Extract hashes from Responder-Session.log. Select to extract all hashes or filter by
- one hash per user (first occurrence)
- date range
- hash type
- protocol
- users
- domain
- IP and client information
./extractResponderHashes [-i|--input] <Responder-Session.log> [-o|--output,-A,--start,--end,-P "SMB|FTP" -H "NTLMv2|NTLMv2-SSP", Input/Output options
-i, --input <filename> Responder log file to parse
-o, --output <filename> Output results into a file
-I, --show-ip Print client information for each hash
Filter options
-A: Extract ALL the hashes for every user. By default extraxt the first occurence
-P, --protocols <protocol_name> Protocol(s) for which you want the hashes. Separate with pipe (|): -P "SMB|HTTP|SMBv2|FTP"
-H, --hash-type <HASH_TYPE> HASH_TYPE for which you want the hashes. Separate with pipe (|): -H "NTLMv2|NTLMv2-SSP"
-U, --user <username> Filter hashes for a specific username
-D, --domain Filter hashes for a specific domain
-u, --usernames Extract and save the list of usernames gathered
Date and time: the dates must exist in the file
--start mm/dd/yyyy Extract hashes starting from the date specified
--end mm/dd/yyyy Extract hashes till the date specified (included)
- Try to nslookup/ping the machine to check if it alive/true
- print client IP information (IP)
- add IP filter