MCPcopy Index your code
hub / github.com/dionach/pwdumpstats

github.com/dionach/pwdumpstats @1.0

Chat with this repo
repository ↗ · DeepWiki ↗ · release 1.0 ↗ · + Follow
3 symbols 12 edges 1 files 0 documented · 0%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

pwdumpstats

pwdumpstats is a python script to generate statistics from a pwdump file, including around the use of duplicate passwords. It can also read passwords cracked using John the Ripper or hashcat, to show the most common weak passwords in use.

Although it will work with any pwdump file (or even a simpler username:hash file), it is best used with the output of NtdsAudit, which will allow it to output more stats, such as those related to inactive and administrative accounts.

Comments and pull requests are welcome.

Usage

pwdumpstats will try and find John's pot file (which contains the cracked passwords) by looking in the $JOHN environment variable. If this isn't set, you can manually pass the pot file to it with --pot. It also supports pot files in from hashcat, and potentially other tools as long as they use the same formatting.

usage: pwdumpstats.py [options] <pwdumpfile>

optional arguments:
  -h, --help                            Show help text
  -f FILTER_FILE, --filter FILTER_FILE  Filter users
  -H, --history                         Include password history hashes
  -s, --show                            Show full password re-use output
  -a, --admins                          List admins
  -A, --cracked-admins                  List cracked admin accounts
  -n, --noncomplex                      List users with non-complex passwords
  -E, --empty                           List users with empty passwords
  -c, --cracked                         Only print cracked hashes
  -d, --domain                          Print domains
  -D, --disabled                        Include disabled accounts
  -p POT_FILE, --pot POT_FILE           Specify pot file (john or hashcat format)
  -m, --mask                            Mask passwords and hashes in output
  -l, --lm                              Show accounts with LM hashes

Example Output

$ pwdumpstats.py pwdump.txt

##############
# Statistics #
##############

Users:                  7359
LM Hashes (current):    360 (4.89%)
LM Hashes (history):    0
History hashes:         0
Total hashes:           7359

Cracked passwords:      5857 (79.59%)
Non-complex passwords:  494 (6.71%)
Empty passwords:        0

Duplicate passwords:    1509 (20.51%)
Highest duplicate:      167 (2.27%)
Top 20 passwords:       747 (10.15%)

Username as password:   23 (0.31%)

Total admin accounts:   99
Cracked admin passwords 68 (68.69%)
Administrators:         99
Domain Admins:          61

Top 20 hashes

310     64F12CDDAA88057E06A81B54E73B949B        Password1
131     30C3F921B4A69289FE7E752E0E3BAEAB        Monday10
49      31D6CFE0D16AE931B73C59D7E0C089C0        [empty]
38      DA7A992199887B5652528077CDD049CC        October2017
35      A4258E2B5D7D7FBB04531A89177B5E22        November2017
<...>

Core symbols most depended-on inside this repo

print_percent
called by 9
pwdumpstats.py
mask
called by 9
pwdumpstats.py

Shape

Function 2
Class 1

Languages

Python100%

Modules by API surface

pwdumpstats.py3 symbols

For agents

$ claude mcp add pwdumpstats \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact