Monday, August 10, 2009

Psnuffle password sniffer for metasploit

I submitted a new version of the psnuffle credential sniffer addon to the metasploit team. Until HDM has reviewed it and merged it into the svn i uploaded a tgz to remote-exploit.org's code section http://www.remote-exploit.org/codes/psnuffle/psnuffle_rexploit_org_09082009.tar.gz Please note that it will be removed when its officially available within the metasploit svn. Checkout the demo video http://vimeo.com/6013518 if you like to see it in action. Currently i included pop3, imap, ftp and a HTTP Get sniffer module. Modules are very simple to code, so i expect new ones every few days.


Psnuffle credentials sniffing module demo from Max Moser on Vimeo.

With psnuffle metasploit got a credential sniffer in place. Its easy to use and extens. Writing a new module just takes some minutes.



3 Comments:

Blogger Chris said...

I tried this out and I get entries in db_hosts and db_services (pop3) but nothing in db_notes. Why is this?

11:45 PM  
Blogger Simon said...

This comment has been removed by the author.

2:28 PM  
Blogger Dozie Dozzyjean said...

Can Psnuffle credentials sniffing do remotely credentials sniffing on a network?

Please send me ur answer to doziedozzyjean < at > gmail com

2:49 PM  

Post a Comment

Subscribe to Post Comments [Atom]

<< Home