Skip to main content

Next-generation secretsdump tool using DSInternals for credential extraction

Project description

secretsdump-ng

Credential dumping tool that uses DSInternals for extracting credentials from Windows systems, using any available command-execution port (rather than relying on 445).

Massive props to DSInternals & Impacket; this tool really isn't anything revolutionary and uses the impressive work already completed by Michael Grafnetter and the Fortra team.

Features

  • NTDS.DIT extraction using DSInternals on Domain Controllers
  • Registry hive dumping (SAM, SYSTEM, SECURITY) on Windows Servers
  • Multi-threaded operations for dumping from multiple hosts
  • Secure transfer of credentials via HTTPS
  • Filtered extraction - dump only specific users with --just-dc-user
  • --skip-portscan to bypass AuthFinder's port check when ports are filtered but accessible

Usage

# Dump all credentials from a single host
secretsdump-ng 192.168.1.10 username password

# Dump from multiple hosts using IP range
secretsdump-ng 192.168.1.10-20 username password

# Dump only a specific user
secretsdump-ng 192.168.1.10 username password --just-dc-user administrator

# Use more threads for faster scanning
secretsdump-ng 192.168.1.1-254 username password --threads 20

# Skip portscan (useful when ports appear filtered but are accessible)
secretsdump-ng 192.168.1.10 username password --skip-portscan

# Verbose output
secretsdump-ng 192.168.1.10 username password -v

How It Works

  1. Sets up HTTPS server on port 1338 to receive credential dumps
  2. Executes PowerShell remotely on target systems using AuthFinder
  3. Extracts registry hives (SAM, SYSTEM, SECURITY) from all Windows systems
  4. Extracts NTDS.DIT using DSInternals on Domain Controllers
  5. Processes and formats credentials using impacket-secretsdump
  6. Saves output to ./secretsdump_ng_out/[IP]/secretsdump.out

Admin accounts are highlighted with (admin) tag. Machine accounts are sorted to the bottom.

Security Notes

  • Uses temporary SSL certificates for HTTPS transfers
  • Temporary files on target systems are stored in $env:TEMP and cleaned up after extraction

License

MIT License - see LICENSE file for details

Disclaimer

This tool is intended for authorized security assessments only. Ensure you have proper authorization before using this tool on any systems.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

secretsdump_ng-1.1.3.tar.gz (11.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

secretsdump_ng-1.1.3-py3-none-any.whl (11.4 kB view details)

Uploaded Python 3

File details

Details for the file secretsdump_ng-1.1.3.tar.gz.

File metadata

  • Download URL: secretsdump_ng-1.1.3.tar.gz
  • Upload date:
  • Size: 11.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.2

File hashes

Hashes for secretsdump_ng-1.1.3.tar.gz
Algorithm Hash digest
SHA256 47b5549cfdf94ddf327a70df633247c4ff55640ccbd11c4737f4a4b428accb80
MD5 53f44c330c45d205d4822e65bb508029
BLAKE2b-256 df65d0b53be3cf26ec1fbaf188cfaaf90cb81dac7daa354ea6c6370cabae8eb1

See more details on using hashes here.

File details

Details for the file secretsdump_ng-1.1.3-py3-none-any.whl.

File metadata

  • Download URL: secretsdump_ng-1.1.3-py3-none-any.whl
  • Upload date:
  • Size: 11.4 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.2

File hashes

Hashes for secretsdump_ng-1.1.3-py3-none-any.whl
Algorithm Hash digest
SHA256 afd2e42c848ef89d71cc1957b8c14fa27cf6780ae30809a9610e651a0a70df04
MD5 4d6f83ceb6224dfc699353e96c4b73d9
BLAKE2b-256 887247ec8f8a8a78d90744a735a7400f7923889ec7490cadda09617cb16b7502

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page