Skip to content

Commit

Permalink
Merge pull request #4 from PaperMtn/dev
Browse files Browse the repository at this point in the history
Enhanced filtering of input list removing AD computer accounts
  • Loading branch information
PaperMtn authored Mar 22, 2020
2 parents 2ee438c + 45d52b0 commit 2ad84b0
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,14 +5,16 @@

A multiprocessing approach to auditing Active Directory passwords using Python.

## About
## About Lil Pwny

A Python application to perform an offline audit of NTLM hashes of users' passwords, recovered from Active Directory, against known compromised passwords from Have I Been Pwned. The usernames of any accounts matching HIBP will be returned in a .txt file
Lil Pwny is a Python application to perform an offline audit of NTLM hashes of users' passwords, recovered from Active Directory, against known compromised passwords from Have I Been Pwned. The usernames of any accounts matching HIBP will be returned in a .txt file

There are also additional features:
- Ability to provide a list of your own passwords to check AD users against. This allows you to check user passwords against passwords relevant to your organisation that you suspect people might be using. These are NTLM hashed, and AD hashes are then compared with this as well as the HIBP hashes.
- Return a list of accounts using the same passwords. Useful for finding users using the same password for their administrative and standard accounts.

More information about Lil Pwny can be found [on my blog](https://papermtn.co.uk/)

## Recommendations
This application was developed to ideally run on high resource infrastructure to make the most of Python multiprocessing. It will run on desktop level hardware, but the more cores you use, the faster the audit will run.

Expand Down

0 comments on commit 2ad84b0

Please sign in to comment.