From c16d55fd327b590947655d0db31ec5c20212f36c Mon Sep 17 00:00:00 2001
From: Fr3ki <kye@fr3ki.xyz>
Date: Fri, 21 Feb 2025 18:46:48 -0700
Subject: [PATCH] Creation of Katz^2

---
 katz2/README.md | 14 ++++++++++
 katz2/katz2.py  | 68 +++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 82 insertions(+)
 create mode 100644 katz2/README.md
 create mode 100644 katz2/katz2.py

diff --git a/katz2/README.md b/katz2/README.md
new file mode 100644
index 0000000..ccbce5d
--- /dev/null
+++ b/katz2/README.md
@@ -0,0 +1,14 @@
+# Katz^2
+Katz Squared is a small python parser for Mimikatz log files, allowing for username/hash combos to be written to txt files, ready for use with Hashcat (you get the joke yet?) or John.
+
+---
+
+Usage: `katz2.py [-h] -f/--file -m/--mode`
+-
+**Modes:** 
+ - logonpasswords - Used for files containing the output of the mimikatz module of the same name.
+ - cache -- Used for files containing the output of the lsadump::cache mimikatz module
+ ---
+ **License:**
+ 
+ GPLv3 as all good software should be.
diff --git a/katz2/katz2.py b/katz2/katz2.py
new file mode 100644
index 0000000..2627233
--- /dev/null
+++ b/katz2/katz2.py
@@ -0,0 +1,68 @@
+import argparse
+
+parser = argparse.ArgumentParser()
+parser.add_argument("-f", "--file", help="Mimikatz output file", required=True)
+parser.add_argument("-m", "--mode", help="Mimikatz mode used to obtain the output logonpasswords|cache", required=True)
+args = parser.parse_args()
+
+def dump(creds):
+    if isinstance(creds, list) and len(creds) >= 2:
+        username = creds[0]
+        hsh = creds[1]
+        dumpfile = username+".txt"
+        with open(dumpfile, "w+") as df:
+            df.write(hsh)
+    else:
+        pass
+
+def sekurlsa():
+    filename = args.file
+    creds = []
+    with open(filename) as f:
+        for line in f:
+            if "authentication" in line.lower():
+                dump(creds)
+                creds = []
+            elif "username" in line.lower():
+                username = line.split(":")[1].strip()
+                if username.lower() in creds or username.lower() == "(null)":
+                    pass
+                else:
+                    creds.append(username.lower())
+            elif "ntlm" in line.lower():
+                ntlm = line.strip().split(":")[1].strip()
+                if ntlm in creds:
+                    pass
+                else:
+                    creds.append(ntlm)
+
+def cache():
+    filename = args.file
+    creds = []
+    with open(filename) as f:
+        for line in f:
+            if "nl$" in line.lower():
+                print(creds)
+                dump(creds)
+                creds = []
+            elif "user" in line.lower():
+                username = line.split(":")[1].strip()
+                if username.lower() in creds or username.lower() == "(null)":
+                    pass
+                else:
+                    creds.append(username.lower())
+            elif "mscachev2" in line.lower():
+                mscache = line.strip().split(":")[1].strip()
+                if mscache in creds:
+                    pass
+                else:
+                    creds.append(mscache)
+
+    print("[+] Credential pairs written to disk")
+
+if __name__ == "__main__":
+    match args.mode:
+        case "logonpasswords":
+            sekurlsa()
+        case "cache":
+            cache()