Domain Password Audit Tool (DPAT) 09-02-2017, 08:47 AM
#1
This is a python script that will generate password use statistics from password hashes dumped from a domain controller and a password crack file such as oclHashcat.pot generated from the oclHashcat tool during password cracking. The report is an HTML report with clickable links.
![[Image: dpatSummary.png]](https://github.com/clr2of8/DPAT/raw/master/dpatSummary.png)
Code:
usage: dpat.py [-h] -n NTDSFILE -c CRACKFILE [-o OUTPUTFILE]
[-d REPORTDIRECTORY] [-w] [-s]
[-g [GROUPLISTS [GROUPLISTS ...]]]
This script will perfrom a domain password audit based on an extracted NTDS
file and password cracking output such as oclHashcat.
optional arguments:
-h, --help show this help message and exit
-n NTDSFILE, --ntdsfile NTDSFILE
NTDS file name (output from SecretsDump.py)
-c CRACKFILE, --crackfile CRACKFILE
Password Cracking output in the default form output by
oclHashcat, such as oclHashcat.pot
-o OUTPUTFILE, --outputfile OUTPUTFILE
The name of the HTML report output file, defaults to
_DomainPasswordAuditReport.html
-d REPORTDIRECTORY, --reportdirectory REPORTDIRECTORY
Folder containing the output HTML files, defaults to
DPAT Report
-w, --writedb Write the SQLite database info to disk for offline
inspection instead of just in memory. Filename will be
"pass_audit.db"
-s, --sanitize Sanitize the report by partially redacting passwords
and hashes. Prepends the report directory with
"Sanitized - "
-g [GROUPLISTS [GROUPLISTS ...]], --grouplists [GROUPLISTS [GROUPLISTS ...]]
The name of one or multiple files that contain lists
of usernames in particular groups. The group names
will be taken from the file name itself. The username
list must be in the same format as found in the NTDS
file such as some.ad.domain.com\username. Example: -g
"Domain Admins.txt" "Enterprise Admins.txt"![[Image: Vs4P58c.png]](https://i.imgur.com/Vs4P58c.png)
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)