A small Python-Script to extract NetNTLMv2 Hashes from NTMLssp-HTTP-Authentications, which were captured in a pcap.
Requires pyshark (https://github.com/KimiNewt/pyshark) and Python 3
Just clone this repository and run the ntlmssp_extract.py file.
After executing the python-file, you can choose which output format you want, 0 for (cuda/ocl)Hashcat or 1 for JohnTheRipper Then you are able to enter the full path of your capture-file (if you want to speed up the extraction, you should remove all the non related packages from the capture before you run NTLMssp-Extract).
- pass path and format via command line parameters
- filter out corrupt/invalid hashes & packages
While I think the script does the job, which it was written for, quite good, I'm always open to new ideas and/or pull requests & issues!