Next-generation secretsdump tool using DSInternals for credential extraction
Project description
secretsdump-ng
Credential dumping tool that uses DSInternals for extracting credentials from Windows systems, using any available command-execution port (rather than relying on 445).
Massive props to DSInternals & Impacket; this tool really isn't anything revolutionary and uses the impressive work already completed by Michael Grafnetter and the Fortra team.
Features
- NTDS.DIT extraction using DSInternals on Domain Controllers
- Registry hive dumping (SAM, SYSTEM, SECURITY) on all Windows systems
- Multi-threaded operations for dumping from multiple hosts
- Secure transfer of credentials via HTTPS
- Formatted output compatible with standard secretsdump format
- Filtered extraction - dump only specific users with
--just-dc-user
Usage
# Dump all credentials from a single host
secretsdump-ng 192.168.1.10 username password
# Dump from multiple hosts using IP range
secretsdump-ng 192.168.1.10-20 username password
# Dump only a specific user
secretsdump-ng 192.168.1.10 username password --just-dc-user administrator
# Use more threads for faster scanning
secretsdump-ng 192.168.1.1-254 username password --threads 20
# Verbose output
secretsdump-ng 192.168.1.10 username password -v
How It Works
- Sets up HTTPS server on port 1338 to receive credential dumps
- Executes PowerShell remotely on target systems using
exec_across_windows.py - Extracts registry hives (SAM, SYSTEM, SECURITY) from all Windows systems
- Extracts NTDS.DIT using DSInternals on Domain Controllers
- Processes and formats credentials using impacket-secretsdump
- Saves output to
./secretsdump_ng_out/[IP]/secretsdump.out
Admin accounts are highlighted with (admin) tag. Machine accounts are sorted to the bottom.
Security Notes
- Uses temporary SSL certificates for HTTPS transfers
- Temporary files on target systems are stored in
$env:TEMPand cleaned up after extraction
License
MIT License - see LICENSE file for details
Disclaimer
This tool is intended for authorized security assessments only. Ensure you have proper authorization before using this tool on any systems.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file secretsdump_ng-1.1.0.tar.gz.
File metadata
- Download URL: secretsdump_ng-1.1.0.tar.gz
- Upload date:
- Size: 11.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
92e8ab21001dc0dead2bc24b5e2d316ef7e5fc187d904abac334f637393bfc3e
|
|
| MD5 |
f58fa94af9767dc4883e2ec0f40ba1ba
|
|
| BLAKE2b-256 |
3ab64fddd6e4757581610a25b85fd3eb410584b82694736aaf27cb92b94e7750
|
File details
Details for the file secretsdump_ng-1.1.0-py3-none-any.whl.
File metadata
- Download URL: secretsdump_ng-1.1.0-py3-none-any.whl
- Upload date:
- Size: 11.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ec0363150799cba79328779b2968f52e919d52b0fdeb02e90e0148fd13d4773b
|
|
| MD5 |
8ce394dd120bb1b87e91c84a592e471f
|
|
| BLAKE2b-256 |
0286f0f31209cfc57aa13316ec8bfed3708b16ec5ebc32e0cea9085e51da7252
|
