Skip to content
This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.
Find file
Latest commit 05ae40f Dec 12, 2014 @lgandx Changed version number
Failed to load latest commit information.
Pcredz Changed version number Dec 12, 2014 updated readme Nov 26, 2014


  • Extract from a pcap file or from a live interface:

    • Credit card numbers
    • POP
    • SMTP
    • IMAP
    • SNMP community string
    • FTP
    • HTTP
    • NTLMv1/v2 (DCE-RPC,SMBv1/2,LDAP, MSSQL, HTTP, etc)
    • Kerberos (AS-REQ Pre-Auth etype 23) hashes.
  • All hashes are displayed in a hashcat format (use -m 7500 for kerberos, -m 5500 for NTLMv1, -m 5600 for NTLMv2).

  • Log all credentials to a file (CredentialDump-Session.log).


  • Linux:

On a debian based OS: apt-get install python-libpcap

On Kali, you will need to: apt-get remove python-pypcap && apt-get install python-libpcap

  • Os X and other distributions:


tar xvf pylibpcap-0.6.4.tar.gz

cd pylibpcap-0.6.4

python install


./Pcredz -f file-to-parse.pcap

./Pcredz -d /tmp/pcap-directory-to-parse/

./Pcredz -i eth0


-h, --help show this help message and exit

-f capture.pcap Pcap file to parse

-d /home/pnt/pcap/ Pcap directory to parse recursivly

-i eth0 interface for live capture

-v More verbose.

Something went wrong with that request. Please try again.