Brute-Shark: A New Project that extract hashes from PCAP files
#3
Hi,
PCredz and Net-Creds are great tools,
but there are several significant differences:

1. Implementation - PCredz and Net-Creds are single file scripts that extract data only from single packets. BruteShark has a complete information analysis layer that able to reconstruct all TCP Sessions, therefore the implementation of the extracting algorithms can be more accurate, including inspecting at both sides of the conversation (for example check the Telnet or NTLM parsers).

2. While PCredz and Net-Creds are scripts that extract credentials, Brute Shark aims to be an all-in-one solution for security researchers with the task of network traffic analysis while they try to identify weaknesses, that includes drawing a network map, reconstruct all TCP Sessions and more.
Imagine you are investigating an attacker performing suspicious activity against FTP Server, I believe you would like to see all the session data In order to understand the essence of the activity.

3. Architecture - BruteShark is implements a pluggable architecture and was built for adding more modules (at this point I’m waiting for ideas and feedbacks), it also has a GUI version.

Please take a look at the code and feel free to contact me with any further questions.
contact.oded.shimon@gmail.com
Reply


Messages In This Thread
RE: Brute-Shark: A New Project that extract hashes from PCAP files - by BruteShark - 05-06-2020, 01:15 AM