Multi-threaded wrapper for Impacket's Secretsdump.py tool, optimizing rapid and efficient secrets extraction.
This script was intended to be used to streamline domain-wide audits of locally stored credentials. For auditing Service Account Credentials in Plaintext and Local Administrator Credential Reuse -- see it's sister DumpInspector.
This script will:
- Take a list of hostnames as input. This is the true intention as client's want hostnames, not IP addresses, when reporting identified vulnerabilities.
- Warns the user about potential for account lockout risks and device quarantine before starting.
- Use a quick NMAP check to find live hosts in that list as to prevent delays due to unreachable hosts.
- Perform multi-threaded execution of Impacket's Secretsdump.py tool using Python's concurrent.futures.ThreadPoolExecutor for efficiency. (Note: This tool is hardcoded to run secretsdump.py ... not impacket-secretsdump... cause I made it for me, not you...)
- Provides a progress bar to monitor the execution status in real time.
- Log detailed execution output and errors to a file for later review.
- Output results to a specified directory, with a default option if none is provided.
*Do I really need to say be careful...? Before running a mass secretsdump be sure that the client's EDR isn't going to quarantine the target hosts...
SwiftSecrets.py -tf <TARGET_FILE< -d <DOMAIN> -u <USERNAME> -p <PASSWORD? [-o OUTPUT]
Really created this just to simplify and streamline processes that I perform manually on each assessment. The main idea behind this, a Multi-threaded Secretsdump using python's concurrent.futures.ThreadPoolExecutor, was an idea an old co-worker put into action here: https://github.com/fin3ss3g0d/secretsdump.py
Also the clear hero here is everyone involved in the Impacket project... active repo is here: https://github.com/fortra/impacket/tree/master