BruteShark is a Network Forensic Analysis Tool (NFAT) that performs deep processing and inspection of network traffic (mainly PCAP files). It includes: password extracting, building a network map, reconstruct TCP sessions, extract hashes of encrypted passwords and even convert them to a Hashcat format in order to perform an offline Brute Force attack.
The main goal of the project is to provide solution to security researchers and network administrators with the task of network traffic analysis while they try to identify weaknesses that can be used by a potential attacker to gain access to critical points on the network.
What it can do
- Extracting and encoding usernames and passwords (HTTP, FTP, Telnet, IMAP, SMTP...)
- Extract authentication hashes and crack them using Hashcat (Kerberos, NTLM, CRAM-MD5, HTTP-Digest...)
- Build a visual network diagram (Network nodes & users)
- Reconstruct all TCP Sessions
Download
- Windows - download Windows Installer (64 Bit).
- Linux - download BruteSharkCli.zip and run BruteSharkCli.exe using MONO:
$ wget https://github.com/odedshimon/BruteShark/releases/latest/download/BruteSharkCli.zip
$ unzip BruteSharkCli.zip
$ mono BruteSharkCli/BruteSharkCli.exe
Links:
- https://github.com/odedshimon/BruteShark/
- https://hakin9.org/brute-shark-a-network-analysis-tool/