Skip to content

Releases: PaperMtn/lil-pwny

Lil Pwny - 3.0.1

22 Jul 21:11
@github-actions github-actions
3.0.1
f18e07c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Lil Pwny - 3.0.1 Latest
Latest

Added

  • Updated logging
    • New stdout logging experience with colourised output that is easier to read.
    • Logging embedded in multiprocessing workers to provide matches as they are found, instead of all at the end.
    • DEBUG level logging for more verbose output and error tracing.
  • Rebuilt to use Poetry for dependency management and packaging.
  • Much better exception handling and robustness against errors
  • CI/CD for testing build, releasing to GitHub and publishing to PyPI

Fixed

  • Fixed broken support for MD4 (NTLM) hashing in the builtin Python hashlib library. This was causing the script to fail when hashing the NTLM hashes from the AD database. This has been fixed by using the pycryptodome library to hash the NTLM hashes.
    • This is fixed for obfuscation of hashes in the output, and for hashing the custom passwords list for comparison with AD users.
  • Fixed issue where reading files in Windows would fail due to the default encoding being used. This has been fixed by implementing encoding detection.
  • A number of errors that sometimes occurred when running on Windows
  • GitHub release logic

Removed

  • Removed the option to log to a file. This was not a useful feature, was hard to maintain, and can be achieved by redirecting stdout to a file.
Assets 3
Loading

Lil Pwny 2.0.0

02 Jan 23:14
@PaperMtn PaperMtn
2.0.0
cc036eb
Compare
Choose a tag to compare
Lil Pwny 2.0.0

Lil Pwny 2.0.0 - 2021-01-02

Added

  • Massive enhancements to make much better use of multiprocessing for the large HIBP password file, as well as more efficient importing and handling of Active Directory user hashes.
  • Updated directory structure to play more nicely with more OS versions and flavours, rather than installing in the src directory.
  • Logging: Removed outdated text file output and implemented JSON formatted logging to either stdout or to .log file
  • New option to obfuscate genuine password NTLM hashes in logging output. This is achieved by further hashing the hash with a randomly generated salt.
  • Active Directory computer accounts are now not imported with AD user hashes. There is little value in assessing these, so no point importing them.
Assets 3
Loading

Lil Pwny 1.0.2

22 Mar 17:42
@PaperMtn PaperMtn
1.0.2
2ad84b0
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Lil Pwny 1.0.2

This release enhances the filtering done on the AD userlist that is input, removing the username:hash values for computer accounts which are also extracted from AD at the same time as users.

This means fewer entries to check against HIBP, and the audit completing faster.

Assets 3
Loading

Lil Pwny 1.0.1

22 Mar 14:53
@PaperMtn PaperMtn
1.0.1
73fa885
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Lil Pwny 1.0.1 
Merge pull request #2 from PaperMtn/dev

Change of contact details
Assets 3
Loading