Credentials Report

The Credentials Report compiles the credential data, such as plaintext passwords, NTLM hashes, non-replayable hashes, and SSH keys, from a project and presents it in a single unified view. The Credentials Report is useful if you want to take a snapshot of the credential data in a project a particular moment in time and export the data in a tangible output, such as a PDF file.

To help you navigate through the data to find key information, the report is organized into the following sections:

  • Cover Page
  • Project Summary
  • Credentials Summary
  • Credentials Details
  • Login Details
  • Host Details
  • Module Details
  • Appendix

Credential Summary

The Credentials Summary uses pie charts to visualize key findings according to the following categories:

  • Private Types - The relative distribution of private types for all credentials in the project.
  • Credential Origins - The relative distribution of credential origins for all credentials in the project.
  • Top Hosts by Logins - The relative distribution of logins across all hosts in the project.
  • Top Shared Credentials by Related Hosts - The relative distribution of credential pairs that are most commonly shared between hosts.
  • Logins by OS - The relative distribution of logins across different operating systems.
  • Logins by Service - The relative distribution of logins by service name.

Credential Details

The Credential Details presents the granular details of each credential that is stored in the project. Each credential will be grouped by its type: plaintext password, NTLM hash, non-replayable hash, or SSH key.

Each credential will have the following information:

  • The public value
  • The private value
  • The realm type
  • The realm value
  • The origin
  • The count of related hosts
  • The count of related services

Login Details

The Login Details shows all validated logins that are related to the selected hosts, or validated logins that are related to all hosts in the workspace, if none are specified.Each login will have the following information:

  • The service name
  • The host name
  • The login creation date
  • The access level
  • The public data
  • The private data

Host Details

The Host Details lists the hosts in the project that have at least one credential or login. Each host will have the following information:

  • The host name
  • The IP address
  • The date the host was added
  • The count of logins for the host
  • The number of credentials related to the host there were obtained from a login, service authentication, or looting a session

Module Details

The Module Details lists the modules that were used to obtain credentials. This section is divided into two parts: Service Origins and Session Origins.

Service Origins

The Services Origins section lists the modules that were used to authenticate to services to obtain credentials. These credentials are typically obtained by Bruteforce Guess, Credential Reuse, or Get Session.

Each module will have the following information:

  • The module name
  • The service name
  • The number of logins related to the credential that was added by the module
  • The date and time that the credential was added to the project. A credential is added when service authentication is successful.

Session Origins

The Session Origins section lists the modules that were used to obtain a session and then used to loot credentials from the compromised host.

Each module will have the following information:

  • The module name
  • The date and time the session was opened
  • The number of credentials obtained with the module
  • The number of logins that are related to the credentials that were gathered by the module

Appendix

The Appendix provides additional details about the Credentials Report, such as the options that were used to generate the report and the glossary of key terms.

Credentials Report Options

Settings

Options

Output formats

PDF, HTML, WORD, RTF

Report options

Mask discovered credentials - Masks all credentials, including plain text passwords, hashes, and SSH keys, from the report. It replaces the private value with *MASKED*.

Include charts and graphs - Includes visual aids, such as pie graphs, to accompany statistical findings in the report.

Report sections

Cover Page

Project Summary

Credentials Summary

Credentials Details

Plaintext Passwords

NTLM Hashes

Non-replayable Hashes

SSH Keys

Login Details

Host Details

Module Details

Service Origins

Session Origins

Appendix: Glossary

Appendix: Report Options