davehardy20/One-liner Mimikatz Parser

## One-liner Mimikatz Parser
Assuming you have a mimikatz dump named "mimikatz_dump.txt", I made these bash one-liners that will reformat the mimikatz output to "domain\user:password"

First, before using these parsers, run:  "dos2unix mimikatz_dump.txt"

Mimikatz 1.0:

cat mimikatz_dump.txt  | grep -P '((Utilisateur principal)|(msv1_0)|(kerberos)|(ssp)|(wdigest)|(tspkg))\s+:\s+.+' | grep -v 'n\.' | sed -e 's/^\s\+[^:]*:\s\+//' | sed -e 's/Utilisateur principal\s\+:\s\+\(.*\)$/\n\1/' | sort -u


Mimikatz 2.0 (unfortunately, you must "apt-get install pcregrep" because reasons):

cat mimikatz_dump.txt | pcregrep -M 'Username\s+:\s+[^\s]+\n.*Domain\s+:\s+[^\s]+\n.*Password\s+:\s+[^\s]+\n' | sed "s/'/\\\'/" | xargs -L 3 echo | grep -v '\(null\)' | sed -e 's/* Username : //g;s/* Domain ://g;s/* Password ://g' | awk '{print $2 "\\" $1 ":" $3}' | sort -u


Pretty useful!

https://github.com/Raikia
https://twitter.com/raikiasec

@raikiasec
	Assuming you have a mimikatz dump named "mimikatz_dump.txt", I made these bash one-liners that will reformat the mimikatz output to "domain\user:password"

	First, before using these parsers, run: "dos2unix mimikatz_dump.txt"

	Mimikatz 1.0:

	cat mimikatz_dump.txt \| grep -P '((Utilisateur principal)\|(msv1_0)\|(kerberos)\|(ssp)\|(wdigest)\|(tspkg))\s+:\s+.+' \| grep -v 'n\.' \| sed -e 's/^\s\+[^:]:\s\+//' \| sed -e 's/Utilisateur principal\s\+:\s\+\(.\)$/\n\1/' \| sort -u


	Mimikatz 2.0 (unfortunately, you must "apt-get install pcregrep" because reasons):

	cat mimikatz_dump.txt \| pcregrep -M 'Username\s+:\s+[^\s]+\n.Domain\s+:\s+[^\s]+\n.Password\s+:\s+[^\s]+\n' \| sed "s/'/\\\'/" \| xargs -L 3 echo \| grep -v '\(null\)' \| sed -e 's/* Username : //g;s/* Domain ://g;s/* Password ://g' \| awk '{print $2 "\\" $1 ":" $3}' \| sort -u


	Pretty useful!

	https://github.com/Raikia
	https://twitter.com/raikiasec

	@raikiasec