diff --git a/modules/net_sniff_ftp.go b/modules/net_sniff_ftp.go
new file mode 100644
index 00000000..4928f8ea
--- /dev/null
+++ b/modules/net_sniff_ftp.go
@@ -0,0 +1,42 @@
+package modules
+
+import (
+	"regexp"
+
+	"github.com/google/gopacket"
+	"github.com/google/gopacket/layers"
+
+	"github.com/evilsocket/islazy/str"
+	"github.com/evilsocket/islazy/tui"
+)
+
+var (
+	ftpRe = regexp.MustCompile(`^(USER|PASS) (.+)[\n\r]+$`)
+)
+
+func ftpParser(ip *layers.IPv4, pkt gopacket.Packet, tcp *layers.TCP) bool {
+	data := string(tcp.Payload)
+
+	if matches := ftpRe.FindAllStringSubmatch(data, -1); matches != nil {
+		what := str.Trim(matches[0][1])
+		cred := str.Trim(matches[0][2])
+		NewSnifferEvent(
+			pkt.Metadata().Timestamp,
+			"ftp",
+			ip.SrcIP.String(),
+			ip.DstIP.String(),
+			nil,
+			"%s %s > %s:%s - %s %s",
+			tui.Wrap(tui.BACKYELLOW+tui.FOREWHITE, "ftp"),
+			vIP(ip.SrcIP),
+			vIP(ip.DstIP),
+			vPort(tcp.DstPort),
+			tui.Bold(what),
+			tui.Yellow(cred),
+		).Push()
+
+		return true
+	}
+
+	return false
+}
diff --git a/modules/net_sniff_parsers.go b/modules/net_sniff_parsers.go
index 086efc1e..cb473395 100644
--- a/modules/net_sniff_parsers.go
+++ b/modules/net_sniff_parsers.go
@@ -21,6 +21,8 @@ func tcpParser(ip *layers.IPv4, pkt gopacket.Packet, verbose bool) {
 		return
 	} else if httpParser(ip, pkt, tcp) {
 		return
+	} else if ftpParser(ip, pkt, tcp) {
+		return
 	} else if verbose {
 		NewSnifferEvent(
 			pkt.Metadata().Timestamp,