Sort and unique Responder hashes

netBIOS-sort.py

#!/usr/bin/env python
# Copyright (c) 2017, Brandan Geise [coldfusion]
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
import argparse
import os
import glob
import os.path


def main():
	parser = argparse.ArgumentParser(description='Sort NetBIOS captured hashes')
	parser.add_argument('-d', '--directory', help='Location of Responder directory (default: /opt/Responder/)', default='/opt/Responder/', nargs='+')
	args = parser.parse_args()

	responder_path = "{0}logs/".format(''.join(args.directory))

	hash_files = ['HTTP-NTLMv1', 'HTTP-NTLMv2', 'SMB']
	for hash_file in hash_files:
		sort_hashes(responder_path, hash_file)


def sort_hashes(directory, target):
	hashes = []
	usernames = []

	# Count number of current hashes
	sorted_hashes = "{0}{1}_sorted.hash".format(directory, target)
	previous_hash_count = count_hashes(sorted_hashes)

	# Sort hashes
	files = glob.glob("{0}{1}*.txt".format(directory, target))
	for file in files:
		hash_files = open(file, 'r')
		for line in hash_files:
			username = line.split('::')[0]
			if '$' in username:
				pass
			elif username.lower() in usernames:
				pass
			else:
				hashes.append(line.rstrip())
				usernames.append(username.lower())

	# Write found hashes
	with open(sorted_hashes, 'w') as new_hashes:
		for found_hash in hashes:
			new_hashes.write("{0}\n".format(found_hash))
	new_hashes.close()

	new_hash_count = count_hashes(sorted_hashes)

	# Print new hashes
	hash_difference = new_hash_count - previous_hash_count
	if hash_difference > 0:
		print_good("New {0} hashes: {1}".format(target, hash_difference))
		print_good("Total {0} hashes: {1}".format(target, new_hash_count))
		print_status("Wrote hashes to {0}\n".format(sorted_hashes))
	else:
		print_warn("No new {0} hashes were found!\n".format(target))


def count_hashes(fname):
	hash_count = 0
	if os.path.isfile(fname):
		with open(fname, 'r') as hashes:
			for count, length in enumerate(hashes):
				hash_count = count + 1
				pass
		hashes.close()

	return hash_count


def print_error(msg):
	print("\033[1m\033[31m[-]\033[0m {0}".format(msg))


def print_status(msg):
	print("\033[1m\033[34m[*]\033[0m {0}".format(msg))


def print_good(msg):
	print("\033[1m\033[32m[+]\033[0m {0}".format(msg))


def print_warn(msg):
	print("\033[1m\033[33m[!]\033[0m {0}".format(msg))

if __name__ == '__main__':
	main()