
+Thoroughly sniff passwords and hashes from an interface or pcap file. Concatenates fragmented packets and does not rely on ports for service identification. 
+
+| Screenshots |
+|:-----:|
+| ![Screenie1](http://imgur.com/opQo7Bb.png) |
+| ![Screenie2](http://imgur.com/Kl5I6Ju.png) |
+
+###Sniffs
+
+* URLs visited
+* POST loads sent
+* HTTP form logins/passwords
+* HTTP basic auth logins/passwords
+* HTTP searches
+* FTP logins/passwords
+* IRC logins/passwords
+* POP logins/passwords
+* IMAP logins/passwords
+* Telnet logins/passwords
+* SMTP logins/passwords
+* SNMP community string
+* NTLMv1/v2 all supported protocols like HTTP, SMB, LDAP, etc
+* Kerberos
+
+
+###Examples
+
+Auto-detect the interface to sniff
+
+```sudo python net-creds.py```
+
+Choose eth0 as the interface
+
+```sudo python net-creds.py -i eth0```
+
+Ignore packets to and from 192.168.0.2
+
+```sudo python net-creds.py -f 192.168.0.2```
+
+Read from pcap
+
+```python net-creds.py -p pcapfile```
+
+
+####OSX
+
+Credit to [epocs](https://github.com/epocs):
+```
+sudo easy_install pip
+sudo pip install scapy
+sudo pip install pcapy
+brew install libdnet --with-python
+mkdir -p /Users/<username>/Library/Python/2.7/lib/python/site-packages
+echo 'import site; site.addsitedir("/usr/local/lib/python2.7/site-packages")' >> /Users/<username>/Library/Python/2.7/lib/python/site-packages/homebrew.pth
+sudo pip install pypcap
+brew tap brona/iproute2mac
+brew install iproute2mac
+```
+Then replace line 74 '/sbin/ip' with '/usr/local/bin/ip'.
+
+
+####Thanks
+* Laurent Gaffie
+* psychomario