Skip to content

Commit

Permalink
README update
Browse files Browse the repository at this point in the history
  • Loading branch information
PaperMtn committed Aug 12, 2024
1 parent 9ae527a commit 5f8bb8d
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 10 deletions.
30 changes: 21 additions & 9 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,25 @@ Fast offline auditing of Active Directory passwords using Python.
## About Lil Pwny
Lil Pwny is a Python application to perform an offline audit of NTLM hashes of users' passwords, recovered from Active Directory, against known compromised passwords from Have I Been Pwned. Results will be output in JSON format containing the username, matching hash (can be obfuscated), and how many times the matching password has been seen in HIBP

There are also additional features:
- Ability to provide a list of your own custom passwords to check AD users against. This allows you to check user passwords against passwords relevant to your organisation that you suspect people might be using. These are NTLM hashed, and AD hashes are then compared with this as well as the HIBP hashes.
- Return a list of accounts using the same passwords. Useful for finding users using the same password for their administrative and standard accounts.
- Obfuscate hashes in output, for if you don't want to handle or store live user NTLM hashes.

More information about Lil Pwny can be found [on my blog](https://papermtn.co.uk/category/tools/lil-pwny/)

## Features

- **Custom Password Auditing**: Ability to provide a list of your own custom passwords to check AD users against. This allows you to check user passwords against passwords relevant to your organisation that you suspect people might be using.
- Pass a .txt file with the plaintext passwords you want to search for, these are then NTLM hashed and AD hashes are then compared with this as well as the HIBP hashes.
- **Detect Duplicates**: Return a list of accounts using the same passwords. Useful for finding users using the same password for their administrative and standard accounts.
- **Obfuscated Output**: Obfuscate hashes in output, for if you don't want to handle or store live user NTLM hashes.

### Custom Password List Enhancement
Lil Pwny provides the functionality to enhance your custom password list by adding commonly used variants of your custom passwords. These include:
- Passwords with common 'leetspeak' substitutions (e.g. `P@ssw0rd`)
- Uppercase versions of the password, and uppercase first characters (e.g. `PASSWORD`, `Password`)
- Passwords with common special characters appended or prepended (e.g. `password!`, `!password`)
- Passwords padded with common alphanumeric characters, special characters and repetitions of themselves to make them meet a given minimum length (e.g. `password123!`, `!passwordabc`, `passwordpassword`)
- You pass your desired minimum password length to Lil Pwny when selecting the custom list enhancement option
- Passwords with dates appended starting from the year 1950 up to 10 years from today's date (e.g. `password1950`, `password2034`)

A custom password list of 100 plaintext passwords generates 49848660 variations.
## Resources
This application has been developed to make the most of multiprocessing in Python, with the aim of it working as fast as possible on consumer level hardware.

Expand Down Expand Up @@ -48,26 +60,26 @@ pip install lil-pwny
Lil-pwny will be installed as a global command, use as follows:

```
usage: lil-pwny [-h] -hibp HIBP [--version] [-c CUSTOM] -ad AD_HASHES [-d] [-output {file,stdout,json}] [-o] [--debug]
usage: lil-pwny [-h] -hibp HIBP [-v] [-c CUSTOM] [-custom-enhance CUSTOM_ENHANCE] -ad AD_HASHES [-d] [-output {file,stdout,json}] [-o] [--debug]
Fast offline auditing of Active Directory passwords using Python
options:
-h, --help show this help message and exit
-hibp HIBP, --hibp HIBP
The .txt file containing HIBP NTLM hashes
--version show program's version number and exit
-v, --version show program's version number and exit
-c CUSTOM, --custom CUSTOM
.txt file containing additional custom passwords to check for
-custom-enhance CUSTOM_ENHANCE, --custom-enhance CUSTOM_ENHANCE
generate an enhanced custom password list based on the provided custom password list. Must be used with -c/--custom flag. The enhanced list will stored in memory and not written to disk. Provide the minimum length of the passwords you want. Default is 8
-ad AD_HASHES, --ad-hashes AD_HASHES
The .txt file containing NTLM hashes from AD users
-d, --duplicates Output a list of duplicate password users
-output {file,stdout,json}, --output {file,stdout,json}
Where to send results
-o, --obfuscate Obfuscate hashes from discovered matches by hashing with a random salt
--debug Turn on debug level logging
```

Example:
Expand Down
2 changes: 1 addition & 1 deletion pyproject.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[tool.poetry]
name = "lil-pwny"
version = "3.1."
version = "3.1.0"
description = "Fast offline auditing of Active Directory passwords using Python and multiprocessing"
authors = ["PaperMtn <papermtn@protonmail.com>"]
license = "GPL-3.0"
Expand Down

0 comments on commit 5f8bb8d

Please sign in to comment.