Creation of Katz^2

katz2/README.md

@@ -0,0 +1,14 @@
+# Katz^2
+Katz Squared is a small python parser for Mimikatz log files, allowing for username/hash combos to be written to txt files, ready for use with Hashcat (you get the joke yet?) or John.
+
+---
+
+Usage: `katz2.py [-h] -f/--file -m/--mode`
+-
+**Modes:** 
+ - logonpasswords - Used for files containing the output of the mimikatz module of the same name.
+ - cache -- Used for files containing the output of the lsadump::cache mimikatz module
+ ---
+ **License:**
+ 
+ GPLv3 as all good software should be.

katz2/katz2.py

@@ -0,0 +1,68 @@
+import argparse
+
+parser = argparse.ArgumentParser()
+parser.add_argument("-f", "--file", help="Mimikatz output file", required=True)
+parser.add_argument("-m", "--mode", help="Mimikatz mode used to obtain the output logonpasswords|cache", required=True)
+args = parser.parse_args()
+
+def dump(creds):
+    if isinstance(creds, list) and len(creds) >= 2:
+        username = creds[0]
+        hsh = creds[1]
+        dumpfile = username+".txt"
+        with open(dumpfile, "w+") as df:
+            df.write(hsh)
+    else:
+        pass
+
+def sekurlsa():
+    filename = args.file
+    creds = []
+    with open(filename) as f:
+        for line in f:
+            if "authentication" in line.lower():
+                dump(creds)
+                creds = []
+            elif "username" in line.lower():
+                username = line.split(":")[1].strip()
+                if username.lower() in creds or username.lower() == "(null)":
+                    pass
+                else:
+                    creds.append(username.lower())
+            elif "ntlm" in line.lower():
+                ntlm = line.strip().split(":")[1].strip()
+                if ntlm in creds:
+                    pass
+                else:
+                    creds.append(ntlm)
+
+def cache():
+    filename = args.file
+    creds = []
+    with open(filename) as f:
+        for line in f:
+            if "nl$" in line.lower():
+                print(creds)
+                dump(creds)
+                creds = []
+            elif "user" in line.lower():
+                username = line.split(":")[1].strip()
+                if username.lower() in creds or username.lower() == "(null)":
+                    pass
+                else:
+                    creds.append(username.lower())
+            elif "mscachev2" in line.lower():
+                mscache = line.strip().split(":")[1].strip()
+                if mscache in creds:
+                    pass
+                else:
+                    creds.append(mscache)
+
+    print("[+] Credential pairs written to disk")
+
+if __name__ == "__main__":
+    match args.mode:
+        case "logonpasswords":
+            sekurlsa()
+        case "cache":
+            cache()