All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Progress bar when creating BloodHound relationships
- Add option for raw database query
- Expose
--include-disabledand--include-computer-accounts - Show cracked computer accounts in analytics report
- Add option to
bloodhoundsubcommand to mark users as cracked
- Changed the order of the key quantities in the analytics report to a more sensible one
- Sort clusters in details section of analytics report by size
- Change definition of a percentile from "less than" to "less than or equal"
- Make port in the BloodHound URL format optional
- Avoid printing passwords in log messages
- HTML output of long tables like clusters
- A list of all found credentials can be included in the report with degree of detail >= 4
- Support for encryption option in connections to the neo4j database
- Percentage of 'user = password' was relative to cracked passwords, not all accounts
- Support
xlsxformat - Add parameter to change the minimum password length in the context of identifying short passwords
- Include optional lookup in HIBP database in the detailed report
- Add parameter
--keep-tempdir - Add interactions with BloodHound: as a filter (#11) and adding "SamePassword" edges (#7)
- Performance improvement when creating the report
- Require Python 3.6 or greater
- Use MD4 implementation in pure Python because the openssl provider for
hashlibmay not support legacy algorithms - Improve error handling
- Support printing an entire single database entry
- Support deleting single database entries
- Support generating stats of reports without submitting them to the database first
- Support HTML format in
analyticssubcommand - Add the
--degree-of-detailswitch inanalyticssubcommand - Add clusters to detailed report
- Catch CTRL-C during questionnaire when submitting data
- Use
readlineso you can use backspace when interactively answering questions - Gracefully handle missing hashcat binary during questionnaire
- Improve formatting of output of
db query - User must now confirm before deleting an entry
- Check hashcat's return code
- Replace "empty" with "blank" in top 10 passwords list
- Automatically remove computer accounts (end with $) or accounts that are
marked as inactive in the pwdump file like
secretsdump -user-statusdoes it - Ignore hashcat warnings when retrieving usernames (#4)
- Check existence of critical files before running
ntlmsubcommand - Handle
$HEX[]passwords - Improve the way information is presented in the reports
- "Higher is better" was applied twice when creating the stats
- Prevent exception in
db statsif there is no largest cluster - Prevent exception when creating a report and no top passwords exist
- Fix LM detection when cracking several hash files at once
- Handle files that contain single malformed lines
- Show information about the number of entries when creating the stats
- Add usernames to wordlist
- Count nonunique passwords instead of unique passwords, since we want to minimize most metrics
- Use more ordered dictionaries to get more consistency when using Python 3.5
- Remove filtered accounts also from hashes
- Skip LM hash cracking if they're all empty
- Detection of the empty LM hash
- Percentile computation on average password length (because more is better)
- Formatting of percentages
- Attribute "empty_password" from analytics output