KatzKatz is a python3 tool to parse text files containing output from Mimikatz sekurlsa::logonpasswords or pypykatz lsa minidump modules. When performing an internal network pentest, sometimes you found yourself gathering many lsass.exe process dumps, open them using Mimikatz\pypykatz to extract clear text passwords and\or NTLM password hashes. Once you getter many of those (and usually some of them contain many credential sets), it becomes a bit cumbersome to track and understand which users you compromised. KatzKatz will parse those for you and will output a CSV file containing only valid* sets so you can filter more easily and get the ones you need.
TThe tool will only parse valid* sets of credentials and will omit the 'null' ones. Also, it will compare the output and will save unique sets of credentials.
*I'm not sure if 'valid' is the right word, KatzKatz will save results that containing at least username + password and\or NTLM password hash.
First, install the needed dependencies:
pip3 install -r requirements.txt
Second, run the tool with the needed flags:
python3 KatzKatz.py -f [FILENAME]
- -f-F
- single file or folder containing txt files
- -o
- output file name (csv)
This was tested with python 3.4 and Mimikatz 2.0+ version
Using the script on a folder containing multiple text and dmp files:
I got a lot of ideas from MWR Labs - https://github.com/stufus/parse-mimikatz-log And of course, https://github.com/gentilkiwi/mimikatz & https://github.com/skelsec/pypykatz which are amazing tools.
Yeah, I know, this code isn't the best. I'm fine with it as I'm not a developer and this is part of my learning process. If there is an option to do some of it better, please, let me know.
Not how many, but where.